CN109729522A - Eat dishes without rice or wine encryption method and device under fail soft mode - Google Patents
Eat dishes without rice or wine encryption method and device under fail soft mode Download PDFInfo
- Publication number
- CN109729522A CN109729522A CN201711027250.4A CN201711027250A CN109729522A CN 109729522 A CN109729522 A CN 109729522A CN 201711027250 A CN201711027250 A CN 201711027250A CN 109729522 A CN109729522 A CN 109729522A
- Authority
- CN
- China
- Prior art keywords
- key
- group
- point
- encryption
- base station
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention provides eat dishes without rice or wine encryption method and the devices under a kind of fail soft mode, in this method, the privately owned mark that base station can be reported according to UE determines point-to-point root key, terminal and base station can carry out cipher key derivative according to root key, after activating point-to-point safety, the affiliated group information carried in the cluster registration request sent by terminal, for affiliated group of generation group root key, and then terminal and base station carry out cipher key derivative according to group root key respectively, and carry out encryption and decryption using key in point-to-point and point-to-multipoint signaling and data transmission procedure.And then point-to-point, point-to-multipoint cipher key derivative and distribution mechanisms are also able to carry out under fail soft mode, guarantee point-to-point in such a mode, point-to-multipoint signaling and data transmission security.And it is smaller to the security mechanism change under existing normal mode of operation, so that method provided in an embodiment of the present invention is simply easily realized, will not make a big impact to the configuration of existing net.
Description
Technical field
The present embodiments relate to fields of communication technology, and in particular to the encryption method of eating dishes without rice or wine under a kind of fail soft mode
And device.
Background technique
Private network group system is in order to meet the exploitation of industry user's command scheduling demand, towards the dedicated of specific industry application
Wireless communication system, the requirement for reliability and survivability are very high.It is led when because of natural calamity, the anomalous events such as careless of constructing
It causes when the communication disruption between base station and core net or when core network system breaks down, base station should be able to be covered for the base station
User within the scope of lid maintains the communication service of acceptable service quality, and it is basic with clusters such as broadcast & call to support that individual calling, group are exhaled
Business, i.e. offer fail soft function, also referred to as single station operation.After communication link restores, base station is switched to normal work shape
State, again under core net control.
It is currently based on broadband cluster communication (B-TrunC) system of LTE technology, when the link state of base station and core-network side
From when normally switching to abnormal, system switchs to fail soft mode by normal cluster operating mode therewith.Remove all industry in base station
Business notifies terminal to enter fail soft mode by system message, and terminal terminates ongoing business, initiates special registration
Process, which executes to adhere to, simultaneously registers base station process, hereafter can initiate individual calling in this base station range, the industry such as group is exhaled, broadcast & call
Business.
On the other hand, private network system is high to the safety of network and information transmission and confidentiality requirement, in order to ensure sky
The safety of port communications, group system should provide encryption function of eating dishes without rice or wine, it is ensured that the wireless link security between eNodeB and terminal.Mesh
The safety that preceding LTE technology can support user identity safety and point-to-point data to transmit, but can't support point-to-multipoint
The safety of data transmission.B-TrunC system provides on the basis of succession LTE existing point-to-point safety also directed to private network demand
The point-to-multipoint security function of enhancing, encryption and complete guarantor including downlink point-to-multipoint group NAS signaling and group RRC signaling, with
And the customer side encryption function of downlink point-to-multipoint.
However, during realizing innovation and creation, inventors have found that being only provided under normal mode in the prior art
Point-to-point and point-to-multipoint signaling and data safety, and under fail soft mode, in the communication between base station and core net
Disconnected, base station and UE terminate ongoing business and delete context, lack at this time point-to-point and point multipoint message traffic
Cipher key derivative and distribution mechanisms can not provide NAS layers and AS layers point-to-point and point-to-multipoint security function.
Summary of the invention
The embodiment of the present invention provides a kind of eat dishes without rice or wine encryption method and device under fail soft mode.
In a first aspect, the embodiment of the present invention provides the encryption method of eating dishes without rice or wine under a kind of fail soft mode, comprising:
Terminal is attached in base station process, the privately owned mark of carried terminal equipment in attach request, terminal and base station point
Point-to-point root key K ' is not generated according to the privately owned markASME;
According to the root key K 'ASME, terminal and base station generate the encryption key K ' of Non-Access Stratum NAS signaling respectivelyNASenc
With tegrity protection key K 'NASint, activation NAS safety;Also according to the root key K 'ASMEGenerate base station key K 'eNB, and root
The encryption key K ' of access layer RRC signaling is generated according to the base station keyRRCencWith tegrity protection key K 'RRCint, Yi Jiyong
Family face encryption key K 'UPenc, activate safety of eating dishes without rice or wine;
Terminal is completed after being attached to base station, Xiang Jizhan signalling of bouquet registration request, is carried eventually in the cluster registration request
Group information belonging to holding, base station determines corresponding group of root key GK ' according to the affiliated group informationASME, return in the registration response
Affiliated group and organize root key corresponding lists, terminal and base station are according to described group of root key GK 'ASMEGeneration group NAS signaling adds
Key GK 'NASencWith tegrity protection key GK 'NASint;
It is exhaled in Establishing process in group, terminal is respectively according to a group root key GK ' in base station and groupASMEGeneration group base station key
GK′eNB, further according to a group base station key GK 'eNBGenerate the encryption key GK ' of downlink point-to-multipoint group RRC signalingRRCencAnd integrality
Protect key GK 'RRCint, and group customer side encryption key GK 'Upenc。
Second aspect, the embodiment of the present invention provide the encryption device of eating dishes without rice or wine under a kind of fail soft mode, are applied to base station
Side, comprising:
First point-to-point Key generating unit, for after receiving the attach request that terminal device reports, according to described
The privately owned mark of the terminal device carried in attach request determines and generates point-to-point root key K 'ASME;According to the root key
K’ASME, generate the encryption key K ' of point-to-point NAS layers of signalingNASencWith tegrity protection key K 'NASint;On establishing terminal
Base station key K ' is also generated when hereaftereNB, the encryption key of point-to-point AS layers of RRC signaling is generated according to the base station key K ' eNB
K’RRCencWith tegrity protection key K 'RRCintAnd customer side encryption key K 'UPenc;
First point-to-point encryption/decryption element uses adding for NAS layer signaling in individual calling and group call uplink Establishing process
Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC
The encryption key K ' of signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point-to-point number are carried out to RRC signaling
According in transmission process use customer side encryption key K 'UPencEncryption and decryption is carried out to user face data;
First point-to-multipoint Key generating unit, for after receiving the cluster registration request that terminal device reports, root
According to the affiliated group information of terminal carried in the cluster registration request, point-to-multipoint group root key GK ' is determinedASME;According to described
Group root key GK 'ASME, generate the encryption key GK ' of NAS layers of signaling of point-to-multipoint groupNASencAnd tegrity protection key
GK’NASint, the also generation group base station key GK ' when establishing group and exhaling contexteNB, according to described group of base station key GK 'eNBGenerate point
To the encryption key GK ' of AS layers of RRC signaling of multiple spot groupRRCencWith tegrity protection key GK 'RRCintAnd downlink group user face
Encryption key GK 'UPenc;
Point-to-multipoint encryption unit during exhaling downlink data and signalling for group, uses downlink group NAS signaling
Encryption key GK 'NASencWith tegrity protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group NAS signaling, used
The encryption key GK ' of AS layers of RRC signaling of groupRRCencWith tegrity protection key GK 'RRCintTo group RRC signaling carry out encryption and it is complete
It protects, uses a group customer side encryption key GK 'UPencDownlink user face data is exhaled to encrypt group.
The third aspect, the embodiment of the present invention provide the encryption device of eating dishes without rice or wine under a kind of fail soft mode, are applied to terminal
Side, comprising:
Second point-to-point Key generating unit is used for when determination enters fail soft mode, according to the privately owned mark of terminal
Know to calculate and generates point-to-point root key K 'ASME;According to the root key K 'ASME, generate the encryption key of point-to-point NAS layers of signaling
K’NASencWith tegrity protection key K 'NASint, also according to the root key K 'ASMEGenerate base station key K 'eNB, according to the base
Stand key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCencWith tegrity protection key K 'RRCint, Yi Jiyong
Family face encryption key K 'UPenc;
Second point-to-point encryption/decryption element uses adding for NAS layer signaling in individual calling and group call uplink Establishing process
Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC
The encryption key K ' of signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point-to-point number are carried out to RRC signaling
According in transmission process use customer side encryption key K 'UPencEncryption and decryption is carried out to user face data;
Second point-to-multipoint Key generating unit, for after receiving the cluster registration response that base station equipment issues, root
According to affiliated group of the terminal carried in cluster registration response and the corresponding lists for organizing root key, the affiliated point-to-multipoint organized is obtained
Group root key GK 'ASME;According to described group of root key GK 'ASME, generate the encryption key GK ' of point-to-multipoint group NAS signalingNASencWith
Tegrity protection key GK 'NASint, the also generation group base station key GK ' when group is exhaled and establishedeNB, according to described group of base station key
GK’eNBGenerate the encryption key GK ' of AS layers of RRC signaling of point-to-multipoint groupRRCencWith tegrity protection key GK 'RRCint, and under
Row group customer side encryption key GK 'UPenc;
Point-to-multipoint decryption unit during exhaling downlink data and signalling for group, uses downlink group NAS signaling
Encryption key GK 'NASencWith tegrity protection key GK 'NASintPoint-to-multipoint group NAS signaling is decrypted and complete guarantor, use
The encryption key GK ' of AS layers of RRC signaling of groupRRCencWith tegrity protection key GK 'RRCintTo a group RRC signaling be decrypted with it is complete
It protects, uses a group customer side encryption key GK 'UPencDownlink user face data is exhaled to be decrypted group.
In method provided in an embodiment of the present invention, attachment that base station equipment (eNB) can be reported according to terminal device (UE)
Privately owned mark in request determines point-to-point root key, and then terminal and base station can generate NAS layers of signaling according to root key
Encryption and complete secrecy key, the encryption of AS layers of RRC signaling and complete secrecy key and customer side encryption key, and it is point-to-point activating
After safety, the affiliated group information carried in the cluster registration request by terminal transmission determines group root key for affiliated group and leads to
Know terminal, and then terminal and base station are exhaled in group and built respectively according to group encryption of NAS layers of signaling of root key generation group and a complete secrecy key
Base station and terminal is according to a group root key generation group base station key in organizing immediately, and then according to a group AS layers of RRC of base station key generation group
The encryption of signaling and complete secrecy key and group exhale downlink user face encryption key.To point-to-point signaling and data transmission (such as:
Individual calling and group call uplink) during, utilize the encryption of NAS layers of signaling and complete secrecy key, the encryption and complete secrecy of AS layers of RRC signaling
Key and customer side encryption key pair NAS signaling, RRC signaling and user face data carry out having encrypted guarantor's processing;Point-to-points
During point signaling and data transmission (such as: group exhales downlink), using the encryption of group NAS layer signaling and complete secrecy key, AS layers of RRC are organized
The encryption of signaling and complete secrecy key and group customer side encryption key pair group NAS signaling, group RRC signaling and group exhale downlink user
Face data carries out having encrypted guarantor's processing.It is corresponding point-to-point, point-to-multipoint to be also able to carry out under fail soft mode
Cipher key derivative and distribution mechanisms guarantee that point-to-point in such a mode, point-to-multipoint NAS layers and AS layers of signaling and data pass
Defeated safety.And it is smaller to the security mechanism change under existing normal mode of operation, so that method provided in an embodiment of the present invention
It is simple easily to realize, it will not make a big impact to the configuration of existing net.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is the layered structure schematic diagram of the point-to-point key of LTE in the prior art;
Fig. 2 is that cluster point-to-multipoint key is divided into schematic diagram in the prior art;
Fig. 3 is the encryption method flow chart of eating dishes without rice or wine under a kind of fail soft mode provided in an embodiment of the present invention;
Fig. 4 is the generating process schematic diagram of point-to-point key under fail soft mode provided in an embodiment of the present invention;
Fig. 5 is the generating process schematic diagram of point-to-multipoint key under fail soft mode provided in an embodiment of the present invention;
Fig. 6 be under fail soft mode provided in an embodiment of the present invention endpoint to register to base flow figure;
Fig. 7 is that fail soft mode the following group provided in an embodiment of the present invention exhales encryption flow figure of eating dishes without rice or wine;
Fig. 8 is the encryption device structural schematic diagram of eating dishes without rice or wine under a kind of fail soft mode provided in an embodiment of the present invention;
Fig. 9 is that the encryption device example structure of eating dishes without rice or wine under another fail soft mode provided in an embodiment of the present invention is shown
It is intended to.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Encryption method of eating dishes without rice or wine provided by the invention under fail soft mode for ease of understanding, it is illustratively existing first
Point-to-point and point-to-multipoint ciphering process of eating dishes without rice or wine in the normal mode in technology.
The layered structure of the point-to-point key of LTE is as shown in Figure 1, wherein K is permanent key, while being stored in terminal
In usim card and network side authentication center AuC;CK and IK is during executing AKA certification, while in AuC and usim card
The key pair of upper generation, and for calculating KASME;KASMEAn intermediate key, be UE and HSS during AKA according to CK and
What IK was generated, for deriving subsequent key;Terminal and MME are according to KASMEAnd algorithm mark generates add for NAS signaling respectively
Close key KNASenc, for the key K of NAS integrity protectionNASint;KeNBAn intermediate key, be UE and MME according to
KASMEEach self-generating, MME is RRC signaling for eNodeB by S1 interfac message notification eNodeB when establishing UE context
Key is generated with user face data;Terminal and eNB are according to KeNBGenerate the key for being used for customer side encryption respectively with algorithm mark
KUPenc, for the key K of RRC integrity protectionRRCint, for RRC encryption key KRRCenc。
The layered structure of point-to-multipoint collection group cipher is as shown in Figure 2, wherein GK organizes root key by realizing inside eHSS
GKASMEIt is generated by core net, and passes through UE in the point-to-point group information updating process group of notifications of NAS interface;UE and core net root
According to GKASMEAnd algorithm mark generates the key GK for group NAS signaling encryption respectivelyNASenc, for group a NAS signaling integrality
The key GK of protectionNASint;When group is exhaled, core net generates a random number, and uses random number, GKASMEIt is calculated with a group mark
Base station root key GKeNB, exhale context to establish request for GK by groupeNBAssociated base stations are notified with random number, and base station is according to GKeNB
Generate the customer side encryption key GK for being used for point-to-multipoint safety respectively with algorithm markUPenc, RRC tegrity protection key
GKRRCint, RRC encryption key GKRRCenc;Random number and access layer security algorithm are being eated dishes without rice or wine to broadcast in base station, UE receive after using and
The identical cipher key derivative process of network side generates GKeNB、GKUPenc、GKRRCint、GKRRCenc。
Based on this, in a first aspect, the embodiment of the invention provides the encryption methods of eating dishes without rice or wine under a kind of fail soft mode, such as
Shown in Fig. 3, comprising:
S101, terminal are attached in base station process, the privately owned mark of carried terminal equipment, terminal and base in attach request
It stands and point-to-point root key K ' is generated according to the privately owned mark respectivelyASME;
S102, according to the root key K 'ASME, terminal and base station generate the encryption key of Non-Access Stratum NAS signaling respectively
K’NASencWith tegrity protection key K 'NASint, activation NAS safety;Also according to the root key K 'ASMEGenerate base station key
K’ENB,And the encryption key K ' of access layer RRC signaling is generated according to the base station keyRRCencAnd tegrity protection key
K’RRCintAnd customer side encryption key K 'UPenc, activate safety of eating dishes without rice or wine;
S103, terminal are completed after being attached to base station, Xiang Jizhan signalling of bouquet registration request, are taken in the cluster registration request
The affiliated group information of tape terminal, base station determine corresponding group of root key GK ' according to the affiliated group informationASME, in the registration response
Group belonging to returning and the corresponding lists for organizing root key, terminal and base station are according to described group of root key GK 'ASMEGeneration group NAS signaling
Encryption key GK 'NASencWith tegrity protection key GK 'NASint;
S104, it is exhaled in Establishing process in group, terminal is respectively according to a group root key GK ' in base station and groupASMEGeneration group base station
Key GK 'eNB, further according to a group base station key GK 'eNBGenerate the encryption key GK ' of downlink point-to-multipoint group RRC signalingRRCencWith it is complete
Whole property protects key GK 'RRCint, and group customer side encryption key GK 'Upenc。
In method provided in an embodiment of the present invention, attachment that base station equipment (eNB) can be reported according to terminal device (UE)
Privately owned mark in request determines point-to-point root key, and then terminal and base station can generate NAS layers of signaling according to root key
Encryption and complete secrecy key, the encryption of AS layers of RRC signaling and complete secrecy key and customer side encryption key, and it is point-to-point activating
After safety, the affiliated group information carried in the cluster registration request by terminal transmission for affiliated group of generation group root key and is led to
Know terminal, and then terminal and base station are exhaled in group and built respectively according to group encryption of NAS layers of signaling of root key generation group and a complete secrecy key
Immediately according to a group root key generation group base station key, and then according to group encryption of AS layers of RRC signaling of base station key generation group and complete
Secrecy key and downlink user face encryption key.To transmit (such as: individual calling and group call uplink) mistake in point-to-point signaling and data
Cheng Zhong utilizes the encryption of NAS layers of signaling and complete secrecy key, the encryption of AS layers of RRC signaling and complete secrecy key and customer side encryption
Key pair NAS signaling, RRC signaling and user face data carry out having encrypted guarantor's processing;It is transmitted in point-to-multipoint signaling and data
During (such as: group exhales downlink), the encryption of group NAS layers of signaling and complete secrecy key, the encryption of AS layers of RRC signaling of group and complete guarantor are utilized
Key and customer side encryption key pair group NAS signaling, group RRC signaling and group exhale downlink user face data to carry out having encrypted guarantor
Processing.To also be able to carry out corresponding point-to-point, point-to-multipoint cipher key derivative and distribution mechanisms under fail soft mode,
Guarantee point-to-point in such a mode, point-to-multipoint NAS layers and AS layers of signaling and data transmission security.And to it is existing just
Security mechanism change under normal operating mode is smaller, so that method provided in an embodiment of the present invention is simply easily realized, it will not be to existing
The configuration of net makes a big impact.
Wherein, UE is executed in the case where entering fail soft mode and special is attached to base flow in a practical situation.Specifically
For, when the communication terminal between core net or core net break down at this time for base station judgement, it is weak which enters failure
Change mode informs that the UE in its coverage area currently comes into fail soft mode (SIBTrunk by broadcast system message
In CellFailureInd cell value be True), UE receive fail soft instruction after can terminate carrying out at once
Business and delete context, backward base station initiate adhere to again, IMSI information is carried in attach request.Due to above-mentioned UE
Process into fail soft mode is the prior art, no longer does excessive explanation herein.
In addition, in a practical situation, privately owned mark here can be IMSI code (the international mobile subscriber identification of terminal
Code, International Mobile Subscriber Identification Number), it is also possible to certainly as other
Privately owned mark, the present invention is not especially limit this.
Wherein, in the specific implementation, in order to guarantee to realize the close purpose of a words one (namely every time group exhale it is right
Answer a set of key), base station generates a random number and carried in each group-calling process is handed down to group in clustering paging message
Interior member, the random number and group root key GK 'ASME, group mark participation group base station key GK ' togethereNBDerivative, to provide
One words one are close, further enhance the safety of point-to-multipoint transmission.
In addition, in the specific implementation, in order to avoid repeating to carry out affiliated group of UE the generation of group root key, the present invention is implemented
In the step S103 of example, base station determines corresponding group of root key GK ' according to the affiliated group informationASMEThe step of can specifically wrap
It includes:
S1031, according to affiliated group information, however, it is determined that generated the group root key GK organized belonging to the terminal device
’ASME, then by generated group of root key GK 'ASMEAs affiliated group of group root key;
S1032, if it is determined that the group root key GK ' organized belonging to not generatingASME, then calculated according to affiliated group information and generate institute
The group root key GK ' of category groupASME。
That is, when the UE of first of group registration reports cluster registration request, i.e. generation group root key
GK’ASME, in organizing when other UE registration, if base station judges the group generation group root key GK 'ASME, it then be used directly
The group root key of generation.
It should be noted that the point-to-point root key K ' in above method embodimentASMEAnd point-to-multipoint group root key
GK’ASMEOnly under fail soft mode effectively, when base station determines and reverts to normal mode, root key K 'ASMEAnd group root
Key GK 'ASMEFail.Base station also can inform the UE in its coverage area at this time by the group system message of broadcast at this time
Into normal mode.For the side UE, after receiving this system message, root key K 'ASMEAnd group root key
GK’ASMEAlso it fails at once.
The method of the embodiment of the present invention for ease of understanding below carries out specifically entire cipher key derivative and distribution mechanisms
It is bright.
The main thought of the embodiment of the present invention are as follows: terminal is adhering to again into fail soft mode and is being registered to base station
In the process, root key K ' is calculated according to the IMSI of UE using IMSI, terminal and base station in Attach Request messageASME, according to
K’ASMEIt carries out cipher key derivative and activates security process;Terminal reports affiliated Groups List in cluster registration message, and base station is to report
Group determine group a root key GK 'ASME, group number is returned in cluster registration reply message and organizes the corresponding relationship of root key.Terminal
With base station according to K 'ASME、GK’ASMEThe key for point-to-point and point-to-multipoint NAS signaling encryption and complete guarantor, point pair are generated respectively
According to K ' when point data is transmittedASMEDerivative K 'eNBGenerate key and the user for the encryption of point-to-point RRC signaling and complete guarantor
The encryption key in face.When group is exhaled, random number is generated by base station and is eating dishes without rice or wine to broadcast, terminal and base station are according to GK 'ASME, random number,
Group mark generates GK 'eNB, and then according to GK 'eNBGenerate GK 'UPenc、GK’RRCint、GK’RRCencIt is realized as under normal mode
One words one are close.
Concrete implementation mode is as follows:
(1) the point-to-point generating process with point-to-multipoint key of fail soft mode
The generating process of point-to-point service key is as shown in Figure 4: K 'ASMEIt is calculated and is generated by the IMSI of terminal, terminal is attached
To reporting IMSI, K ' during base stationASMEOnly during fail soft effectively.Hereafter, eNB and UE uses this K 'ASMESpread out
Bear a series of key (including NAS layers and AS layers) of remaining point-to-point service, the K ' that core net generates under normal modeASME、
K’eNBIt is now generated by eNB, cipher key derivative process is consistent under normal mode.
The generating process of point multipoint message traffic key is as shown in figure 5, the affiliated Groups List that eNB is reported according to UE, generates this
The group root key GK ' organized a bitASMEAnd UE is notified in a manner of point-to-point, hereafter, eNB and UE use GK 'ASMEDerive remaining point pair
The key (including NAS layers and AS layers) of multiple spot group business.
(2) terminal adheres to and is registered to base flow under fail soft mode
Referring to Fig. 6, under fail soft mode, after UE is attached to base station, cluster registration process is initiated, procedure declaration is as follows:
Step 1~4:UE initiates RRC connection establishment process;
Step 5:UE sends RRCConnectionSetupComplete message to eNB, carries NAS message Attach
Request requests to adhere to using IMSI;
Step 6:eNodeB is that UE establishes initial context, and wherein safe context includes point-to-point root key K 'ASME、
The encryption key K ' of NAS signalingNASencWith complete secrecy key K 'NASintAnd intermediate key K 'eNB.Wherein, point-to-point root key
K’ASMEThe IMSI of using terminal, which is calculated, to be generated;
Step 7: activation NAS safety, hereafter all NAS messages are kept safe;
Step 8~9: base station sends UECapabilityEnquiry message and reports wireless capability message to UE, UE;
Step 10~11:eNB executes Safe Mode Operation of eating dishes without rice or wine, the corresponding security mechanism eated dishes without rice or wine of activation;
Step 12:eNB is that UE establishes default bearer, and is sent out by RRC Connection Reconfigration to UE
Send NAS message Attach Accept;
Step 13:UE sends RRC Connection Reconfigration Complete message to eNodeB;
Step 14:UE sends NAS message Attach Complete to eNB by UL Information Transfor;
Step 15:UE sends NAS message Trunking Register to eNB by UL Information Transfor
Request carries out cluster registration, carry in message registration type, UE number, the clustering capability of UE, UE cluster safety ability,
The information such as group belonging to the code/decode format of support, UE;
If eated dishes without rice or wine in order to avoid the exposure of group number information, subsequent clustered paging replaces group number using group mark (GID)
(GDN), then group number GDN and group mark GID corresponding lists are carried.
Step 16:eNB generates the group root key GK ' of these groups according to the affiliated Groups List that UE is reportedASME, sent to UE
The registration of NAS cluster receives Trunking Register Accept, removes in message and carries existing period registration time length, network collection
Outside group energy power, the GID and group root key GK ' that are organized belonging to also carrying UEASMECorresponding lists information;
UE and eNB can be according to GID and GK 'ASMECorresponding lists generate the encryption key GK ' of the group NAS signaling of each groupNASenc
With tegrity protection key GK 'NASint.When the eNB for needing to illustrate generates the group root key of certain group, registered at the group first
Give the correct time on UE generation, organize in other UE registration when eNB use the group root key generated.
Point-to-point root key K 'ASMEWith a group root key GK 'ASMEOnly under fail soft mode effectively.
(3) encryption flow of eating dishes without rice or wine that fail soft mode the following group is exhaled
Fig. 7 shows fail soft mode the following group and exhales encryption flow of eating dishes without rice or wine.What fail soft mode the following group was exhaled eats dishes without rice or wine to encrypt
Process description is as follows:
Step 1~5: the IDLE UE that initiation group is exhaled executes RRC connection building process.UE is in connection setup complete message
NAS message TRUNKING SERVICE REQUEST is carried, wherein message container carries call request CALL REQUEST (message
Middle carrying type of call, call property, called number, media information etc.), a cluster multi call business is established to apply, such as
Fruit eat dishes without rice or wine clustered paging using group mark a GID, then called number for call service group, institute GID;
Step 6~7:eNB executes Safe Mode Operation of eating dishes without rice or wine, the security mechanism of AS layers of activation;
Step 8:eNB is reconfigured by RRC, restores the empty port load-supporting of UE, meanwhile, it carries dedicated bearer and establishes request, for hair
It plays person and establishes right of speech carrying;
To base station, UE is direct transferred by uplink and sends ACTIVATE step 9~10:UE feedback rrc layer configuration result
DEDICATED EPS BEARER CONTEXT ACCEPT message, the result that NAS layers of dedicated bearer of feedback is established;
Step 11: base station generates the random number of this calling, according to random number, GID and group root key GK 'ASMEGeneration group
Base station key GK 'eNB, further according to GK 'eNBGenerate the encryption key GK ' of point-to-multipoint group RRC signalingRRCencWith complete secrecy key
GK’RRCintAnd customer side encryption key GK 'UPenc;
Step 12a~13a: base station signalling of bouquet pages TrunkingPaging message, carries GID, call priority, G-
RNTI, and AS layers of security information, including random number and security algorithm are carried, base station transmission group on TCCH channel exhales configuration
GroupCallConfig provides the access layer configuration parameter of group TTCH, wherein also including NAS message Group Call
Setup Indication (carries call identification, type of call, medium type, type of service, call property, media parameter
Deng).After listening user to receive 12a, 13a message in group, the reception of group service can be carried out;
After UE receives clustering paging message, random number and AS layers of security algorithm are obtained, execute key identical with base station side
Derivatization process.
Step 12b~13b: base station notifies promoter by Call Accept, and respective resources are ready for finishing, Ke Yijin
Row uplink carries call identification, type of call, call property, call priority, right of speech information, media information in message
Base station notified by Call Complete Deng, UE, CALL ACCEPT is received by UE;
Step 14: base station is by Floor Inform process, the right of speech state that user notifies group current into group.
It is exhaled in Establishing process at above-mentioned group, Group Call Setup Indication, Floor Inform etc. organize NAS
Signaling uses encryption key GK 'NASencCarry out encryption and tegrity protection key GK 'NASintGuarantor is carried out;
GroupCallconfig, DLTrunkingInformationTransfer etc. organize RRC signaling and use encryption key GK 'RRCencInto
Row encryption and tegrity protection key GK 'RRCintGuarantor is carried out, group exhales downlink data to use GK 'UPencIt is encrypted;Call
The point-to-point NAS signaling such as Accept, Call Complete uses encryption key K 'NASencCarry out encryption and tegrity protection key
K’NASintGuarantor is carried out, the point-to-point RRC signaling such as DLInformationTransfer, ULInformationTransfer uses
Encryption key K 'RRCencCarry out encryption and tegrity protection key K 'RRCintGuarantor is carried out, group call uplink data use K 'UPencInto
Row encryption.
It periodically updates or it should be noted that normal mode the following group root key will do it when group membership changes
It updates, if group root key more kainogenesis, during group is exhaled, network will issue new and old two sets of keys, this calling uses old close
Key enables new key after end of calling, the AS layer security information that clustering paging message of eating dishes without rice or wine issues, in addition to random number and safety are calculated
Outside method, also carrying key version number, terminal use that corresponding set key of key version number.Do not consider then under fail soft mode
The update of group root key, also there is no need to key version numbers.
(4) under fail soft mode individual calling encryption flow of eating dishes without rice or wine
The encryption flow of eating dishes without rice or wine of individual calling is consistent with the individual calling process under existing fail soft under fail soft mode.It is attached in UE
During registration, UE and base station generate root key K ' all in accordance with the IMSI of UEASME, the encryption of NAS layers of signaling is close
Key K 'NASencWith tegrity protection key K 'NASintIf UE is in connected state, also generation intermediate key K 'eNB, AS layers of RRC letter
The encryption key K ' of orderRRCencWith complete secrecy key K 'RRCintAnd customer side encryption key K 'UPenc;If UE is in Idle state,
Then it is subsequent establish UE context when generate K 'eNB、K’RRCenc、K’RRCint、K’UPenc。
In individual calling Establishing process, if caller, it is called be in connected state, directly using respective between base station and calling and called UE
NAS layer and AS layer key pair NAS signaling and RRC signaling carry out encryption and complete guarantor;If caller, it is called be in Idle state,
Service request (SR) is restored after activating NAS safety and AS safety in RRC connection and S1 connection procedure, close using NAS layers and AS layers
Key carries out encryption and complete guarantor to NAS signaling and RRC signaling, and user face data is encrypted using customer side encryption key.
Second aspect, the embodiment of the invention provides the encryption devices of eating dishes without rice or wine under a kind of fail soft mode, are applied to base
In station equipment, as shown in Figure 8, comprising:
First point-to-point Key generating unit 201, for after receiving the attach request that terminal device reports, according to institute
The privately owned mark of the terminal device carried in attach request is stated, determines and generates point-to-point root key K 'ASME;According to the root key
K’ASME, generate the encryption key K ' of point-to-point NAS layers of signalingNASencWith tegrity protection key K 'NASint;On establishing terminal
Base station key K ' is also generated when hereaftereNB, according to the base station key K 'eNBGenerate the encryption key of point-to-point AS layers of RRC signaling
K’RRCencWith tegrity protection key K 'RRCintAnd customer side encryption key K 'UPenc;
First point-to-point encryption/decryption element 202, for using NAS layers of signaling in individual calling and group call uplink Establishing process
Encryption key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS
The encryption key K ' of layer RRC signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point pair are carried out to RRC signaling
Customer side encryption key K ' is used during point data transmissionUPencEncryption and decryption is carried out to user face data;
First point-to-multipoint Key generating unit 203, for after receiving the cluster registration request that terminal device reports,
According to the affiliated group information of terminal carried in the cluster registration request, point-to-multipoint group root key GK ' is determinedASME;According to institute
State a group root key GK 'ASME, generate the encryption key GK ' of NAS layers of signaling of point-to-multipoint groupNASencAnd tegrity protection key
GK’NASint, the also generation group base station key GK ' when establishing group and exhaling contexteNB, according to described group of base station key GK 'eNBGenerate point
To the encryption key GK ' of AS layers of RRC signaling of multiple spot groupRRCencWith tegrity protection key GK 'RRCintAnd downlink group user face
Encryption key GK 'UPenc;
Point-to-multipoint encryption unit 204 during exhaling downlink data and signalling for group, is believed using downlink group NAS
The encryption key GK ' of orderNASencWith tegrity protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group NAS signaling,
Use the encryption key GK ' of group AS layers of RRC signalingRRCencWith tegrity protection key GK 'RRCintA group RRC signaling is encrypted
With complete guarantor, a group customer side encryption key GK ' is usedUPencDownlink user face data is exhaled to encrypt group.
The third aspect, the embodiment of the invention provides the encryption devices of eating dishes without rice or wine under a kind of fail soft mode, are applied to eventually
In end equipment, as shown in Figure 9, comprising:
Second point-to-point Key generating unit 301 is used for when determination enters fail soft mode, according to the privately owned of terminal
Mark, which calculates, generates point-to-point root key K 'ASME;According to the root key K 'ASME, the encryption for generating point-to-point NAS layers of signaling is close
Key K 'NASencWith tegrity protection key K 'NASint, also according to the root key K 'ASMEGenerate base station key K 'eNB, according to described
Base station key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCencWith tegrity protection key K 'RRCint, and
Customer side encryption key K 'UPenc;
Second point-to-point encryption/decryption element 302, for using NAS layers of signaling in individual calling and group call uplink Establishing process
Encryption key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS
The encryption key K ' of layer RRC signalingRRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor, point pair are carried out to RRC signaling
Customer side encryption key K ' is used during point data transmissionUPencEncryption and decryption is carried out to user face data;
Second point-to-multipoint Key generating unit 303, for after receiving the cluster registration response that base station equipment issues,
According to affiliated group of the terminal carried in cluster registration response and the corresponding lists for organizing root key, organized belonging to acquisition point-to-points
Point group root key GK 'ASME;According to described group of root key GK 'ASME, generate the encryption key GK ' of point-to-multipoint group NAS signalingNASenc
With tegrity protection key GK 'NASint, the also generation group base station key GK ' when group is exhaled and establishedeNB, according to described group of base station key
GK’eNBGenerate the encryption key GK ' of AS layers of RRC signaling of point-to-multipoint groupRRCencWith tegrity protection key GK 'RRCint, and under
Row group customer side encryption key GK 'UPenc;
Point-to-multipoint decryption unit 304 during exhaling downlink data and signalling for group, is believed using downlink group NAS
The encryption key GK ' of orderNASencWith tegrity protection key GK 'NASintTo point-to-multipoint group NAS signaling be decrypted with complete guarantor,
Use the encryption key GK ' of group AS layers of RRC signalingRRCencWith tegrity protection key GK 'RRCintA group RRC signaling is decrypted
With complete guarantor, a group customer side encryption key GK ' is usedUPencDownlink user face data is exhaled to be decrypted group.
Encryption device of eating dishes without rice or wine under the fail soft mode introduced by second aspect, the third aspect is that can execute sheet
The device of encryption method of eating dishes without rice or wine under fail soft mode in inventive embodiments, so based on described in the embodiment of the present invention
Fail soft mode under encryption of eating dishes without rice or wine method, those skilled in the art can understand the fail soft of the present embodiment
The specific embodiment of encryption device of eating dishes without rice or wine under mode and its various change form, so herein for the fail soft mould
How encryption device of eating dishes without rice or wine under formula realizes that the encryption method of eating dishes without rice or wine under the fail soft mode in the embodiment of the present invention is no longer detailed
It is thin to introduce.As long as those skilled in the art implement the encryption method institute of eating dishes without rice or wine in the embodiment of the present invention under fail soft mode
The device of use belongs to the range to be protected of the application.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect
Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment
Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any
Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed
All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments in this include institute in other embodiments
Including certain features rather than other feature, but the combination of the feature of different embodiment means in the scope of the present invention
Within and form different embodiments.For example, in the following claims, embodiment claimed it is any it
One can in any combination mode come using.
Certain unit embodiments of the invention can be implemented in hardware, or to run on one or more processors
Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice
Microprocessor or digital signal processor (DSP) realize gateway according to an embodiment of the present invention, proxy server, in system
Some or all components some or all functions.The present invention is also implemented as executing side as described herein
Some or all device or device programs (for example, computer program and computer program product) of method.It is such
It realizes that program of the invention can store on a computer-readable medium, or can have the shape of one or more signal
Formula.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any other shape
Formula provides.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability
Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch
To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame
Claim.
Claims (7)
1. the encryption method of eating dishes without rice or wine under a kind of fail soft mode characterized by comprising
Terminal is attached in base station process, the privately owned mark of carried terminal equipment in attach request, and root is distinguished in terminal and base station
Point-to-point root key K ' is generated according to the privately owned markASME;
According to the root key K 'ASME, terminal and base station generate the encryption key K ' of Non-Access Stratum NAS signaling respectivelyNASencWith it is complete
Whole property protects key K 'NASint, activation NAS safety;Also according to the root key K 'ASMEGenerate base station key K 'eNB, and according to institute
State the encryption key K ' that base station key generates access layer RRC signalingRRCencWith tegrity protection key K 'RRCintAnd user face
Encryption key K 'UPenc, activate safety of eating dishes without rice or wine;
Terminal is completed after being attached to base station, Xiang Jizhan signalling of bouquet registration request, carried terminal institute in the cluster registration request
Belong to group information, base station determines corresponding group of root key GK ' according to the affiliated group informationASME, in the registration response belonging to return
Group and the corresponding lists for organizing root key, terminal and base station are according to described group of root key GK 'ASMEThe encryption of generation group NAS signaling is close
Key GK 'NASencWith tegrity protection key GK 'NASint;
It is exhaled in Establishing process in group, terminal is respectively according to a group root key GK ' in base station and groupASMEGeneration group base station key GK 'eNB,
Further according to a group base station key GK 'eNBGenerate the encryption key GK ' of downlink point-to-multipoint group RRC signalingRRCencIt is close with integrity protection
Key GK 'RRCint, and group customer side encryption key GK 'Upenc。
2. the method according to claim 1, wherein the method also includes:
When determining that the terminal device initiation group is exhaled, base station also generates the random number that this group is exhaled, and the random number is taken
Band is handed down to group member in clustering paging message;Group member and base station are according to the random number, described group of root key
GK’ASMEAnd group mark, derivative group base station key GK 'eNB;
During group exhales downlink data and signalling, base station uses the encryption key GK ' of NAS layers of signaling of groupNASencWith it is complete
Property protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group of NAS signaling of downlink, use adding for group AS layer RRC signaling
Key GK 'RRCencWith tegrity protection key GK 'RRCintEncryption and complete guarantor are carried out to point-to-multipoint group of RRC signaling of downlink, made
With a group customer side encryption key GK 'UPencDownlink data is exhaled to encrypt group.
3. the method according to claim 1, wherein the base station determined according to the affiliated group information it is corresponding
Group root key GK 'ASME, comprising:
According to affiliated group information, however, it is determined that generated the group root key GK ' organized belonging to the terminal deviceASME, then will generate
Group root key GK 'ASMEAs affiliated group of group root key;
If it is determined that the group root key GK ' organized belonging to not generatingASME, then the group root organized belonging to generating is calculated according to affiliated group information
Key GK 'ASME。
4. the method according to claim 1, wherein the method also includes:
In individual calling and group call uplink Establishing process, terminal and base station use the encryption of the NAS layer signaling of the terminal close respectively
Key K 'NASencWith tegrity protection key K 'NASintEncryption and complete guarantor are carried out to NAS signaling, the encryption using AS layers of RRC signaling is close
Key K 'RRCencWith tegrity protection key K 'RRCintEncryption and complete guarantor are carried out to RRC signaling, use user face to add during individual calling
Key K 'UPencUser face data is encrypted.
5. the method according to claim 1, wherein the point-to-point root key K 'ASMEIt is close with point-to-multipoint group root
Key GK 'ASMEOnly during fail soft effectively.
6. the encryption device of eating dishes without rice or wine under a kind of fail soft mode is applied to base station equipment characterized by comprising
First point-to-point Key generating unit, for after receiving the attach request that terminal device reports, according to the attachment
The privately owned mark of the terminal device carried in request determines and generates point-to-point root key K 'ASME;According to the root key K 'ASME,
Generate the encryption key K ' of point-to-point NAS layers of signalingNASencWith tegrity protection key K 'NASint;When establishing terminal contexts
Also generate base station key K 'eNB, according to the base station key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCenc
With tegrity protection key K 'RRCintAnd customer side encryption key K 'UPenc;
First point-to-point encryption/decryption element, in individual calling and group call uplink Establishing process, the encryption using NAS layers of signaling to be close
Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC signaling
Encryption key K 'RRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor are carried out to RRC signaling, Point-to-Point Data passes
Customer side encryption key K ' is used during defeatedUPencEncryption and decryption is carried out to user face data;
First point-to-multipoint Key generating unit, for after receiving the cluster registration request that terminal device reports, according to institute
The affiliated group information of the terminal carried in cluster registration request is stated, determines point-to-multipoint group root key GK 'ASME;According to described group of root
Key GK 'ASME, generate the encryption key GK ' of NAS layers of signaling of point-to-multipoint groupNASencWith tegrity protection key GK 'NASint,
Establish also generation group base station key GK ' when group exhales contexteNB, according to described group of base station key GK 'eNBGenerate point-to-multipoint group AS
The encryption key GK ' of layer RRC signalingRRCencWith tegrity protection key GK 'RRCintAnd downlink group customer side encryption key
GK’UPenc;
Point-to-multipoint encryption unit during exhaling downlink data and signalling for group, uses the encryption of downlink group NAS signaling
Key GK 'NASencWith tegrity protection key GK 'NASintEncryption and complete guarantor are carried out to point-to-multipoint group NAS signaling, use a group AS
The encryption key GK ' of layer RRC signalingRRCencWith tegrity protection key GK 'RRCintEncryption and complete guarantor are carried out to group RRC signaling, made
With a group customer side encryption key GK 'UPencDownlink user face data is exhaled to encrypt group.
7. the encryption device of eating dishes without rice or wine under a kind of fail soft mode is applied to terminal device characterized by comprising
Second point-to-point Key generating unit is used for when determination enters fail soft mode, according to the privately owned mark meter of terminal
It calculates and generates point-to-point root key K 'ASME;According to the root key K 'ASME, generate the encryption key of point-to-point NAS layers of signaling
K’NASencWith tegrity protection key K 'NASint, also according to the root key K 'ASMEGenerate base station key K 'eNB, according to the base
Stand key K 'eNBGenerate the encryption key K ' of point-to-point AS layers of RRC signalingRRCencWith tegrity protection key K 'RRCint, Yi Jiyong
Family face encryption key K 'UPenc;
Second point-to-point encryption/decryption element, in individual calling and group call uplink Establishing process, the encryption using NAS layers of signaling to be close
Key K 'NASencWith tegrity protection key K 'NASintEncryption and decryption and complete guarantor are carried out to point-to-point NAS signaling, use AS layers of RRC signaling
Encryption key K 'RRCencWith tegrity protection key K 'RRCintEncryption and decryption and complete guarantor are carried out to RRC signaling, Point-to-Point Data passes
Customer side encryption key K ' is used during defeatedUPencEncryption and decryption is carried out to user face data;
Second point-to-multipoint Key generating unit, for after receiving the cluster registration response that base station equipment issues, according to institute
Affiliated group of the terminal carried in cluster registration response and the corresponding lists for organizing root key are stated, the affiliated point-to-multipoint group root organized is obtained
Key GK 'ASME;According to described group of root key GK 'ASME, generate the encryption key GK ' of point-to-multipoint group NAS signalingNASencWith it is complete
Property protection key GK 'NASint, the also generation group base station key GK ' when group is exhaled and establishedeNB, according to described group of base station key GK 'eNBIt is raw
At the encryption key GK ' of AS layers of RRC signaling of point-to-multipoint groupRRCencWith tegrity protection key GK 'RRCintAnd downlink group is used
Family face encryption key GK 'UPenc;
Point-to-multipoint decryption unit during exhaling downlink data and signalling for group, uses the encryption of downlink group NAS signaling
Key GK 'NASencWith tegrity protection key GK 'NASintTo point-to-multipoint group NAS signaling be decrypted with complete guarantor, use a group AS
The encryption key GK ' of layer RRC signalingRRCencWith tegrity protection key GK 'RRCintTo a group RRC signaling be decrypted with complete guarantor, make
With a group customer side encryption key GK 'UPencDownlink user face data is exhaled to be decrypted group.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711027250.4A CN109729522A (en) | 2017-10-27 | 2017-10-27 | Eat dishes without rice or wine encryption method and device under fail soft mode |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711027250.4A CN109729522A (en) | 2017-10-27 | 2017-10-27 | Eat dishes without rice or wine encryption method and device under fail soft mode |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109729522A true CN109729522A (en) | 2019-05-07 |
Family
ID=66291942
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711027250.4A Pending CN109729522A (en) | 2017-10-27 | 2017-10-27 | Eat dishes without rice or wine encryption method and device under fail soft mode |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109729522A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021218851A1 (en) * | 2020-04-27 | 2021-11-04 | 华为技术有限公司 | Method and device for secure communication |
CN113645621A (en) * | 2020-04-27 | 2021-11-12 | 华为技术有限公司 | Secure communication method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102291680A (en) * | 2010-06-18 | 2011-12-21 | 普天信息技术研究院有限公司 | Encrypted group calling method based on long term evolution (TD-LTE) trunking communication system |
CN103686670A (en) * | 2013-12-09 | 2014-03-26 | 中国联合网络通信集团有限公司 | Secure transmission channel establishing method and device |
CN103813272A (en) * | 2012-11-14 | 2014-05-21 | 普天信息技术研究院有限公司 | Cluster group calling downlink transmission method |
CN104010276A (en) * | 2013-02-27 | 2014-08-27 | 中兴通讯股份有限公司 | Group key hierarchical management method and system for broadband cluster system, and terminal |
CN104735626A (en) * | 2013-12-20 | 2015-06-24 | 中兴通讯股份有限公司 | Achieving method and device for trunking group communication public security |
CN106162626A (en) * | 2015-04-20 | 2016-11-23 | 北京信威通信技术股份有限公司 | Group communication is eated dishes without rice or wine the methods, devices and systems of security control |
US20170164419A1 (en) * | 2013-07-04 | 2017-06-08 | Electronics And Telecommunications Research Instit Ute | Control method for supporting multiple connections in mobile communication system and apparatus for supporting multiple connections |
CN106998537A (en) * | 2016-01-25 | 2017-08-01 | 展讯通信(上海)有限公司 | The information transferring method and device of group-calling service |
-
2017
- 2017-10-27 CN CN201711027250.4A patent/CN109729522A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102291680A (en) * | 2010-06-18 | 2011-12-21 | 普天信息技术研究院有限公司 | Encrypted group calling method based on long term evolution (TD-LTE) trunking communication system |
CN103813272A (en) * | 2012-11-14 | 2014-05-21 | 普天信息技术研究院有限公司 | Cluster group calling downlink transmission method |
CN104010276A (en) * | 2013-02-27 | 2014-08-27 | 中兴通讯股份有限公司 | Group key hierarchical management method and system for broadband cluster system, and terminal |
US20170164419A1 (en) * | 2013-07-04 | 2017-06-08 | Electronics And Telecommunications Research Instit Ute | Control method for supporting multiple connections in mobile communication system and apparatus for supporting multiple connections |
CN103686670A (en) * | 2013-12-09 | 2014-03-26 | 中国联合网络通信集团有限公司 | Secure transmission channel establishing method and device |
CN104735626A (en) * | 2013-12-20 | 2015-06-24 | 中兴通讯股份有限公司 | Achieving method and device for trunking group communication public security |
CN106162626A (en) * | 2015-04-20 | 2016-11-23 | 北京信威通信技术股份有限公司 | Group communication is eated dishes without rice or wine the methods, devices and systems of security control |
CN106998537A (en) * | 2016-01-25 | 2017-08-01 | 展讯通信(上海)有限公司 | The information transferring method and device of group-calling service |
Non-Patent Citations (3)
Title |
---|
3RD GENERATION PARTNERSHIP PROJECT: "User Equipment (UE) conformance specification", 《3GPP TS 34.123-1 V12.5.0 (2016-09)》 * |
E. ABIRAMI ECT.: "Proficient key management scheme for multicast groups using group key agreement and broadcast encryption", 《2017 INTERNATIONAL CONFERENCE ON INFORMATION COMMUNICATION AND EMBEDDED SYSTEMS (ICICES)》 * |
张文建,彭建华,黄开枝: "一种基于空中接口和核心网协同的LTE系统密钥推演方法", 《计算机应用研究》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021218851A1 (en) * | 2020-04-27 | 2021-11-04 | 华为技术有限公司 | Method and device for secure communication |
CN113645621A (en) * | 2020-04-27 | 2021-11-12 | 华为技术有限公司 | Secure communication method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103179558B (en) | Group system group exhales encryption implementation method and system | |
CN104883217B (en) | A kind of method, system and the equipment of transmitting satellite message | |
CN106134231B (en) | Key generation method, equipment and system | |
CN109792689A (en) | Method and apparatus for executing paging in mobile communication system | |
CN101242630B (en) | Method, device and network system for secure algorithm negotiation | |
CN105323231B (en) | Security algorithm selection method, apparatus and system | |
CN108347420A (en) | A kind of method, relevant device and the system of netkey processing | |
CN111818516B (en) | Authentication method, device and equipment | |
CN112218287B (en) | Communication method and device | |
CN101931953A (en) | Method and system for generating safety key bound with device | |
EP3058693A1 (en) | Selection and use of a security agent for device-to-device (d2d) wireless communications | |
CN104885492B (en) | Intercepting device-to-device communications | |
CN104661184A (en) | Method and equipment for satellite communication | |
CN106998537B (en) | The information transferring method and device of group-calling service | |
CN115428498A (en) | Dissimilar user plane security | |
CN106162626A (en) | Group communication is eated dishes without rice or wine the methods, devices and systems of security control | |
CN113841443B (en) | Data transmission method and device | |
CN102612028B (en) | Method, system and device for configuration transmission and data transmission | |
US9479334B2 (en) | Method, system, and terminal for communication between cluster system encryption terminal and encryption module | |
CN101867930B (en) | Rapid authentication method for wireless Mesh network backbone node switching | |
US20220399950A1 (en) | Securing Downlink Control Information in Cellular Communication Networks | |
CN109729522A (en) | Eat dishes without rice or wine encryption method and device under fail soft mode | |
CN103813272A (en) | Cluster group calling downlink transmission method | |
CN102833739B (en) | Method, device and system for transmitting initial non access stratum messages | |
CN110035431A (en) | Information processing method and device, network entity and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20220909 |
|
AD01 | Patent right deemed abandoned |