CN109729522A - Eat dishes without rice or wine encryption method and device under fail soft mode - Google Patents

Eat dishes without rice or wine encryption method and device under fail soft mode Download PDF

Info

Publication number
CN109729522A
CN109729522A CN201711027250.4A CN201711027250A CN109729522A CN 109729522 A CN109729522 A CN 109729522A CN 201711027250 A CN201711027250 A CN 201711027250A CN 109729522 A CN109729522 A CN 109729522A
Authority
CN
China
Prior art keywords
key
group
point
encryption
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711027250.4A
Other languages
Chinese (zh)
Inventor
李晓华
曾朝晖
郄卫军
赵顾良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Potevio Information Technology Co Ltd
Putian Information Technology Co Ltd
Original Assignee
Putian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Putian Information Technology Co Ltd filed Critical Putian Information Technology Co Ltd
Priority to CN201711027250.4A priority Critical patent/CN109729522A/en
Publication of CN109729522A publication Critical patent/CN109729522A/en
Pending legal-status Critical Current

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides eat dishes without rice or wine encryption method and the devices under a kind of fail soft mode, in this method, the privately owned mark that base station can be reported according to UE determines point-to-point root key, terminal and base station can carry out cipher key derivative according to root key, after activating point-to-point safety, the affiliated group information carried in the cluster registration request sent by terminal, for affiliated group of generation group root key, and then terminal and base station carry out cipher key derivative according to group root key respectively, and carry out encryption and decryption using key in point-to-point and point-to-multipoint signaling and data transmission procedure.And then point-to-point, point-to-multipoint cipher key derivative and distribution mechanisms are also able to carry out under fail soft mode, guarantee point-to-point in such a mode, point-to-multipoint signaling and data transmission security.And it is smaller to the security mechanism change under existing normal mode of operation, so that method provided in an embodiment of the present invention is simply easily realized, will not make a big impact to the configuration of existing net.

Description

Eat dishes without rice or wine encryption method and device under fail soft mode
Technical field
The present embodiments relate to fields of communication technology, and in particular to the encryption method of eating dishes without rice or wine under a kind of fail soft mode And device.
Background technique
Private network group system is in order to meet the exploitation of industry user's command scheduling demand, towards the dedicated of specific industry application Wireless communication system, the requirement for reliability and survivability are very high.It is led when because of natural calamity, the anomalous events such as careless of constructing It causes when the communication disruption between base station and core net or when core network system breaks down, base station should be able to be covered for the base station User within the scope of lid maintains the communication service of acceptable service quality, and it is basic with clusters such as broadcast & call to support that individual calling, group are exhaled Business, i.e. offer fail soft function, also referred to as single station operation.After communication link restores, base station is switched to normal work shape State, again under core net control.
It is currently based on broadband cluster communication (B-TrunC) system of LTE technology, when the link state of base station and core-network side From when normally switching to abnormal, system switchs to fail soft mode by normal cluster operating mode therewith.Remove all industry in base station Business notifies terminal to enter fail soft mode by system message, and terminal terminates ongoing business, initiates special registration Process, which executes to adhere to, simultaneously registers base station process, hereafter can initiate individual calling in this base station range, the industry such as group is exhaled, broadcast & call Business.
On the other hand, private network system is high to the safety of network and information transmission and confidentiality requirement, in order to ensure sky The safety of port communications, group system should provide encryption function of eating dishes without rice or wine, it is ensured that the wireless link security between eNodeB and terminal.Mesh The safety that preceding LTE technology can support user identity safety and point-to-point data to transmit, but can't support point-to-multipoint The safety of data transmission.B-TrunC system provides on the basis of succession LTE existing point-to-point safety also directed to private network demand The point-to-multipoint security function of enhancing, encryption and complete guarantor including downlink point-to-multipoint group NAS signaling and group RRC signaling, with And the customer side encryption function of downlink point-to-multipoint.
However, during realizing innovation and creation, inventors have found that being only provided under normal mode in the prior art Point-to-point and point-to-multipoint signaling and data safety, and under fail soft mode, in the communication between base station and core net Disconnected, base station and UE terminate ongoing business and delete context, lack at this time point-to-point and point multipoint message traffic Cipher key derivative and distribution mechanisms can not provide NAS layers and AS layers point-to-point and point-to-multipoint security function.
Summary of the invention
The embodiment of the present invention provides a kind of eat dishes without rice or wine encryption method and device under fail soft mode.
In a first aspect, the embodiment of the present invention provides the encryption method of eating dishes without rice or wine under a kind of fail soft mode, comprising:
Terminal is attached in base station process, the privately owned mark of carried terminal equipment in attach request, terminal and base station point Point-to-point root key K ' is not generated according to the privately owned markASME
According to the root key K 'ASME, terminal and base station generate the encryption key K ' of Non-Access Stratum NAS signaling respectivelyNASenc With tegrity protection key K 'NASint, activation NAS safety;Also according to the root key K 'ASMEGenerate base station key K 'eNB, and root The encryption key K ' of access layer RRC signaling is generated according to the base station keyRRCencWith tegrity protection key K 'RRCint, Yi Jiyong Family face encryption key K 'UPenc, activate safety of eating dishes without rice or wine;
Terminal is completed after being attached to base station, Xiang Jizhan signalling of bouquet registration request, is carried eventually in the cluster registration request Group information belonging to holding, base station determines corresponding group of root key GK ' according to the affiliated group informationASME, return in the registration response Affiliated group and organize root key corresponding lists, terminal and base station are according to described group of root key GK 'ASMEGeneration group NAS signaling adds Key GK 'NASencWith tegrity protection key GK 'NASint
It is exhaled in Establishing process in group, terminal is respectively according to a group root key GK ' in base station and groupASMEGeneration group base station key GK′eNB, further according to a group base station key GK 'eNBGenerate the encryption key GK ' of downlink point-to-multipoint group RRC signalingRRCencAnd integrality Protect key GK 'RRCint, and group customer side encryption key GK 'Upenc
Second aspect, the embodiment of the present invention provide the encryption device of eating dishes without rice or wine under a kind of fail soft mode, are applied to base station Side, comprising:
First point-to-point Key generating unit, for after receiving the attach request that terminal device reports, according to described The privately owned mark of the terminal device carried in attach request determines and generates point-to-point root key K 'ASME;According to the root key K’ASME, generate the encryption key K ' of point-to-point NAS layers of signalingNASencWith tegrity protection key K 'NASint;On establishing terminal Base station key K ' is also generated when hereaftereNB, the encryption key of point-to-point AS layers of RRC signaling is generated according to the base station key K ' eNB K’RRCencWith tegrity protection key K 'RRCintAnd customer side encryption key K 'UPenc
First point-to-point encryption/decryption element uses adding for NAS layer signaling in individual calling and group call uplink Establishing process Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC The encryption key K ' of signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point-to-point number are carried out to RRC signaling According in transmission process use customer side encryption key K 'UPencEncryption and decryption is carried out to user face data;
First point-to-multipoint Key generating unit, for after receiving the cluster registration request that terminal device reports, root According to the affiliated group information of terminal carried in the cluster registration request, point-to-multipoint group root key GK ' is determinedASME;According to described Group root key GK 'ASME, generate the encryption key GK ' of NAS layers of signaling of point-to-multipoint groupNASencAnd tegrity protection key GK’NASint, the also generation group base station key GK ' when establishing group and exhaling contexteNB, according to described group of base station key GK 'eNBGenerate point To the encryption key GK ' of AS layers of RRC signaling of multiple spot groupRRCencWith tegrity protection key GK 'RRCintAnd downlink group user face Encryption key GK 'UPenc
Point-to-multipoint encryption unit during exhaling downlink data and signalling for group, uses downlink group NAS signaling Encryption key GK 'NASencWith tegrity protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group NAS signaling, used The encryption key GK ' of AS layers of RRC signaling of groupRRCencWith tegrity protection key GK 'RRCintTo group RRC signaling carry out encryption and it is complete It protects, uses a group customer side encryption key GK 'UPencDownlink user face data is exhaled to encrypt group.
The third aspect, the embodiment of the present invention provide the encryption device of eating dishes without rice or wine under a kind of fail soft mode, are applied to terminal Side, comprising:
Second point-to-point Key generating unit is used for when determination enters fail soft mode, according to the privately owned mark of terminal Know to calculate and generates point-to-point root key K 'ASME;According to the root key K 'ASME, generate the encryption key of point-to-point NAS layers of signaling K’NASencWith tegrity protection key K 'NASint, also according to the root key K 'ASMEGenerate base station key K 'eNB, according to the base Stand key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCencWith tegrity protection key K 'RRCint, Yi Jiyong Family face encryption key K 'UPenc
Second point-to-point encryption/decryption element uses adding for NAS layer signaling in individual calling and group call uplink Establishing process Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC The encryption key K ' of signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point-to-point number are carried out to RRC signaling According in transmission process use customer side encryption key K 'UPencEncryption and decryption is carried out to user face data;
Second point-to-multipoint Key generating unit, for after receiving the cluster registration response that base station equipment issues, root According to affiliated group of the terminal carried in cluster registration response and the corresponding lists for organizing root key, the affiliated point-to-multipoint organized is obtained Group root key GK 'ASME;According to described group of root key GK 'ASME, generate the encryption key GK ' of point-to-multipoint group NAS signalingNASencWith Tegrity protection key GK 'NASint, the also generation group base station key GK ' when group is exhaled and establishedeNB, according to described group of base station key GK’eNBGenerate the encryption key GK ' of AS layers of RRC signaling of point-to-multipoint groupRRCencWith tegrity protection key GK 'RRCint, and under Row group customer side encryption key GK 'UPenc
Point-to-multipoint decryption unit during exhaling downlink data and signalling for group, uses downlink group NAS signaling Encryption key GK 'NASencWith tegrity protection key GK 'NASintPoint-to-multipoint group NAS signaling is decrypted and complete guarantor, use The encryption key GK ' of AS layers of RRC signaling of groupRRCencWith tegrity protection key GK 'RRCintTo a group RRC signaling be decrypted with it is complete It protects, uses a group customer side encryption key GK 'UPencDownlink user face data is exhaled to be decrypted group.
In method provided in an embodiment of the present invention, attachment that base station equipment (eNB) can be reported according to terminal device (UE) Privately owned mark in request determines point-to-point root key, and then terminal and base station can generate NAS layers of signaling according to root key Encryption and complete secrecy key, the encryption of AS layers of RRC signaling and complete secrecy key and customer side encryption key, and it is point-to-point activating After safety, the affiliated group information carried in the cluster registration request by terminal transmission determines group root key for affiliated group and leads to Know terminal, and then terminal and base station are exhaled in group and built respectively according to group encryption of NAS layers of signaling of root key generation group and a complete secrecy key Base station and terminal is according to a group root key generation group base station key in organizing immediately, and then according to a group AS layers of RRC of base station key generation group The encryption of signaling and complete secrecy key and group exhale downlink user face encryption key.To point-to-point signaling and data transmission (such as: Individual calling and group call uplink) during, utilize the encryption of NAS layers of signaling and complete secrecy key, the encryption and complete secrecy of AS layers of RRC signaling Key and customer side encryption key pair NAS signaling, RRC signaling and user face data carry out having encrypted guarantor's processing;Point-to-points During point signaling and data transmission (such as: group exhales downlink), using the encryption of group NAS layer signaling and complete secrecy key, AS layers of RRC are organized The encryption of signaling and complete secrecy key and group customer side encryption key pair group NAS signaling, group RRC signaling and group exhale downlink user Face data carries out having encrypted guarantor's processing.It is corresponding point-to-point, point-to-multipoint to be also able to carry out under fail soft mode Cipher key derivative and distribution mechanisms guarantee that point-to-point in such a mode, point-to-multipoint NAS layers and AS layers of signaling and data pass Defeated safety.And it is smaller to the security mechanism change under existing normal mode of operation, so that method provided in an embodiment of the present invention It is simple easily to realize, it will not make a big impact to the configuration of existing net.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is the layered structure schematic diagram of the point-to-point key of LTE in the prior art;
Fig. 2 is that cluster point-to-multipoint key is divided into schematic diagram in the prior art;
Fig. 3 is the encryption method flow chart of eating dishes without rice or wine under a kind of fail soft mode provided in an embodiment of the present invention;
Fig. 4 is the generating process schematic diagram of point-to-point key under fail soft mode provided in an embodiment of the present invention;
Fig. 5 is the generating process schematic diagram of point-to-multipoint key under fail soft mode provided in an embodiment of the present invention;
Fig. 6 be under fail soft mode provided in an embodiment of the present invention endpoint to register to base flow figure;
Fig. 7 is that fail soft mode the following group provided in an embodiment of the present invention exhales encryption flow figure of eating dishes without rice or wine;
Fig. 8 is the encryption device structural schematic diagram of eating dishes without rice or wine under a kind of fail soft mode provided in an embodiment of the present invention;
Fig. 9 is that the encryption device example structure of eating dishes without rice or wine under another fail soft mode provided in an embodiment of the present invention is shown It is intended to.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Encryption method of eating dishes without rice or wine provided by the invention under fail soft mode for ease of understanding, it is illustratively existing first Point-to-point and point-to-multipoint ciphering process of eating dishes without rice or wine in the normal mode in technology.
The layered structure of the point-to-point key of LTE is as shown in Figure 1, wherein K is permanent key, while being stored in terminal In usim card and network side authentication center AuC;CK and IK is during executing AKA certification, while in AuC and usim card The key pair of upper generation, and for calculating KASME;KASMEAn intermediate key, be UE and HSS during AKA according to CK and What IK was generated, for deriving subsequent key;Terminal and MME are according to KASMEAnd algorithm mark generates add for NAS signaling respectively Close key KNASenc, for the key K of NAS integrity protectionNASint;KeNBAn intermediate key, be UE and MME according to KASMEEach self-generating, MME is RRC signaling for eNodeB by S1 interfac message notification eNodeB when establishing UE context Key is generated with user face data;Terminal and eNB are according to KeNBGenerate the key for being used for customer side encryption respectively with algorithm mark KUPenc, for the key K of RRC integrity protectionRRCint, for RRC encryption key KRRCenc
The layered structure of point-to-multipoint collection group cipher is as shown in Figure 2, wherein GK organizes root key by realizing inside eHSS GKASMEIt is generated by core net, and passes through UE in the point-to-point group information updating process group of notifications of NAS interface;UE and core net root According to GKASMEAnd algorithm mark generates the key GK for group NAS signaling encryption respectivelyNASenc, for group a NAS signaling integrality The key GK of protectionNASint;When group is exhaled, core net generates a random number, and uses random number, GKASMEIt is calculated with a group mark Base station root key GKeNB, exhale context to establish request for GK by groupeNBAssociated base stations are notified with random number, and base station is according to GKeNB Generate the customer side encryption key GK for being used for point-to-multipoint safety respectively with algorithm markUPenc, RRC tegrity protection key GKRRCint, RRC encryption key GKRRCenc;Random number and access layer security algorithm are being eated dishes without rice or wine to broadcast in base station, UE receive after using and The identical cipher key derivative process of network side generates GKeNB、GKUPenc、GKRRCint、GKRRCenc
Based on this, in a first aspect, the embodiment of the invention provides the encryption methods of eating dishes without rice or wine under a kind of fail soft mode, such as Shown in Fig. 3, comprising:
S101, terminal are attached in base station process, the privately owned mark of carried terminal equipment, terminal and base in attach request It stands and point-to-point root key K ' is generated according to the privately owned mark respectivelyASME
S102, according to the root key K 'ASME, terminal and base station generate the encryption key of Non-Access Stratum NAS signaling respectively K’NASencWith tegrity protection key K 'NASint, activation NAS safety;Also according to the root key K 'ASMEGenerate base station key K’ENB,And the encryption key K ' of access layer RRC signaling is generated according to the base station keyRRCencAnd tegrity protection key K’RRCintAnd customer side encryption key K 'UPenc, activate safety of eating dishes without rice or wine;
S103, terminal are completed after being attached to base station, Xiang Jizhan signalling of bouquet registration request, are taken in the cluster registration request The affiliated group information of tape terminal, base station determine corresponding group of root key GK ' according to the affiliated group informationASME, in the registration response Group belonging to returning and the corresponding lists for organizing root key, terminal and base station are according to described group of root key GK 'ASMEGeneration group NAS signaling Encryption key GK 'NASencWith tegrity protection key GK 'NASint
S104, it is exhaled in Establishing process in group, terminal is respectively according to a group root key GK ' in base station and groupASMEGeneration group base station Key GK 'eNB, further according to a group base station key GK 'eNBGenerate the encryption key GK ' of downlink point-to-multipoint group RRC signalingRRCencWith it is complete Whole property protects key GK 'RRCint, and group customer side encryption key GK 'Upenc
In method provided in an embodiment of the present invention, attachment that base station equipment (eNB) can be reported according to terminal device (UE) Privately owned mark in request determines point-to-point root key, and then terminal and base station can generate NAS layers of signaling according to root key Encryption and complete secrecy key, the encryption of AS layers of RRC signaling and complete secrecy key and customer side encryption key, and it is point-to-point activating After safety, the affiliated group information carried in the cluster registration request by terminal transmission for affiliated group of generation group root key and is led to Know terminal, and then terminal and base station are exhaled in group and built respectively according to group encryption of NAS layers of signaling of root key generation group and a complete secrecy key Immediately according to a group root key generation group base station key, and then according to group encryption of AS layers of RRC signaling of base station key generation group and complete Secrecy key and downlink user face encryption key.To transmit (such as: individual calling and group call uplink) mistake in point-to-point signaling and data Cheng Zhong utilizes the encryption of NAS layers of signaling and complete secrecy key, the encryption of AS layers of RRC signaling and complete secrecy key and customer side encryption Key pair NAS signaling, RRC signaling and user face data carry out having encrypted guarantor's processing;It is transmitted in point-to-multipoint signaling and data During (such as: group exhales downlink), the encryption of group NAS layers of signaling and complete secrecy key, the encryption of AS layers of RRC signaling of group and complete guarantor are utilized Key and customer side encryption key pair group NAS signaling, group RRC signaling and group exhale downlink user face data to carry out having encrypted guarantor Processing.To also be able to carry out corresponding point-to-point, point-to-multipoint cipher key derivative and distribution mechanisms under fail soft mode, Guarantee point-to-point in such a mode, point-to-multipoint NAS layers and AS layers of signaling and data transmission security.And to it is existing just Security mechanism change under normal operating mode is smaller, so that method provided in an embodiment of the present invention is simply easily realized, it will not be to existing The configuration of net makes a big impact.
Wherein, UE is executed in the case where entering fail soft mode and special is attached to base flow in a practical situation.Specifically For, when the communication terminal between core net or core net break down at this time for base station judgement, it is weak which enters failure Change mode informs that the UE in its coverage area currently comes into fail soft mode (SIBTrunk by broadcast system message In CellFailureInd cell value be True), UE receive fail soft instruction after can terminate carrying out at once Business and delete context, backward base station initiate adhere to again, IMSI information is carried in attach request.Due to above-mentioned UE Process into fail soft mode is the prior art, no longer does excessive explanation herein.
In addition, in a practical situation, privately owned mark here can be IMSI code (the international mobile subscriber identification of terminal Code, International Mobile Subscriber Identification Number), it is also possible to certainly as other Privately owned mark, the present invention is not especially limit this.
Wherein, in the specific implementation, in order to guarantee to realize the close purpose of a words one (namely every time group exhale it is right Answer a set of key), base station generates a random number and carried in each group-calling process is handed down to group in clustering paging message Interior member, the random number and group root key GK 'ASME, group mark participation group base station key GK ' togethereNBDerivative, to provide One words one are close, further enhance the safety of point-to-multipoint transmission.
In addition, in the specific implementation, in order to avoid repeating to carry out affiliated group of UE the generation of group root key, the present invention is implemented In the step S103 of example, base station determines corresponding group of root key GK ' according to the affiliated group informationASMEThe step of can specifically wrap It includes:
S1031, according to affiliated group information, however, it is determined that generated the group root key GK organized belonging to the terminal device ’ASME, then by generated group of root key GK 'ASMEAs affiliated group of group root key;
S1032, if it is determined that the group root key GK ' organized belonging to not generatingASME, then calculated according to affiliated group information and generate institute The group root key GK ' of category groupASME
That is, when the UE of first of group registration reports cluster registration request, i.e. generation group root key GK’ASME, in organizing when other UE registration, if base station judges the group generation group root key GK 'ASME, it then be used directly The group root key of generation.
It should be noted that the point-to-point root key K ' in above method embodimentASMEAnd point-to-multipoint group root key GK’ASMEOnly under fail soft mode effectively, when base station determines and reverts to normal mode, root key K 'ASMEAnd group root Key GK 'ASMEFail.Base station also can inform the UE in its coverage area at this time by the group system message of broadcast at this time Into normal mode.For the side UE, after receiving this system message, root key K 'ASMEAnd group root key GK’ASMEAlso it fails at once.
The method of the embodiment of the present invention for ease of understanding below carries out specifically entire cipher key derivative and distribution mechanisms It is bright.
The main thought of the embodiment of the present invention are as follows: terminal is adhering to again into fail soft mode and is being registered to base station In the process, root key K ' is calculated according to the IMSI of UE using IMSI, terminal and base station in Attach Request messageASME, according to K’ASMEIt carries out cipher key derivative and activates security process;Terminal reports affiliated Groups List in cluster registration message, and base station is to report Group determine group a root key GK 'ASME, group number is returned in cluster registration reply message and organizes the corresponding relationship of root key.Terminal With base station according to K 'ASME、GK’ASMEThe key for point-to-point and point-to-multipoint NAS signaling encryption and complete guarantor, point pair are generated respectively According to K ' when point data is transmittedASMEDerivative K 'eNBGenerate key and the user for the encryption of point-to-point RRC signaling and complete guarantor The encryption key in face.When group is exhaled, random number is generated by base station and is eating dishes without rice or wine to broadcast, terminal and base station are according to GK 'ASME, random number, Group mark generates GK 'eNB, and then according to GK 'eNBGenerate GK 'UPenc、GK’RRCint、GK’RRCencIt is realized as under normal mode One words one are close.
Concrete implementation mode is as follows:
(1) the point-to-point generating process with point-to-multipoint key of fail soft mode
The generating process of point-to-point service key is as shown in Figure 4: K 'ASMEIt is calculated and is generated by the IMSI of terminal, terminal is attached To reporting IMSI, K ' during base stationASMEOnly during fail soft effectively.Hereafter, eNB and UE uses this K 'ASMESpread out Bear a series of key (including NAS layers and AS layers) of remaining point-to-point service, the K ' that core net generates under normal modeASME、 K’eNBIt is now generated by eNB, cipher key derivative process is consistent under normal mode.
The generating process of point multipoint message traffic key is as shown in figure 5, the affiliated Groups List that eNB is reported according to UE, generates this The group root key GK ' organized a bitASMEAnd UE is notified in a manner of point-to-point, hereafter, eNB and UE use GK 'ASMEDerive remaining point pair The key (including NAS layers and AS layers) of multiple spot group business.
(2) terminal adheres to and is registered to base flow under fail soft mode
Referring to Fig. 6, under fail soft mode, after UE is attached to base station, cluster registration process is initiated, procedure declaration is as follows:
Step 1~4:UE initiates RRC connection establishment process;
Step 5:UE sends RRCConnectionSetupComplete message to eNB, carries NAS message Attach Request requests to adhere to using IMSI;
Step 6:eNodeB is that UE establishes initial context, and wherein safe context includes point-to-point root key K 'ASME、 The encryption key K ' of NAS signalingNASencWith complete secrecy key K 'NASintAnd intermediate key K 'eNB.Wherein, point-to-point root key K’ASMEThe IMSI of using terminal, which is calculated, to be generated;
Step 7: activation NAS safety, hereafter all NAS messages are kept safe;
Step 8~9: base station sends UECapabilityEnquiry message and reports wireless capability message to UE, UE;
Step 10~11:eNB executes Safe Mode Operation of eating dishes without rice or wine, the corresponding security mechanism eated dishes without rice or wine of activation;
Step 12:eNB is that UE establishes default bearer, and is sent out by RRC Connection Reconfigration to UE Send NAS message Attach Accept;
Step 13:UE sends RRC Connection Reconfigration Complete message to eNodeB;
Step 14:UE sends NAS message Attach Complete to eNB by UL Information Transfor;
Step 15:UE sends NAS message Trunking Register to eNB by UL Information Transfor Request carries out cluster registration, carry in message registration type, UE number, the clustering capability of UE, UE cluster safety ability, The information such as group belonging to the code/decode format of support, UE;
If eated dishes without rice or wine in order to avoid the exposure of group number information, subsequent clustered paging replaces group number using group mark (GID) (GDN), then group number GDN and group mark GID corresponding lists are carried.
Step 16:eNB generates the group root key GK ' of these groups according to the affiliated Groups List that UE is reportedASME, sent to UE The registration of NAS cluster receives Trunking Register Accept, removes in message and carries existing period registration time length, network collection Outside group energy power, the GID and group root key GK ' that are organized belonging to also carrying UEASMECorresponding lists information;
UE and eNB can be according to GID and GK 'ASMECorresponding lists generate the encryption key GK ' of the group NAS signaling of each groupNASenc With tegrity protection key GK 'NASint.When the eNB for needing to illustrate generates the group root key of certain group, registered at the group first Give the correct time on UE generation, organize in other UE registration when eNB use the group root key generated.
Point-to-point root key K 'ASMEWith a group root key GK 'ASMEOnly under fail soft mode effectively.
(3) encryption flow of eating dishes without rice or wine that fail soft mode the following group is exhaled
Fig. 7 shows fail soft mode the following group and exhales encryption flow of eating dishes without rice or wine.What fail soft mode the following group was exhaled eats dishes without rice or wine to encrypt Process description is as follows:
Step 1~5: the IDLE UE that initiation group is exhaled executes RRC connection building process.UE is in connection setup complete message NAS message TRUNKING SERVICE REQUEST is carried, wherein message container carries call request CALL REQUEST (message Middle carrying type of call, call property, called number, media information etc.), a cluster multi call business is established to apply, such as Fruit eat dishes without rice or wine clustered paging using group mark a GID, then called number for call service group, institute GID;
Step 6~7:eNB executes Safe Mode Operation of eating dishes without rice or wine, the security mechanism of AS layers of activation;
Step 8:eNB is reconfigured by RRC, restores the empty port load-supporting of UE, meanwhile, it carries dedicated bearer and establishes request, for hair It plays person and establishes right of speech carrying;
To base station, UE is direct transferred by uplink and sends ACTIVATE step 9~10:UE feedback rrc layer configuration result DEDICATED EPS BEARER CONTEXT ACCEPT message, the result that NAS layers of dedicated bearer of feedback is established;
Step 11: base station generates the random number of this calling, according to random number, GID and group root key GK 'ASMEGeneration group Base station key GK 'eNB, further according to GK 'eNBGenerate the encryption key GK ' of point-to-multipoint group RRC signalingRRCencWith complete secrecy key GK’RRCintAnd customer side encryption key GK 'UPenc
Step 12a~13a: base station signalling of bouquet pages TrunkingPaging message, carries GID, call priority, G- RNTI, and AS layers of security information, including random number and security algorithm are carried, base station transmission group on TCCH channel exhales configuration GroupCallConfig provides the access layer configuration parameter of group TTCH, wherein also including NAS message Group Call Setup Indication (carries call identification, type of call, medium type, type of service, call property, media parameter Deng).After listening user to receive 12a, 13a message in group, the reception of group service can be carried out;
After UE receives clustering paging message, random number and AS layers of security algorithm are obtained, execute key identical with base station side Derivatization process.
Step 12b~13b: base station notifies promoter by Call Accept, and respective resources are ready for finishing, Ke Yijin Row uplink carries call identification, type of call, call property, call priority, right of speech information, media information in message Base station notified by Call Complete Deng, UE, CALL ACCEPT is received by UE;
Step 14: base station is by Floor Inform process, the right of speech state that user notifies group current into group.
It is exhaled in Establishing process at above-mentioned group, Group Call Setup Indication, Floor Inform etc. organize NAS Signaling uses encryption key GK 'NASencCarry out encryption and tegrity protection key GK 'NASintGuarantor is carried out; GroupCallconfig, DLTrunkingInformationTransfer etc. organize RRC signaling and use encryption key GK 'RRCencInto Row encryption and tegrity protection key GK 'RRCintGuarantor is carried out, group exhales downlink data to use GK 'UPencIt is encrypted;Call The point-to-point NAS signaling such as Accept, Call Complete uses encryption key K 'NASencCarry out encryption and tegrity protection key K’NASintGuarantor is carried out, the point-to-point RRC signaling such as DLInformationTransfer, ULInformationTransfer uses Encryption key K 'RRCencCarry out encryption and tegrity protection key K 'RRCintGuarantor is carried out, group call uplink data use K 'UPencInto Row encryption.
It periodically updates or it should be noted that normal mode the following group root key will do it when group membership changes It updates, if group root key more kainogenesis, during group is exhaled, network will issue new and old two sets of keys, this calling uses old close Key enables new key after end of calling, the AS layer security information that clustering paging message of eating dishes without rice or wine issues, in addition to random number and safety are calculated Outside method, also carrying key version number, terminal use that corresponding set key of key version number.Do not consider then under fail soft mode The update of group root key, also there is no need to key version numbers.
(4) under fail soft mode individual calling encryption flow of eating dishes without rice or wine
The encryption flow of eating dishes without rice or wine of individual calling is consistent with the individual calling process under existing fail soft under fail soft mode.It is attached in UE During registration, UE and base station generate root key K ' all in accordance with the IMSI of UEASME, the encryption of NAS layers of signaling is close Key K 'NASencWith tegrity protection key K 'NASintIf UE is in connected state, also generation intermediate key K 'eNB, AS layers of RRC letter The encryption key K ' of orderRRCencWith complete secrecy key K 'RRCintAnd customer side encryption key K 'UPenc;If UE is in Idle state, Then it is subsequent establish UE context when generate K 'eNB、K’RRCenc、K’RRCint、K’UPenc
In individual calling Establishing process, if caller, it is called be in connected state, directly using respective between base station and calling and called UE NAS layer and AS layer key pair NAS signaling and RRC signaling carry out encryption and complete guarantor;If caller, it is called be in Idle state, Service request (SR) is restored after activating NAS safety and AS safety in RRC connection and S1 connection procedure, close using NAS layers and AS layers Key carries out encryption and complete guarantor to NAS signaling and RRC signaling, and user face data is encrypted using customer side encryption key.
Second aspect, the embodiment of the invention provides the encryption devices of eating dishes without rice or wine under a kind of fail soft mode, are applied to base In station equipment, as shown in Figure 8, comprising:
First point-to-point Key generating unit 201, for after receiving the attach request that terminal device reports, according to institute The privately owned mark of the terminal device carried in attach request is stated, determines and generates point-to-point root key K 'ASME;According to the root key K’ASME, generate the encryption key K ' of point-to-point NAS layers of signalingNASencWith tegrity protection key K 'NASint;On establishing terminal Base station key K ' is also generated when hereaftereNB, according to the base station key K 'eNBGenerate the encryption key of point-to-point AS layers of RRC signaling K’RRCencWith tegrity protection key K 'RRCintAnd customer side encryption key K 'UPenc
First point-to-point encryption/decryption element 202, for using NAS layers of signaling in individual calling and group call uplink Establishing process Encryption key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS The encryption key K ' of layer RRC signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point pair are carried out to RRC signaling Customer side encryption key K ' is used during point data transmissionUPencEncryption and decryption is carried out to user face data;
First point-to-multipoint Key generating unit 203, for after receiving the cluster registration request that terminal device reports, According to the affiliated group information of terminal carried in the cluster registration request, point-to-multipoint group root key GK ' is determinedASME;According to institute State a group root key GK 'ASME, generate the encryption key GK ' of NAS layers of signaling of point-to-multipoint groupNASencAnd tegrity protection key GK’NASint, the also generation group base station key GK ' when establishing group and exhaling contexteNB, according to described group of base station key GK 'eNBGenerate point To the encryption key GK ' of AS layers of RRC signaling of multiple spot groupRRCencWith tegrity protection key GK 'RRCintAnd downlink group user face Encryption key GK 'UPenc
Point-to-multipoint encryption unit 204 during exhaling downlink data and signalling for group, is believed using downlink group NAS The encryption key GK ' of orderNASencWith tegrity protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group NAS signaling, Use the encryption key GK ' of group AS layers of RRC signalingRRCencWith tegrity protection key GK 'RRCintA group RRC signaling is encrypted With complete guarantor, a group customer side encryption key GK ' is usedUPencDownlink user face data is exhaled to encrypt group.
The third aspect, the embodiment of the invention provides the encryption devices of eating dishes without rice or wine under a kind of fail soft mode, are applied to eventually In end equipment, as shown in Figure 9, comprising:
Second point-to-point Key generating unit 301 is used for when determination enters fail soft mode, according to the privately owned of terminal Mark, which calculates, generates point-to-point root key K 'ASME;According to the root key K 'ASME, the encryption for generating point-to-point NAS layers of signaling is close Key K 'NASencWith tegrity protection key K 'NASint, also according to the root key K 'ASMEGenerate base station key K 'eNB, according to described Base station key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCencWith tegrity protection key K 'RRCint, and Customer side encryption key K 'UPenc
Second point-to-point encryption/decryption element 302, for using NAS layers of signaling in individual calling and group call uplink Establishing process Encryption key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS The encryption key K ' of layer RRC signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point pair are carried out to RRC signaling Customer side encryption key K ' is used during point data transmissionUPencEncryption and decryption is carried out to user face data;
Second point-to-multipoint Key generating unit 303, for after receiving the cluster registration response that base station equipment issues, According to affiliated group of the terminal carried in cluster registration response and the corresponding lists for organizing root key, organized belonging to acquisition point-to-points Point group root key GK 'ASME;According to described group of root key GK 'ASME, generate the encryption key GK ' of point-to-multipoint group NAS signalingNASenc With tegrity protection key GK 'NASint, the also generation group base station key GK ' when group is exhaled and establishedeNB, according to described group of base station key GK’eNBGenerate the encryption key GK ' of AS layers of RRC signaling of point-to-multipoint groupRRCencWith tegrity protection key GK 'RRCint, and under Row group customer side encryption key GK 'UPenc
Point-to-multipoint decryption unit 304 during exhaling downlink data and signalling for group, is believed using downlink group NAS The encryption key GK ' of orderNASencWith tegrity protection key GK 'NASintTo point-to-multipoint group NAS signaling be decrypted with complete guarantor, Use the encryption key GK ' of group AS layers of RRC signalingRRCencWith tegrity protection key GK 'RRCintA group RRC signaling is decrypted With complete guarantor, a group customer side encryption key GK ' is usedUPencDownlink user face data is exhaled to be decrypted group.
Encryption device of eating dishes without rice or wine under the fail soft mode introduced by second aspect, the third aspect is that can execute sheet The device of encryption method of eating dishes without rice or wine under fail soft mode in inventive embodiments, so based on described in the embodiment of the present invention Fail soft mode under encryption of eating dishes without rice or wine method, those skilled in the art can understand the fail soft of the present embodiment The specific embodiment of encryption device of eating dishes without rice or wine under mode and its various change form, so herein for the fail soft mould How encryption device of eating dishes without rice or wine under formula realizes that the encryption method of eating dishes without rice or wine under the fail soft mode in the embodiment of the present invention is no longer detailed It is thin to introduce.As long as those skilled in the art implement the encryption method institute of eating dishes without rice or wine in the embodiment of the present invention under fail soft mode The device of use belongs to the range to be protected of the application.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments in this include institute in other embodiments Including certain features rather than other feature, but the combination of the feature of different embodiment means in the scope of the present invention Within and form different embodiments.For example, in the following claims, embodiment claimed it is any it One can in any combination mode come using.
Certain unit embodiments of the invention can be implemented in hardware, or to run on one or more processors Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice Microprocessor or digital signal processor (DSP) realize gateway according to an embodiment of the present invention, proxy server, in system Some or all components some or all functions.The present invention is also implemented as executing side as described herein Some or all device or device programs (for example, computer program and computer program product) of method.It is such It realizes that program of the invention can store on a computer-readable medium, or can have the shape of one or more signal Formula.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any other shape Formula provides.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.

Claims (7)

1. the encryption method of eating dishes without rice or wine under a kind of fail soft mode characterized by comprising
Terminal is attached in base station process, the privately owned mark of carried terminal equipment in attach request, and root is distinguished in terminal and base station Point-to-point root key K ' is generated according to the privately owned markASME
According to the root key K 'ASME, terminal and base station generate the encryption key K ' of Non-Access Stratum NAS signaling respectivelyNASencWith it is complete Whole property protects key K 'NASint, activation NAS safety;Also according to the root key K 'ASMEGenerate base station key K 'eNB, and according to institute State the encryption key K ' that base station key generates access layer RRC signalingRRCencWith tegrity protection key K 'RRCintAnd user face Encryption key K 'UPenc, activate safety of eating dishes without rice or wine;
Terminal is completed after being attached to base station, Xiang Jizhan signalling of bouquet registration request, carried terminal institute in the cluster registration request Belong to group information, base station determines corresponding group of root key GK ' according to the affiliated group informationASME, in the registration response belonging to return Group and the corresponding lists for organizing root key, terminal and base station are according to described group of root key GK 'ASMEThe encryption of generation group NAS signaling is close Key GK 'NASencWith tegrity protection key GK 'NASint
It is exhaled in Establishing process in group, terminal is respectively according to a group root key GK ' in base station and groupASMEGeneration group base station key GK 'eNB, Further according to a group base station key GK 'eNBGenerate the encryption key GK ' of downlink point-to-multipoint group RRC signalingRRCencIt is close with integrity protection Key GK 'RRCint, and group customer side encryption key GK 'Upenc
2. the method according to claim 1, wherein the method also includes:
When determining that the terminal device initiation group is exhaled, base station also generates the random number that this group is exhaled, and the random number is taken Band is handed down to group member in clustering paging message;Group member and base station are according to the random number, described group of root key GK’ASMEAnd group mark, derivative group base station key GK 'eNB
During group exhales downlink data and signalling, base station uses the encryption key GK ' of NAS layers of signaling of groupNASencWith it is complete Property protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group of NAS signaling of downlink, use adding for group AS layer RRC signaling Key GK 'RRCencWith tegrity protection key GK 'RRCintEncryption and complete guarantor are carried out to point-to-multipoint group of RRC signaling of downlink, made With a group customer side encryption key GK 'UPencDownlink data is exhaled to encrypt group.
3. the method according to claim 1, wherein the base station determined according to the affiliated group information it is corresponding Group root key GK 'ASME, comprising:
According to affiliated group information, however, it is determined that generated the group root key GK ' organized belonging to the terminal deviceASME, then will generate Group root key GK 'ASMEAs affiliated group of group root key;
If it is determined that the group root key GK ' organized belonging to not generatingASME, then the group root organized belonging to generating is calculated according to affiliated group information Key GK 'ASME
4. the method according to claim 1, wherein the method also includes:
In individual calling and group call uplink Establishing process, terminal and base station use the encryption of the NAS layer signaling of the terminal close respectively Key K 'NASencWith tegrity protection key K 'NASintEncryption and complete guarantor are carried out to NAS signaling, the encryption using AS layers of RRC signaling is close Key K 'RRCencWith tegrity protection key K 'RRCintEncryption and complete guarantor are carried out to RRC signaling, use user face to add during individual calling Key K 'UPencUser face data is encrypted.
5. the method according to claim 1, wherein the point-to-point root key K 'ASMEIt is close with point-to-multipoint group root Key GK 'ASMEOnly during fail soft effectively.
6. the encryption device of eating dishes without rice or wine under a kind of fail soft mode is applied to base station equipment characterized by comprising
First point-to-point Key generating unit, for after receiving the attach request that terminal device reports, according to the attachment The privately owned mark of the terminal device carried in request determines and generates point-to-point root key K 'ASME;According to the root key K 'ASME, Generate the encryption key K ' of point-to-point NAS layers of signalingNASencWith tegrity protection key K 'NASint;When establishing terminal contexts Also generate base station key K 'eNB, according to the base station key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCenc With tegrity protection key K 'RRCintAnd customer side encryption key K 'UPenc
First point-to-point encryption/decryption element, in individual calling and group call uplink Establishing process, the encryption using NAS layers of signaling to be close Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC signaling Encryption key K 'RRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor are carried out to RRC signaling, Point-to-Point Data passes Customer side encryption key K ' is used during defeatedUPencEncryption and decryption is carried out to user face data;
First point-to-multipoint Key generating unit, for after receiving the cluster registration request that terminal device reports, according to institute The affiliated group information of the terminal carried in cluster registration request is stated, determines point-to-multipoint group root key GK 'ASME;According to described group of root Key GK 'ASME, generate the encryption key GK ' of NAS layers of signaling of point-to-multipoint groupNASencWith tegrity protection key GK 'NASint, Establish also generation group base station key GK ' when group exhales contexteNB, according to described group of base station key GK 'eNBGenerate point-to-multipoint group AS The encryption key GK ' of layer RRC signalingRRCencWith tegrity protection key GK 'RRCintAnd downlink group customer side encryption key GK’UPenc
Point-to-multipoint encryption unit during exhaling downlink data and signalling for group, uses the encryption of downlink group NAS signaling Key GK 'NASencWith tegrity protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group NAS signaling, use a group AS The encryption key GK ' of layer RRC signalingRRCencWith tegrity protection key GK 'RRCintEncryption and complete guarantor are carried out to group RRC signaling, made With a group customer side encryption key GK 'UPencDownlink user face data is exhaled to encrypt group.
7. the encryption device of eating dishes without rice or wine under a kind of fail soft mode is applied to terminal device characterized by comprising
Second point-to-point Key generating unit is used for when determination enters fail soft mode, according to the privately owned mark meter of terminal It calculates and generates point-to-point root key K 'ASME;According to the root key K 'ASME, generate the encryption key of point-to-point NAS layers of signaling K’NASencWith tegrity protection key K 'NASint, also according to the root key K 'ASMEGenerate base station key K 'eNB, according to the base Stand key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCencWith tegrity protection key K 'RRCint, Yi Jiyong Family face encryption key K 'UPenc
Second point-to-point encryption/decryption element, in individual calling and group call uplink Establishing process, the encryption using NAS layers of signaling to be close Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC signaling Encryption key K 'RRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor are carried out to RRC signaling, Point-to-Point Data passes Customer side encryption key K ' is used during defeatedUPencEncryption and decryption is carried out to user face data;
Second point-to-multipoint Key generating unit, for after receiving the cluster registration response that base station equipment issues, according to institute Affiliated group of the terminal carried in cluster registration response and the corresponding lists for organizing root key are stated, the affiliated point-to-multipoint group root organized is obtained Key GK 'ASME;According to described group of root key GK 'ASME, generate the encryption key GK ' of point-to-multipoint group NAS signalingNASencWith it is complete Property protection key GK 'NASint, the also generation group base station key GK ' when group is exhaled and establishedeNB, according to described group of base station key GK 'eNBIt is raw At the encryption key GK ' of AS layers of RRC signaling of point-to-multipoint groupRRCencWith tegrity protection key GK 'RRCintAnd downlink group is used Family face encryption key GK 'UPenc
Point-to-multipoint decryption unit during exhaling downlink data and signalling for group, uses the encryption of downlink group NAS signaling Key GK 'NASencWith tegrity protection key GK 'NASintTo point-to-multipoint group NAS signaling be decrypted with complete guarantor, use a group AS The encryption key GK ' of layer RRC signalingRRCencWith tegrity protection key GK 'RRCintTo a group RRC signaling be decrypted with complete guarantor, make With a group customer side encryption key GK 'UPencDownlink user face data is exhaled to be decrypted group.
CN201711027250.4A 2017-10-27 2017-10-27 Eat dishes without rice or wine encryption method and device under fail soft mode Pending CN109729522A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711027250.4A CN109729522A (en) 2017-10-27 2017-10-27 Eat dishes without rice or wine encryption method and device under fail soft mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711027250.4A CN109729522A (en) 2017-10-27 2017-10-27 Eat dishes without rice or wine encryption method and device under fail soft mode

Publications (1)

Publication Number Publication Date
CN109729522A true CN109729522A (en) 2019-05-07

Family

ID=66291942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711027250.4A Pending CN109729522A (en) 2017-10-27 2017-10-27 Eat dishes without rice or wine encryption method and device under fail soft mode

Country Status (1)

Country Link
CN (1) CN109729522A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021218851A1 (en) * 2020-04-27 2021-11-04 华为技术有限公司 Method and device for secure communication
CN113645621A (en) * 2020-04-27 2021-11-12 华为技术有限公司 Secure communication method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102291680A (en) * 2010-06-18 2011-12-21 普天信息技术研究院有限公司 Encrypted group calling method based on long term evolution (TD-LTE) trunking communication system
CN103686670A (en) * 2013-12-09 2014-03-26 中国联合网络通信集团有限公司 Secure transmission channel establishing method and device
CN103813272A (en) * 2012-11-14 2014-05-21 普天信息技术研究院有限公司 Cluster group calling downlink transmission method
CN104010276A (en) * 2013-02-27 2014-08-27 中兴通讯股份有限公司 Group key hierarchical management method and system for broadband cluster system, and terminal
CN104735626A (en) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 Achieving method and device for trunking group communication public security
CN106162626A (en) * 2015-04-20 2016-11-23 北京信威通信技术股份有限公司 Group communication is eated dishes without rice or wine the methods, devices and systems of security control
US20170164419A1 (en) * 2013-07-04 2017-06-08 Electronics And Telecommunications Research Instit Ute Control method for supporting multiple connections in mobile communication system and apparatus for supporting multiple connections
CN106998537A (en) * 2016-01-25 2017-08-01 展讯通信(上海)有限公司 The information transferring method and device of group-calling service

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102291680A (en) * 2010-06-18 2011-12-21 普天信息技术研究院有限公司 Encrypted group calling method based on long term evolution (TD-LTE) trunking communication system
CN103813272A (en) * 2012-11-14 2014-05-21 普天信息技术研究院有限公司 Cluster group calling downlink transmission method
CN104010276A (en) * 2013-02-27 2014-08-27 中兴通讯股份有限公司 Group key hierarchical management method and system for broadband cluster system, and terminal
US20170164419A1 (en) * 2013-07-04 2017-06-08 Electronics And Telecommunications Research Instit Ute Control method for supporting multiple connections in mobile communication system and apparatus for supporting multiple connections
CN103686670A (en) * 2013-12-09 2014-03-26 中国联合网络通信集团有限公司 Secure transmission channel establishing method and device
CN104735626A (en) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 Achieving method and device for trunking group communication public security
CN106162626A (en) * 2015-04-20 2016-11-23 北京信威通信技术股份有限公司 Group communication is eated dishes without rice or wine the methods, devices and systems of security control
CN106998537A (en) * 2016-01-25 2017-08-01 展讯通信(上海)有限公司 The information transferring method and device of group-calling service

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
3RD GENERATION PARTNERSHIP PROJECT: "User Equipment (UE) conformance specification", 《3GPP TS 34.123-1 V12.5.0 (2016-09)》 *
E. ABIRAMI ECT.: "Proficient key management scheme for multicast groups using group key agreement and broadcast encryption", 《2017 INTERNATIONAL CONFERENCE ON INFORMATION COMMUNICATION AND EMBEDDED SYSTEMS (ICICES)》 *
张文建,彭建华,黄开枝: "一种基于空中接口和核心网协同的LTE系统密钥推演方法", 《计算机应用研究》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021218851A1 (en) * 2020-04-27 2021-11-04 华为技术有限公司 Method and device for secure communication
CN113645621A (en) * 2020-04-27 2021-11-12 华为技术有限公司 Secure communication method and device

Similar Documents

Publication Publication Date Title
CN103179558B (en) Group system group exhales encryption implementation method and system
CN104883217B (en) A kind of method, system and the equipment of transmitting satellite message
CN106134231B (en) Key generation method, equipment and system
CN109792689A (en) Method and apparatus for executing paging in mobile communication system
CN101242630B (en) Method, device and network system for secure algorithm negotiation
CN105323231B (en) Security algorithm selection method, apparatus and system
CN108347420A (en) A kind of method, relevant device and the system of netkey processing
CN111818516B (en) Authentication method, device and equipment
CN112218287B (en) Communication method and device
CN101931953A (en) Method and system for generating safety key bound with device
EP3058693A1 (en) Selection and use of a security agent for device-to-device (d2d) wireless communications
CN104885492B (en) Intercepting device-to-device communications
CN104661184A (en) Method and equipment for satellite communication
CN106998537B (en) The information transferring method and device of group-calling service
CN115428498A (en) Dissimilar user plane security
CN106162626A (en) Group communication is eated dishes without rice or wine the methods, devices and systems of security control
CN113841443B (en) Data transmission method and device
CN102612028B (en) Method, system and device for configuration transmission and data transmission
US9479334B2 (en) Method, system, and terminal for communication between cluster system encryption terminal and encryption module
CN101867930B (en) Rapid authentication method for wireless Mesh network backbone node switching
US20220399950A1 (en) Securing Downlink Control Information in Cellular Communication Networks
CN109729522A (en) Eat dishes without rice or wine encryption method and device under fail soft mode
CN103813272A (en) Cluster group calling downlink transmission method
CN102833739B (en) Method, device and system for transmitting initial non access stratum messages
CN110035431A (en) Information processing method and device, network entity and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20220909

AD01 Patent right deemed abandoned