CN110225518A - Method, terminal device and the network equipment of message transmission - Google Patents

Method, terminal device and the network equipment of message transmission Download PDF

Info

Publication number
CN110225518A
CN110225518A CN201910435828.2A CN201910435828A CN110225518A CN 110225518 A CN110225518 A CN 110225518A CN 201910435828 A CN201910435828 A CN 201910435828A CN 110225518 A CN110225518 A CN 110225518A
Authority
CN
China
Prior art keywords
key
terminal device
network
equipment
network security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910435828.2A
Other languages
Chinese (zh)
Inventor
杨宁
刘臻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN110225518A publication Critical patent/CN110225518A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/90Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Emergency Management (AREA)
  • Environmental & Geological Engineering (AREA)
  • Public Health (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A kind of method, terminal device and the network equipment of message transmission, this method comprises: terminal device receives key in network security;The terminal device is verified and/or is decrypted according to the key, to the particular message received.Therefore, terminal device is when confirming network security to network device requests key, and the network equipment sends the key for verifying and/or decrypting early warning information to terminal device by the network, to can obtain key in time also when terminal device is in the network of the safeties difference such as certain networks such as 2G or 3G to obtain early warning information.

Description

Method, terminal device and the network equipment of message transmission
This application claims in submission on July 13rd, 2018 Patent Office of the People's Republic of China, application number 201810772261.3, invention name Referred to as the priority of the Chinese patent application of " method, terminal device and the network equipment of message transmission ", entire contents pass through Reference is incorporated herein.
Technical field
The invention relates to the communications fields, and in particular to method, terminal device and the network of a kind of message transmission are set It is standby.
Background technique
When the natural calamities such as earthquake, heavy rain and other public accidents occur, public pre-warning information distribution center can be to The public issues rapidly early warning information in time, damages caused by mitigating when disaster occurs.
The actual complex property of Network status, how for complicated Network status transmission particular message, such as early warning Message is a urgent problem to be solved.
Summary of the invention
The embodiment of the present application provides method, terminal device and the network equipment of a kind of message transmission, when terminal device is at certain It is for example pre- to obtain particular message that key can be also obtained in time when in the networks of safeties difference such as a little networks such as 2G or 3G Alert message.
In a first aspect, providing a kind of method of message transmission, comprising: terminal device receives key in network security; The terminal device is verified and/or is decrypted according to the key, to the particular message received.
Therefore, terminal device is when confirming network security to network device requests key, and the network equipment passes through the net Network sends the key for verifying and/or decrypting early warning information to terminal device, thus when terminal device certain networks for example Also key can be obtained when in the network of the safeties such as 2G or 3G difference in time to obtain early warning information.
Second aspect provides a kind of method of message transmission, comprising: obtain key, wherein the key is used for terminal The particular message that equipment interconnection receives is verified and/or is decrypted;In network security, Xiang Suoshu terminal device sends described close Key.
Therefore, the network equipment sends in confirmation network security Shi Caixiang terminal device and disappears for verifying and/or decrypting early warning The key of breath, to can also be obtained in time when terminal device is in the network of the safeties difference such as certain networks such as 2G or 3G Key is to obtain early warning information.
The third aspect provides a kind of terminal device, which can execute above-mentioned first aspect or first aspect Any optional implementation in method.Specifically, the terminal device may include for execute above-mentioned first aspect or The functional module of method in any possible implementation of first aspect.
Fourth aspect provides a kind of network equipment, which can execute above-mentioned second aspect or second aspect Any optional implementation in method.Specifically, the network equipment may include for execute above-mentioned second aspect or The functional module of method in any possible implementation of second aspect.
5th aspect, provides a kind of terminal device, including processor and memory.The memory is for storing computer Program, the processor execute above-mentioned first aspect or first for calling and running the computer program stored in the memory Method in any possible implementation of aspect.
6th aspect, provides a kind of network equipment, including processor and memory.The memory is for storing computer Program, the processor execute above-mentioned second aspect or second for calling and running the computer program stored in the memory Method in any possible implementation of aspect
7th aspect, provides a kind of chip, for realizing above-mentioned first aspect or any possible reality of first aspect Method in existing mode.Specifically, which includes processor, for computer program to be called and run from memory, is made The equipment that the chip must be equipped with is executed such as the method in any possible implementation of above-mentioned first aspect or first aspect.
Eighth aspect provides a kind of chip, for realizing above-mentioned second aspect or any possible reality of second aspect Method in existing mode.Specifically, which includes processor, for computer program to be called and run from memory, is made The equipment that the chip must be equipped with is executed such as the method in any possible implementation of above-mentioned second aspect or second aspect.
9th aspect, provides a kind of computer readable storage medium, for storing computer program, the computer program So that computer executes the method in any possible implementation of above-mentioned first aspect or first aspect.
Tenth aspect, provides a kind of computer readable storage medium, for storing computer program, the computer program So that computer executes the method in any possible implementation of above-mentioned second aspect or second aspect.
On the one hand tenth, provides a kind of computer program product, including computer program instructions, which refers to It enables so that computer executes the method in any possible implementation of above-mentioned first aspect or first aspect.
12nd aspect, provides a kind of computer program product, including computer program instructions, which refers to It enables so that computer executes the method in any possible implementation of above-mentioned second aspect or second aspect.
13rd aspect, provides a kind of computer program, when run on a computer, so that computer executes State the method in any possible implementation of first aspect or first aspect.
Fourteenth aspect provides a kind of computer program, when run on a computer, so that computer executes State the method in any possible implementation of second aspect or second aspect.
Detailed description of the invention
Fig. 1 is the schematic figure according to the communication system of the embodiment of the present application.
Fig. 2 is the schematic flow chart according to the method for message transmission of the embodiment of the present application.
Fig. 3 is the schematic flow chart according to the method for message transmission of the embodiment of the present application.
Fig. 4 is the schematic block diagram according to the terminal device of the embodiment of the present application.
Fig. 5 is the schematic block diagram according to the network equipment of the embodiment of the present application.
Fig. 6 is the schematic block diagram according to the communication equipment of the embodiment of the present application.
Fig. 7 is the schematic block diagram according to the chip of the embodiment of the present application.
Fig. 8 is the schematic block diagram according to the communication system of the embodiment of the present application.
Specific embodiment
Below in conjunction with attached drawing, technical solutions in the embodiments of the present application is described.
The technical solution of the embodiment of the present application can be applied to various communication systems, such as: global system for mobile telecommunications (Global System of Mobile communication, GSM) system, CDMA (Code Division Multiple Access, CDMA) system, wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) system System, General Packet Radio Service (General Packet Radio Service, GPRS), long term evolution (Long Term Evolution, LTE) system, LTE frequency division duplex (Frequency Division Duplex, FDD) system, LTE time-division pair Work (Time Division Duplex, TDD) system, advanced long term evolution (Advanced long term evolution, LTE-A) system, new wireless (New Radio, NR) system, the evolution system of NR system, the LTE (LTE- in unlicensed spectrum Based access to unlicensed spectrum, LTE-U) system, the NR (NR-based in unlicensed spectrum Access to unlicensed spectrum, NR-U) system, Universal Mobile Communication System (Universal Mobile Telecommunication System, UMTS), global interconnection inserting of microwave (Worldwide Interoperability For Microwave Access, WiMAX) communication system, WLAN (Wireless Local Area Networks, WLAN), Wireless Fidelity (Wireless Fidelity, WiFi), next generation communication system or other communication systems etc..
Usually, the connection number that traditional communication system is supported is limited, is also easy to realize, however, with the communication technology Development, mobile communication system will not only support traditional communication, will also support for example, device-to-device (Device to Device, D2D) communication, machine to machine (Machine to Machine, M2M) communication, machine type communication (Machine Type Communication, MTC) and vehicle between (Vehicle to Vehicle, V2V) communication etc., the embodiment of the present application Also these communication systems be can be applied to.
Optionally, the communication system in the embodiment of the present application can be applied to carrier wave polymerization (Carrier Aggregation, CA) scene, it also can be applied to dual link (Dual Connectivity, DC) scene, can also be applied to Independent (Standalone, SA) arranges net scene.
Illustratively, the communication system 100 of the embodiment of the present application application is as shown in Figure 1.The wireless communication system 100 can be with Including the network equipment 110.The network equipment 110 can be the equipment with terminal equipment in communication.The network equipment 110 can be specific Geographic area provides communication overlay, and can be communicated with the terminal device being located in the overlay area.Optionally, the net Network equipment 100 can be the base station (Base Transceiver Station, BTS) in gsm system or cdma system, can also To be the base station (NodeB, NB) in WCDMA system, the evolved base station (Evolutional in LTE system can also be Node B, eNB or eNodeB) network side equipment or cloud Radio Access Network (Cloud in NR system Radio Access Network, CRAN) in wireless controller or the network equipment can be relay station, access point, vehicle Carry equipment, wearable device, the network side equipment in next generation network or the public land mobile network of the following evolution The network equipment etc. in (Public Land Mobile Network, PLMN).
The wireless communication system 100 further includes at least one terminal device in 110 coverage area of the network equipment 120.It include but is not limited to be connected via Wireline as " terminal device " as used herein, such as via public switch telephone network Network (Public Switched Telephone Networks, PSTN), digital subscriber line (Digital Subscriber Line, DSL), digital cable, Direct cable connection;And/or another data connection/network;And/or via wireless interface, e.g., For the number of cellular network, WLAN (Wireless Local Area Network, WLAN), such as DVB-H network TV network, satellite network, AM-FM broadcasting transmitter;And/or reception/transmission the communication that is configured to of another terminal device is believed Number device;And/or Internet of Things (Internet of Things, IoT) equipment.It is configured to the end by radio interface communication End equipment can be referred to as " wireless communication terminal ", " wireless terminal " or " mobile terminal ".
Terminal device 120 can be mobile or fixed.Optionally, terminal device 120 can refer to the accession to terminal, user Equipment (User Equipment, UE), subscriber unit, subscriber station, movement station, mobile station, remote station, remote terminal, movement are set Standby, user terminal, terminal, wireless telecom equipment, user agent or user apparatus.Access terminal can be cellular phone, wireless Phone, session initiation protocol (Session Initiation Protocol, SIP) phone, wireless local loop (Wireless Local Loop, WLL) it stands, personal digital assistant (Personal Digital Assistant, PDA), there is wireless communication The handheld device of function, mobile unit, wearable is set the other processing equipments for calculating equipment or being connected to radio modem Terminal device in standby, the following 5G network or the terminal device in the PLMN of the following evolution etc..Wherein, optionally, terminal is set Terminal direct-connected (Device to Device, D2D) communication can also be carried out between standby 120.
Specifically, the network equipment 110 can provide service, the transmission that terminal device 120 is used by the cell for cell Resource (for example, frequency domain resource, in other words, frequency spectrum resource) it is communicated with the network equipment 110, which can be the network equipment The corresponding cell in 110 (such as base stations), cell may belong to macro base station, and it is corresponding also to may belong to cell (Small cell) Base station, cell here may include: urban cells (Metro cell), Microcell (Micro cell), picocell (Pico cell), Femto cell (Femto cell) etc., these cells have the spy that coverage area is small, transmission power is low Point, suitable for providing the data transport service of high-speed.
Fig. 1 is the schematic figure according to the communication system of the embodiment of the present application.
In Fig. 1, when the natural calamities such as earthquake, heavy rain and other public accidents occur or before occurring, public pre-warning Information distribution center 120 can send early warning information to terminal device by the network 130 of operator, be used to indicate nature calamity Harmful or other public accidents generations will occur.
It wherein, can be to the early warning when early warning information is sent to terminal device by public pre-warning information distribution center 120 Message is encrypted and/or is added digital signature, to guarantee the unforgeable of message, and guarantees integrality.
Wherein, public pre-warning information distribution center 120 can will be used to that the early warning information to be decrypted and/or be verified Key be sent to terminal device, specifically terminal device can be sent this key to by server 110.
It is alternatively possible to the early warning information of transmission be encrypted and/or added digital label using rivest, shamir, adelman Name.
At this point, the key for encrypting and/or adding digital signature can be not equal to the key of decryption and/or verifying.
Then, public pre-warning information distribution center 120 can be directly by the encryption and/or the key transmission of addition digital signature To terminal device 140, and terminal device 140 can be obtained based on the key of the encryption and/or addition digital signature for decrypting And/or the key of verifying.
Alternatively, public pre-warning information publication 120 will can also directly encrypt and/or the key of addition digital signature is corresponding Key for decrypting and/or verifying is sent to terminal device.
It is of course also possible to use symmetric encipherment algorithm, at this point, key for encrypting and/or adding digital signature can be with Equal to the key of decryption and/or verifying.
Optionally, public pre-warning information distribution center 120 can be encrypted and/or be added to early warning information using private key Digital signature, the terminal device can use public key and early warning information are decrypted and/or verified.Wherein, public key and private key Key pair can be formed.
Optionally, in the embodiment of the present application, information (such as key or particular message) addition digital signature can be referred to Digital signature is generated based on the information.
For example, digital signature can be generated based on particular message and key.
It should be understood that communication system shown in FIG. 1 is only a kind of applicable scene of the embodiment of the present application, it should not be to the application Embodiment causes particularly to limit.For example, server 110 and public pre-warning information distribution center 120 can integrate in Fig. 1 Together etc..
Fig. 2 is the schematic flow chart according to the communication means 200 of the embodiment of the present application.Method described in Fig. 2 can be by Terminal device executes, which can be for example terminal device 140 shown in Fig. 1.As shown in Fig. 2, the message is transmitted Method 200 may comprise steps of in some or all of.Wherein:
In 210, terminal device receives key in network security.
In 220, terminal device is verified and/or is decrypted according to the key, to the particular message received.
Terminal device is when obtaining key for the particular message received is verified and/or decrypted, therefore, to assure that Oneself current network is safe, to obtain key in the network of safety.
The key for example can be public key, and network side can be updated with the period or aperiodically to the public key, eventually End equipment obtains updated public key in network security, and (in the embodiment of the present application, the key before update is also referred to as old key Or old key, updated key are also referred to as new key or new key), so as to use updated public key to receiving Particular message verified, to ensure the authenticity of the particular message, wherein the particular message, which includes network side, uses private key The signature of generation.
Optionally, if terminal device is according to the key, verifying and/or successful decryption are carried out to the particular message, then it can be with The particular message is exported to user, otherwise can not export the particular message.
For example, in 210, terminal device during carrying out voice communication and/or data are transmitted or after occurring, Obtain the key.
If terminal device is carrying out voice communication, it is considered that terminal device currently carries out the net of voice communication Network be it is safe, terminal device can obtain the key during voice communication carries out, such as pass through circuit switching The domain (Circuit Switch, CS) obtains the key.Certainly, if after the secondary voice communication, also think that network is temporary Shi Anquan's, then terminal device can also obtain the key by the network after voice communication.
If if terminal device is carrying out data transmission, it is considered that terminal device currently carries out voice communication Network be it is safe, terminal device can obtain the key during data are transmitted and carried out, such as pass through packet switch The domain (Packet Switch, PS) obtains the key.Certainly, if after the secondary the data transfer ends, also think that network is temporary Safety, then terminal device can also obtain the key by the network after the data transfer ends.
Since pseudo-base station etc. can not initiate normal talking, pseudo-base station cannot connect to core net, therefore terminal If equipment is in communication process, it is considered that the network used when terminal device is communicated be it is safe, So terminal device can obtain updated key in this communication process.When network side sends the particular message, terminal Equipment can using updated key pair, the particular message be verified in time, and is being proved to be successful rear line output The particular message.
The particular message for example can be above-mentioned early warning information.
The network that terminal device is currently somebody's turn to do for example can be 2G network or 3G network, due to the peace of 2G network or 3G network Full property is poor, therefore terminal device determination just goes to obtain the key in network security.But the embodiment of the present application is not limited to this. The method of the embodiment of the present application also can be applied to 4G or 5G network.
Optionally, in 210, terminal device receives key in network security, comprising: terminal device is in network security When, secret key request message is sent to network side, the secret key request message is for requesting the key;Terminal device receives network lateral root The key sent according to the secret key request message.
Specifically, terminal device can send key to key-distribution server by core net and ask in network security Message is sought, after which receives the secret key request message that terminal device is sent in network security, Ke Yigen According to the secret key request message, which is sent to terminal device by core net.
It should be understood that equipment of the core network is when judge network security, such as judge that terminal device has built up company with core net When connecing, when either judging that terminal device is carrying out voice communication or data transmission, core net can also distribute to key to be taken Business device sends secret key request message, i.e. core net replaces terminal device to request the key to key-distribution server.Key distribution After server receives the secret key request message that core net is sent in network security, it can be led to according to the secret key request message It crosses core net and sends the key to terminal device.
That is, the secret key request message can be after terminal device determines network security, oneself is sent to key The distribution server;Alternatively, be also possible to after equipment of the core network determines network security, from equipment of the core network to giving key distribution service Device sends the secret key request message and without terminal device.
When carrying out voice communication or data transmission every time in view of terminal device, if terminal device or equipment of the core network The key all is requested to key-distribution server, then may then bring unnecessary signaling overheads.
Therefore, optionally, terminal device sends secret key request message to network side, comprising: terminal is set in network security For at the end of network security and timer, the secret key request message is sent to network side.
Optionally, terminal device receives the configuration ginseng for the timer that key-distribution server or equipment of the core network are sent Number.The configuration parameter is for example including the starting time of the timer and/or timing length.
Optionally, terminal device can receive after updating while receiving key (the i.e. old key) before updating The corresponding timer of the key configuration parameter.
For example, terminal device can receive newly simultaneously when once sending old key on key-distribution server The configuration parameter of the corresponding timer of key, and at the end of the timer, new key is requested to key-distribution server.
When the timing length (can also claim timing duration) of the timer can for example be greater than or equal to the update of the key Between, it is greater than key-distribution server and sends the old key and send the time interval between the new key.
Therefore, in the embodiment of the present application, terminal device when confirming network security to network device requests key, and net Network equipment is sent to terminal device for verifying and/or decrypting the key of early warning information, to work as terminal device by the network Also key can be obtained when in the network of the safeties difference such as certain networks such as 2G or 3G in time to obtain early warning information.
Optionally, the key is the corresponding key in first area, and the terminal device is located in the first area.
Optionally, the first area includes at least one tracking area.
Optionally, in the region of the network-side service, it is corresponding for described specific that there are at least two regions The key that message is decoded or verifies is different.
Optionally, the network side is received the method also includes: terminal device send configuration information, the configuration information It is used to indicate at least one of the following: the mapping of the division mode in region, at least two regions and at least two keys The region that relationship and needs are decrypted and/or verify to the particular message.
Optionally, due to the complexity of network, for example, in the region of network device services, it can be that there are some areas Domain does not need to encrypt particular message and/or add digital signature, for example, in population than sparse region, this When pseudo-base station distribution it is less;And some regions need to encrypt particular message and/or add digital signature, for example, In the region that population is more intensive, pseudo-base station distribution at this time is more.For example, in order to avoid lawless people obtains spy in a certain region After the key for determining message, the particular message in other regions is destroyed or sent false particular message, then can be directed to Specific region sends key.
It should be understood that the key can be the key for being directly decrypted and/or verifying, and be also possible to obtain in method 200 Key for decrypting and/or verifying, (key is obtained for decrypting for decryption and/or verifying with realization to particular message And/or the key of verifying, it is understood that be the key for particular message to be decrypted and/or verified).
Optionally, in the embodiment of the present application, which can be public key, and the network equipment can be using private key to specific Key is added digital signature and/or encryption.
Optionally, the region that the embodiment of the present application is mentioned may include at least one cell, also may include at least one Tracking area perhaps may include the corresponding region at least one IP or the corresponding region of at least one gateway etc..
Optionally, in the embodiment of the present application, in the region of the network device services, there are at least two regions pair The key for the particular message to be decrypted and/or verified answered is different.
It should be understood that being identical there may also be the corresponding key in partial region.
Optionally, in the embodiment of the present application, network side can send configuration information to terminal device, which can To be used to indicate the division mode in the region, need region that the particular message is decrypted and/or is verified and described The corresponding relationship in region and the key.
Wherein, which can be sent to terminal device by way of broadcast, can also pass through non-broadcast message Mode be sent to terminal device.
Optionally, in the embodiment of the present application, the network equipment can be updated periodically each region for specific The key that message is decrypted and/or verifies.
Wherein, the week being updated for different regions, the key for being decrypted and/or verifying to particular message Phase can not be identical, for example, the region more intensive for population, then more can frequently update and carry out for particular message The key of decryption and/or verifying.
Optionally, in the embodiment of the present application, when periodically updating key, terminal device may be missed in order to prevent The key of update leads to not that the particular message received is decrypted and/or is verified, then at this point, in each sending cycle Key can be repeatedly sent, avoids the presence of the terminal missed to key.
Wherein, for different regions, the number that each sending cycle repeats to send key be can be different, for example, For the region of natural calamity frequent occurrence or public accident, then the number for repeating to send key in sending cycle can be more.
Optionally, the particular message of the embodiment of the present application can be early warning information, be also possible to other message, for example, can To be other to the higher message of security requirement.
Optionally, in the embodiment of the present application, the network equipment can terminal by way of broadcast, into first area Equipment sends the key.
Wherein, when being updated to the key, the key can also be updated by the way of broadcast.
Optionally, in the embodiment of the present application, the network equipment can also be point-to-point to first by the message of non-broadcasting Terminal device (can be arbitrary particular terminal device) sends the key.
Optionally, in the application implementation, the key is sent to the first terminal equipment of the first area described Before, the network equipment determines that the first terminal equipment does not receive the key, or does not send out to the first terminal equipment Pass through key.
Specifically, the network equipment may determine whether to be transmitted across key to first terminal equipment or first terminal equipment is It is no to receive the key, if the network equipment is transmitted across the key to the first terminal equipment or first terminal equipment receives The key is crossed, then no longer can send the key to first terminal equipment, if the network equipment is not sent out to the first terminal equipment It passes through the key or first terminal equipment did not received the key, then can send the key to first terminal.
Wherein, the network equipment can be according to itself record, it is determined whether it is transmitted across the key to first terminal equipment, or Person, the network equipment can determine whether first terminal equipment received the key according to the feedback of first terminal equipment.
Wherein, disappear in the feedback for feedback reception to the key for not receiving the first terminal equipment transmission When breath, the network equipment determines that first terminal equipment did not received the key.
Optionally, in the embodiment of the present application, the network equipment sends the key to first terminal equipment or is made whether The judgement for sending the key to first terminal equipment can be by least one triggering in following two event:
The network equipment determines that the first terminal equipment enters the first area;
And/or the network equipment receive that the first terminal equipment sends for requesting the request of the key to disappear Breath.
Optionally, in the embodiment of the present application, terminal device receives the network side for first area broadcast The particular message;Using the key, the particular message is decrypted and/or is verified.
Optionally, in the embodiment of the present application, the terminal device receive second area broadcast do not carry out encryption and/or Add the particular message of digital signature.
It should be understood that the particular message for not encrypted and/or being added digital signature in the embodiment of the present application, refers to The particular message of digital signature, namely " not " are not encrypted and/or are not added with for modifying encryption and addition number label Name.
Therefore, in the embodiment of the present application, for region sending zone it is corresponding for particular message be decrypted and/ Or the key of verifying, the transmission of key can be flexibly carried out based on region, can cope with complicated Network status.
Optionally, the terminal device receives key in network security, comprising: the terminal device receives the network The key of encryption and/or addition digital signature that side is sent;The terminal device is to encryption and/or adds digital signature The key is decrypted and/or verifies.
Optionally, the first key of described pair of encryption and/or addition digital signature is decrypted and/or verifies, and wraps Include: the terminal device is decrypted and/or verifies to the updated first key using the key before updating, To obtain the new key.
Optionally, the method also includes: the terminal device receive the network side send it is updated described close Key;The updated key that the terminal device utilizes the network side to send obtains the decryption and/or verifying The updated key is matched, with the accuracy of the updated key of determination.
In order to guarantee first key transmission safety, can be encrypted and/or be added digital signature to first key, And described first that encryption and/or addition digital signature can be sent at least one terminal device of the first area is close Key.
Wherein it is possible to new first key be encrypted and/or added using old first key digital signature generation Specific information is decrypted or verifies to the information of acquisition so that terminal device can use the old first key, obtains new First key.
Further, new first key can also be sent to terminal device simultaneously by the network equipment, then terminal device can It is matched with the new first key obtained based on specific information and from the received new first key of network side, if matching (namely the same), then it is assumed that new key is correct.
Optionally, the network equipment can send test post to terminal device, which, which can be, utilizes new the One key pair specific fields are encrypted and/or are added what digital signature obtained, terminal device after obtaining the test post, The new first key that can use acquisition is decrypted and/or verifies to the test post, and determines obtained specific fields With the specific fields that prestore whether be it is the same, if it is the same, then it is assumed that the new first key is correct.
Communication means provided by the embodiments of the present application, network can issue the first information, and the first information may include to new The information that is encrypted of key or the digital signature that is generated by new key, the first information that network side issues can also this Body is by encrypted information.Encryption or the mode for generating digital signature can be to be appointed by terminal device and network side 's.After terminal device once receives the first information, generation one can be decrypted newly to by encrypted information Key, terminal device is also possible to generate a new key according to digital signature, and further, terminal device can be by the The new key that the new key and terminal device for including in one information generate is matched, if successful match, i.e., the two is phase With, terminal device then thinks that the new key that includes in the first information is that correctly, that is to say can be used.Terminal is set The first information is decrypted in standby can also be, and therefrom obtains a new key and directly can be used.
Therefore, the communication means of the embodiment of the present application is conducive to improve the reliability for receiving particular message.
It optionally, in the embodiment of the present application, should if what the first information included is the digital signature generated by new key The first information can not have to include new key, and the new key that terminal device is generated according to data signature can be used directly.
Optionally, in the embodiment of the present application, terminal device and network side appoint to the first information carry out encryption and/ Or addition digital signature mode or new key is encrypted and/or is added the mode of digital signature and can be to first The linear function operation that information or new key carry out, network side are signed or are encrypted by y=f (x), wherein x can be with It is the first information or new key, f can be a kind of mapping relations, and y is the mapping by f to x, the lateral terminal device of network That issue is y, and f can be a kind of function being pre-stored in inside terminal device, and when terminal device receives y, terminal device is just X ' can be solved according to function f, if it is new key that x ', which is solved out, terminal device can be directly according to the x ' solved to subsequent Particular message verified, if x ' solution come out be the first information, some fingers in the first information can be used in terminal device Show and directly verifies the particular message that the new key pair for including in the first information is successfully received.
Below for signing and verify, optionally, in the embodiment of the present application, the digital signature that the first information includes can To be digital signature of the network equipment using the new key addition of old key pair.Terminal device receive the first information it Afterwards, new key can be generated by digital signature according to old key, further, terminal device can be by the new close of generation The new key carried in key and the first information is matched, if successful match, it may be considered that the first information carry it is new Key be correctly, it is subsequent can use the new key pair particular message be verified.
The process of encryption and decryption is same as above, for sake of simplicity, details are not described herein.
For encrypting and decrypt, optionally, in the embodiment of the present application, old key pair is can be used in the network equipment One information is encrypted, and terminal device is decrypted the first information after receiving the encrypted first information.It should The first information can also further include the information that instruction terminal equipment updates, deletes or add key.For example, first letter Breath can be the content of instruction " being+new key by key updating ", the first information or be also possible to indicate other information, So that terminal device is by the new key for including in the first information directly as the subsequent key verified to particular message.
Signature and the process of verifying are same as above, for sake of simplicity, details are not described herein.
Optionally, the network equipment can be same close for the key that the key and terminal device of encryption are used for decryption Key is also possible to a pair of secret keys.For example, public key is responsible for encryption, private key is responsible for decryption;Private key is responsible for signature, and public key is responsible for verifying. That is, the first information for using public key encryption is sent to terminal device by the network equipment, terminal device uses corresponding private The information received is decrypted in key;The first information for using private key signature is sent to terminal device, terminal by the network equipment Equipment verifies the first information received using corresponding public key.
Optionally, in the embodiment of the present application, which can be through broadcast message transmission, be also possible to lead to Non-broadcast message transmission is crossed, if sending by broadcast message, network side can be within the update cycle of key repeatedly to end End equipment sends the first information, to ensure that different terminal equipment obtains the synchronism of new key.If passing through non-broadcast message It sends, then network side can be through specific messages, and point-to-point mode is sent, and terminal device is receiving the first information Later, a response message can be fed back to network side, to tell network side terminal device to receive the first information.If net Network side does not receive the response message of the first information within a certain period of time, network side can again to terminal device send this One information, until network side receives the response message of the first information.
Fig. 3 is the schematic flow chart of the method for the message transmission of the embodiment of the present application.The method that Fig. 3 is somebody's turn to do can be by network Side executes.The network equipment can be server 110, public pre-warning information distribution center 120 and/or operator shown in FIG. 1 Network side equipment etc. in network 130.As shown in figure 3, the message transmission method 300 may comprise steps of in part Or all.Wherein:
In 310, obtain key, wherein the key for terminal device to the particular message received carry out verifying and/ Or decryption.
In 320, in network security, the key is sent to terminal device.
The network equipment is when sending key to terminal device, therefore, to assure that current network is safe, thus in safety Network in terminal device send key.
Optionally, in 320, in network security should send the key to terminal device, comprising: terminal device with When core net establishes connection, the key is sent to terminal device.
Alternatively, further, optionally, in 320, the key should be sent to terminal device in network security, wrapped It includes: during terminal device carries out voice communication and/or data are transmitted or after occurring, it is close to send this to terminal device Key.
Since pseudo-base station etc. can not initiate normal talking, pseudo-base station cannot connect to core net, therefore terminal If equipment is connected to core net, it may be considered that current network is safe, alternatively, if terminal device just It is in communication process, then it is considered that the network used when terminal device is communicated is safe, then terminal is set It is standby that updated key can be obtained in this communication process.When network side sends the particular message, terminal device can Using updated key pair, the particular message is verified in time, and specific is disappeared being proved to be successful rear line and exporting this Breath.
The particular message for example can be above-mentioned early warning information.
The network that terminal device is currently somebody's turn to do for example can be 2G network or 3G network, due to the peace of 2G network or 3G network Full property is poor, therefore terminal device determination just goes to obtain the key in network security.But the embodiment of the present application is not limited to this. The method of the embodiment of the present application also can be applied in 4G or 5G network.
Optionally, this method is executed by key-distribution server.It wherein, should be in network security, to terminal in 320 Before equipment sends the key, this method further include: the key-distribution server receives equipment of the core network and sends out in network security The secret key request message sent;Alternatively, the key request that the key-distribution server receiving terminal apparatus is sent in network security Message.Wherein, the secret key request message is for requesting the key.
In the embodiment, terminal device can be sent out by core net to key-distribution server when judging network security Secret key request message is sent, which receives the secret key request message that terminal device is sent in network security Afterwards, which can be sent to terminal device by core net according to the secret key request message.
When judging network security, core net can also send key request to key-distribution server and disappear equipment of the core network Breath, i.e. core net replace terminal device to request the key to key-distribution server.Key-distribution server receives core net It, can be according to the secret key request message, by core net to terminal device after the secret key request message sent in network security Send the key.
That is, the secret key request message can be after terminal device determines network security, oneself is sent to key The distribution server;Alternatively, be also possible to after equipment of the core network determines network security, from equipment of the core network to giving key distribution service Device sends the secret key request message and without terminal device.
Optionally, this method is executed by equipment of the core network.In 310, acquisition key, comprising: the equipment of the core network connects The key that key-distribution server is sent is received, and caches the key.
In the embodiment, key-distribution server can be sent after updating after more new key every time to equipment of the core network Key, i.e. new key has been handed down to equipment of the core network in advance, and equipment of the core network caches the key, and is determining network Safety for example determines that terminal device has connected core net or terminal device is carrying out voice communication or when data are transmitted, having Core net issues the key to terminal device.
When carrying out voice communication or data transmission every time in view of terminal device, if key-distribution server is all to end End equipment sends the key, then may then bring unnecessary signaling overheads.
Therefore, optionally, the key should be sent to terminal device, comprising: in network security and timing in network security At the end of device, the key is sent to terminal device.
Optionally, this method further include: the network equipment obtains the configuration parameter of the timer.
Optionally, the configuration parameter of the timer includes starting time and/or the timing length of the timer.
Optionally, the timing length of the timer is greater than or equal to the renewal time of the key.
Therefore, in the embodiment of the present application, the network equipment is sent in confirmation network security Shi Caixiang terminal device for verifying And/or the key of decryption early warning information, thus when terminal device is in the network of the safeties difference such as certain networks such as 2G or 3G When can obtain key in time also to obtaining early warning information.
Optionally, the key is the corresponding key in first area, and the terminal device is located in the first area.
Optionally, the first area includes at least one tracking area.
Optionally, in the region of network-side service, it is corresponding for the particular message that there are at least two regions The key for being decoded or verifying is different.
Optionally, the method also includes: Xiang Suoshu terminal devices to send configuration information, and the configuration information is used to indicate At least one of the following: the division mode in region, the mapping relations at least two region and at least two keys and need The region particular message is decrypted and/or is verified.
Optionally, described the key to be encrypted and/or added digital signature, comprising: to utilize described before updating Key is corresponding for encrypting and/or adding the network side key of digital signature, to the updated key carry out encryption and/ Or addition digital signature, wherein the key of transmission is the updated key.
Optionally, the method also includes: in the send encryption and/or addition digital signature and updated key While, send unencryption and/or the add digital signature and updated key.
Optionally, the method also includes: Xiang Suoshu terminal devices to send test post.Wherein, the test post by Updated private key is added digital signature, and the key is updated public key;Alternatively, after the test post is by updating Public key encrypted, the key be updated private key.
It should be understood that the detailed process that network side carries out message transmission can refer to the description in Fig. 2 to terminal device, in order to Succinctly, which is not described herein again.
It should also be understood that the explanation that the embodiment of the present application is carried out by taking key as an example, it should be appreciated that the embodiment of the present application is simultaneously unlimited In this, the key of the embodiment of the present application may be replaced by algorithm and (digital label be encrypted and/or added using cipher key pair information Name used by algorithm) namely the embodiment of the present application can use how to realize algorithm transmission (be specifically used for realize terminal side Algorithm update).
It should be noted that under the premise of not conflicting, in each embodiment described herein and/or each embodiment Technical characteristic can arbitrarily be combined with each other, obtained technical solution should also fall into the protection scope of the application after combination.
It should be understood that magnitude of the sequence numbers of the above procedures are not meant to execute suitable in the various embodiments of the application Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present application Process constitutes any restriction.
The communication means according to the embodiment of the present application has been described in detail above, below in conjunction with Fig. 4 to Fig. 8, has described root According to the device of the embodiment of the present application, technical characteristic described in embodiment of the method is suitable for following Installation practice.
Fig. 4 is the schematic block diagram according to the terminal device 400 of the embodiment of the present application.As shown in figure 4, the terminal device 400 include Transmit-Receive Unit 410 and processing unit 420.Wherein:
Receiving unit 410, for receiving key in network security;
Processing unit 420, for according to the key, the particular message received being verified and/or being decrypted.
Therefore, terminal device is when confirming network security to network device requests key, and the network equipment passes through the net Network sends the key for verifying and/or decrypting early warning information to terminal device, thus when terminal device certain networks for example Also key can be obtained when in the network of the safeties such as 2G or 3G difference in time to obtain early warning information.
Optionally, the Transmit-Receive Unit is specifically used for: during carrying out voice communication and/or data are transmitted or sending out After life, the key is obtained.
Optionally, the Transmit-Receive Unit 410 is specifically used for: in network security, secret key request message is sent to network side, The secret key request message is for requesting the key;Reception network side sends described close according to the secret key request message Key.
Optionally, the Transmit-Receive Unit 410 is specifically used for: at the end of network security and timer, sending to network side The secret key request message.
Optionally, the Transmit-Receive Unit 410 is also used to: receiving the configuration parameter of the timer.
Optionally, the Transmit-Receive Unit 410 is also used to: while receiving the key before updating, being received after updating The corresponding timer of the key configuration parameter.
Optionally, the configuration parameter of the timer includes starting time and/or the timing length of the timer.
Optionally, the timing length of the timer is greater than or equal to the renewal time of the key.
Optionally, the Transmit-Receive Unit 410 is also used to: if the terminal device according to the key, specific disappears to described Breath carries out verifying and/or successful decryption, then exports the particular message to user.
Optionally, the Transmit-Receive Unit 410 is specifically used for: receiving the encryption and/or addition number that the network side is sent The key of signature;The processing unit 420 is also used to: being solved to the key for encrypting and/or adding digital signature Close and/or verifying.
Optionally, the processing unit 420 is specifically used for: using the key before updating, to updated described the One key is decrypted and/or verifies, to obtain the new key.
Optionally, the Transmit-Receive Unit 410 is also used to: receiving the updated key that the network side is sent;Institute Processing unit 420 is stated to be also used to: the updated key sent using the network side, to the decryption and/or verifying The obtained updated key is matched, with the accuracy of the updated key of determination.
Optionally, the key is the corresponding key in first area, and the terminal device is located in the first area.
Optionally, the first area includes at least one tracking area.
Optionally, in the region of the network-side service, it is corresponding for described specific that there are at least two regions The key that message is decoded or verifies is different.
Optionally, the Transmit-Receive Unit 410 is also used to: terminal device receives the network side and sends configuration information, described Configuration information is used to indicate at least one of the following: the division mode in region, at least two region and at least two are close The mapping relations of key and the region for needing that the particular message is decrypted and/or is verified.
Optionally, the particular message is early warning information.
Optionally, the network includes 2G network or 3G network.
Optionally, the key for encrypting and/or adding digital signature is private key, the key for decrypting and/or verifying For public key.
It should be understood that the terminal device 400 can execute the corresponding operating executed in the above method 200 by terminal device, it is Succinct, details are not described herein.
Fig. 5 is the schematic block diagram according to the network equipment 500 of the embodiment of the present application.As shown in figure 5, the network equipment 500 include obtaining single 510 and Transmit-Receive Unit 520.Wherein:
Acquiring unit 510, for obtaining key, wherein the key is for terminal device to the particular message received It is verified and/or is decrypted;
Transmit-Receive Unit 520, in network security, Xiang Suoshu terminal device to send the key.
Therefore, the network equipment sends in confirmation network security Shi Caixiang terminal device and disappears for verifying and/or decrypting early warning The key of breath, to can also be obtained in time when terminal device is in the network of the safeties difference such as certain networks such as 2G or 3G Key is to obtain early warning information.
Optionally, the Transmit-Receive Unit 520 is specifically used for: when the terminal device and core net establish connection, to institute It states terminal device and sends the key.
Optionally, the Transmit-Receive Unit 520 is specifically used for: carrying out voice communication in the terminal device and/or data pass In defeated process or after occurring, Xiang Suoshu terminal device sends the key.
Optionally, the network equipment is key-distribution server, and the Transmit-Receive Unit 520 is also used to: Xiang Suoshu terminal Before equipment sends the key, receives the key request that equipment of the core network or the terminal device are sent in network security and disappear Breath, the secret key request message is for requesting the key.
Optionally, the network equipment is executed by equipment of the core network, the acquisition key, comprising: the equipment of the core network Receive the key that key-distribution server is sent.
Optionally, the Transmit-Receive Unit 520 is specifically used for: at the end of network security and timer, Xiang Suoshu terminal is set Preparation send the key.
Optionally, the acquiring unit 510 is also used to: obtaining the configuration parameter of the timer.
Optionally, the configuration parameter of the timer includes starting time and/or the timing length of the timer.
Optionally, the timing length of the timer is greater than or equal to the renewal time of the key.
Optionally, the network equipment further includes processing unit, is used for: to the terminal device send the key it Before, the key is encrypted and/or is added digital signature;The transmission unit is specifically used for: in network security, to institute State the key that terminal device sends encryption and/or addition digital signature.
Optionally, the processing unit is specifically used for: corresponding for encrypting and/or adding using the key before update The network side key for adding digital signature is encrypted and/or is added digital signature to the updated key, wherein is sent The key be the updated key.
Optionally, the Transmit-Receive Unit 520 is also used to: being encrypted and/or is added in transmission and is digital signature and updated While the key, unencryption is sent and/or the add digital signature and updated key.
Optionally, the key is the corresponding key in first area, and the terminal device is located in the first area.
Optionally, the first area includes at least one tracking area.
Optionally, in the region of network-side service, it is corresponding for the particular message that there are at least two regions The key for being decoded or verifying is different.
Optionally, the Transmit-Receive Unit 520 is also used to: Xiang Suoshu terminal device sends configuration information, the configuration information It is used to indicate at least one of the following: the mapping of the division mode in region, at least two regions and at least two keys The region that relationship and needs are decrypted and/or verify to the particular message.
Optionally, the particular message is early warning information.
Optionally, the network includes 2G network or 3G network.
Optionally, the key for encrypting and/or adding digital signature is private key, the key for decrypting and/or verifying For public key.
It should be understood that the communication equipment 500 can execute the corresponding operating executed in the above method 300 by the network equipment, it is Succinct, details are not described herein.
Fig. 6 is 600 schematic diagram of a kind of communication equipment provided by the embodiments of the present application.Communication equipment shown in fig. 6 600 include processor 610, and processor 610 can call from memory and run computer program, to realize that the application is implemented Method in example.
Optionally, as shown in fig. 6, communication equipment 600 can also include memory 620.Wherein, processor 610 can be from Computer program is called and run in memory 620, to realize the method in the embodiment of the present application.
Wherein, memory 620 can be an individual device independently of processor 610, also can integrate and is handling In device 610.
Optionally, as shown in fig. 6, communication equipment 600 can also include transceiver 630, processor 610 can control this Transceiver 630 is communicated with other equipment, specifically, can send information or data to other equipment, or receive other and set The information or data that preparation is sent.
Wherein, transceiver 630 may include transmitter and receiver.Transceiver 630 can further include antenna, day The quantity of line can be one or more.
Optionally, the terminal device of the communication equipment 600 concretely the embodiment of the present application, and the communication equipment 600 The corresponding process realized in each method of the embodiment of the present application by terminal device may be implemented, for sake of simplicity, no longer superfluous herein It states.
Optionally, the network equipment of the communication equipment 600 concretely the embodiment of the present application, and the communication equipment 600 The corresponding process realized in each method of the embodiment of the present application by the network equipment may be implemented, for sake of simplicity, no longer superfluous herein It states.
Fig. 7 is the schematic diagram of the chip of the embodiment of the present application.Chip 700 shown in Fig. 7 includes processor 710, Processor 710 can call from memory and run computer program, to realize the method in the embodiment of the present application.
Optionally, as shown in fig. 7, chip 700 can also include memory 720.Wherein, processor 710 can be from storage Computer program is called and run in device 720, to realize the method in the embodiment of the present application.
Wherein, memory 720 can be an individual device independently of processor 710, also can integrate and is handling In device 710.
Optionally, which can also include input interface 730.Wherein, processor 710 can control the input and connect Mouth 730 is communicated with other equipment or chip, specifically, the information or data of available other equipment or chip transmission.
Optionally, which can also include output interface 740.Wherein, processor 710 can control the output and connect Mouth 740 is communicated with other equipment or chip, specifically, can be to other equipment or chip output information or data.
Optionally, which can be applied to the terminal device in the embodiment of the present application, and this Shen may be implemented in the chip The corresponding process that please be realized by terminal device in each method of embodiment, for sake of simplicity, details are not described herein.
Optionally, which can be applied to the network equipment in the embodiment of the present application, and this Shen may be implemented in the chip The corresponding process that please be realized by the network equipment in each method of embodiment, for sake of simplicity, details are not described herein.
It should be understood that the chip that the embodiment of the present application is mentioned can also be known as system level chip, System on Chip/SoC, chip system or On-chip system chip etc..
It should be understood that the processor of the embodiment of the present application may be a kind of IC chip, the processing capacity with signal. During realization, each step of above method embodiment can be by the integrated logic circuit of the hardware in processor or soft The instruction of part form is completed.Above-mentioned processor can be general processor, digital signal processor (Digital Signal Processor, DSP), it is specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing At programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete Door or transistor logic, discrete hardware components.It may be implemented or execute the disclosed each side in the embodiment of the present application Method, step and logic diagram.General processor can be microprocessor or the processor is also possible to any conventional processing Device etc..The step of method in conjunction with disclosed in the embodiment of the present application, can be embodied directly in hardware decoding processor and execute completion, Or in decoding processor hardware and software module combination execute completion.Software module can be located at random access memory, dodge It deposits, read-only memory, this fields such as programmable read only memory or electrically erasable programmable memory, register are mature to deposit In storage media.The storage medium is located at memory, and processor reads the information in memory, completes the above method in conjunction with its hardware The step of.
It is appreciated that the memory in the embodiment of the present application can be volatile memory or nonvolatile memory, or It may include both volatile and non-volatile memories.Wherein, nonvolatile memory can be read-only memory (Read- Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), the read-only storage of erasable programmable Device (Erasable PROM, EPROM), electrically erasable programmable read-only memory (Electrically EPROM, EEPROM) or Flash memory.Volatile memory can be random access memory (Random Access Memory, RAM), be used as external high Speed caching.By exemplary but be not restricted explanation, the RAM of many forms is available, such as static random access memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data Rate SDRAM, DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronized links Dynamic random access memory (Synchlink DRAM, SLDRAM) and direct rambus random access memory (Direct Rambus RAM, DR RAM).It should be noted that the memory of system and method described herein be intended to include but be not limited to these and The memory of any other suitable type.
It should be understood that above-mentioned memory is exemplary but is not restricted explanation, for example, the memory in the embodiment of the present application Can also be static random access memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), Double Data Rate synchronous dynamic random Access memory (Double Data Rate SDRAM, DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronized links dynamic random access memory (Synch Link DRAM, SLDRAM) with And direct rambus random access memory (Direct Rambus RAM, DR RAM) etc..That is, the application is real Apply the memory that the memory in example is intended to include but is not limited to these and any other suitable type.
Fig. 8 is the schematic block diagram according to the communication system 800 of the embodiment of the present application.As shown in figure 8, the communication system 800 include terminal device 810 and the network equipment 820.
Wherein, which receives key in network security for terminal device;
The terminal device is verified and/or is decrypted according to the key, to the particular message received.
Wherein, which is used for: obtaining key, wherein the key is for terminal device to the spy received Determine message to be verified and/or decrypted;In network security, Xiang Suoshu terminal device sends the key.
Wherein, which can be used to implement the corresponding function realized in the above method 200 by terminal device The composition of energy and the terminal device 810 can be as shown in the terminal device 400 in Fig. 4, for sake of simplicity, details are not described herein.
Wherein, which can be used to implement the corresponding function realized in the above method 300 by the network equipment The composition of energy and the network equipment 820 can be as shown in the network equipment 500 in Fig. 5, for sake of simplicity, details are not described herein.
The embodiment of the present application also provides a kind of computer readable storage mediums, for storing computer program.Optionally, The computer readable storage medium can be applied to the network equipment in the embodiment of the present application, and the computer program to calculate Machine executes the corresponding process realized in each method of the embodiment of the present application by the network equipment, for sake of simplicity, details are not described herein. Optionally, which can be applied to the terminal device in the embodiment of the present application, and the computer program So that computer executes the corresponding process realized in each method of the embodiment of the present application by terminal device, for sake of simplicity, herein It repeats no more.
The embodiment of the present application also provides a kind of computer program products, including computer program instructions.Optionally, the meter Calculation machine program product can be applied to the network equipment in the embodiment of the present application, and the computer program instructions hold computer The corresponding process realized in each method of row the embodiment of the present application by the network equipment, for sake of simplicity, details are not described herein.It is optional Ground, which can be applied to the terminal device in the embodiment of the present application, and the computer program instructions make Computer executes the corresponding process realized in each method of the embodiment of the present application by terminal device, for sake of simplicity, herein no longer It repeats.
The embodiment of the present application also provides a kind of computer programs.Optionally, which can be applied to the application The network equipment in embodiment, when the computer program is run on computers, so that computer executes the embodiment of the present application Each method in by the network equipment realize corresponding process, for sake of simplicity, details are not described herein.Optionally, the computer journey Sequence can be applied to the terminal device in the embodiment of the present application, when the computer program is run on computers, so that computer The corresponding process realized in each method of the embodiment of the present application by terminal device is executed, for sake of simplicity, details are not described herein.
It should be understood that the terms " system " and " network " is often used interchangeably herein.The terms " and/ Or ", only a kind of incidence relation for describing affiliated partner, indicates may exist three kinds of relationships, for example, A and/or B, it can be with table Show: individualism A exists simultaneously A and B, these three situations of individualism B.In addition, character "/" herein, typicallys represent front and back Affiliated partner is a kind of relationship of "or".
It should also be understood that in embodiments of the present invention, " B of (correspondence) corresponding to A " expression B is associated with A, can be with according to A Determine B.It is also to be understood that determine that B is not meant to determine B only according to A according to A, it can also be according to A and/or other information Determine B.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed Scope of the present application.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit is drawn Point, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some interfaces, the INDIRECT COUPLING of device or unit Or communication connection, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
Each functional unit in each embodiment of the application can integrate in one processing unit, be also possible to each list Member physically exists alone, and can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of the steps. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), arbitrary access are deposited The various media that can store program code such as reservoir (Random Access Memory, RAM), magnetic or disk.
The above, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, it is any Those familiar with the art within the technical scope of the present application, can easily think of the change or the replacement, and should all contain Lid is within the scope of protection of this application.Therefore, the protection scope of the application shall be subject to the protection scope of the claim.

Claims (19)

1. a kind of method of message transmission, which is characterized in that the described method includes:
Terminal device receives key in network security;
The terminal device is verified and/or is decrypted according to the key, to the particular message received.
2. being wrapped the method according to claim 1, wherein the terminal device receives key in network security It includes:
When determining that the terminal device and core net establish connection, the key is obtained.
3. method according to claim 1 or 2, which is characterized in that the terminal device receives key in network security, Include:
The terminal device obtains the key during carrying out voice communication and/or data are transmitted or after occurring.
4. according to the method in any one of claims 1 to 3, which is characterized in that the terminal device is in network security Receive key, comprising:
The terminal device sends secret key request message in network security, to network side, and the secret key request message is for asking Seek the key;
The terminal device receives the key that network side is sent according to the secret key request message.
5. according to the method described in claim 4, it is characterized in that, the terminal device in network security, is sent out to network side Send secret key request message, comprising:
The terminal device sends the secret key request message at the end of network security and timer, to network side.
6. according to the method described in claim 5, it is characterized in that, the method also includes:
The terminal device receives the configuration parameter of the timer.
7. according to the method described in claim 6, it is characterized in that, the method also includes:
It is corresponding described fixed to receive the updated key while receiving the key before updating for the terminal device When device configuration parameter.
8. method according to any one of claims 5 to 7, which is characterized in that the timing length of the timer is greater than Or the renewal time equal to the key.
9. method according to any one of claim 1 to 8, which is characterized in that the method also includes:
If the terminal device carries out verifying and/or successful decryption according to the key, to the particular message, then defeated to user The particular message out.
10. method according to any one of claim 1 to 9, which is characterized in that the particular message is early warning information.
11. a kind of method of message transmission, which is characterized in that the described method includes:
Obtain key, wherein the key is verified and/or decrypted to the particular message received for terminal device;
In network security, Xiang Suoshu terminal device sends the key.
12. according to the method for claim 11, which is characterized in that described in network security, Xiang Suoshu terminal device hair Send the key, comprising:
When determining that the terminal device and core net establish connection, Xiang Suoshu terminal device sends the key.
13. method according to claim 11 or 12, which is characterized in that described in network security, Xiang Suoshu terminal is set Preparation send the key, comprising:
During the terminal device carries out voice communication and/or data are transmitted or after occurring, Xiang Suoshu terminal device Send the key.
14. method described in any one of 1 to 13 according to claim 1, which is characterized in that the method is distributed by key to be serviced Device executes,
It is described in network security, before Xiang Suoshu terminal device sends the key, the method also includes:
The key-distribution server receives the key request that equipment of the core network or the terminal device are sent in network security Message, the secret key request message is for requesting the key.
15. method described in any one of 1 to 14 according to claim 1, which is characterized in that the method is held by equipment of the core network Row, the acquisition key, comprising:
The equipment of the core network receives the key that key-distribution server is sent.
16. method described in any one of 1 to 15 according to claim 1, which is characterized in that it is described in network security, to institute It states terminal device and sends the key, comprising:
At the end of network security and timer, Xiang Suoshu terminal device sends the key.
17. a kind of terminal device, which is characterized in that the terminal device includes processor and memory, and the memory is used for Computer program is stored, the processor is for calling and running the computer program stored in the memory, with right of execution Benefit require any one of 1 to 10 described in method.
18. a kind of network equipment, which is characterized in that the network equipment includes processor and memory, and the memory is used for Computer program is stored, the processor is for calling and running the computer program stored in the memory, with right of execution Benefit require any one of 11 to 16 described in method.
19. a kind of computer readable storage medium, which is characterized in that for storing computer program, the computer program makes Method of the computer execution as described in any one of claims 1 to 10 is obtained, or such as any one of claim 11 to 16 institute The method stated.
CN201910435828.2A 2018-07-13 2019-05-23 Method, terminal device and the network equipment of message transmission Pending CN110225518A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2018107722613 2018-07-13
CN201810772261 2018-07-13

Publications (1)

Publication Number Publication Date
CN110225518A true CN110225518A (en) 2019-09-10

Family

ID=67817880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910435828.2A Pending CN110225518A (en) 2018-07-13 2019-05-23 Method, terminal device and the network equipment of message transmission

Country Status (1)

Country Link
CN (1) CN110225518A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023024948A1 (en) * 2021-08-24 2023-03-02 华为技术有限公司 Method and apparatus for determining position

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101291244A (en) * 2007-04-16 2008-10-22 深圳市维信联合科技有限公司 Network security management method and system thereof
WO2010118571A1 (en) * 2009-04-15 2010-10-21 华为技术有限公司 Method, apparatus and system for receiving public warning system (pws) messages
CN101938740A (en) * 2009-07-02 2011-01-05 中兴通讯股份有限公司 Information issuing method and system for earthquake tsunami alarm system
CN102611553A (en) * 2011-01-25 2012-07-25 华为技术有限公司 Method for realizing digital signature, user equipment and core network node equipment
CN102833743A (en) * 2011-06-17 2012-12-19 中兴通讯股份有限公司 Sending method, updating method and corresponding equipment for key updating information of public warning system (PWS)
CN103220667A (en) * 2012-01-19 2013-07-24 中兴通讯股份有限公司 Method, device and system for verifying public warning system (PWS) signing information

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101291244A (en) * 2007-04-16 2008-10-22 深圳市维信联合科技有限公司 Network security management method and system thereof
WO2010118571A1 (en) * 2009-04-15 2010-10-21 华为技术有限公司 Method, apparatus and system for receiving public warning system (pws) messages
CN101938740A (en) * 2009-07-02 2011-01-05 中兴通讯股份有限公司 Information issuing method and system for earthquake tsunami alarm system
CN102611553A (en) * 2011-01-25 2012-07-25 华为技术有限公司 Method for realizing digital signature, user equipment and core network node equipment
CN102833743A (en) * 2011-06-17 2012-12-19 中兴通讯股份有限公司 Sending method, updating method and corresponding equipment for key updating information of public warning system (PWS)
CN103220667A (en) * 2012-01-19 2013-07-24 中兴通讯股份有限公司 Method, device and system for verifying public warning system (PWS) signing information

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023024948A1 (en) * 2021-08-24 2023-03-02 华为技术有限公司 Method and apparatus for determining position

Similar Documents

Publication Publication Date Title
EP1878285B1 (en) Fast user plane establishment in a telecommunications network
EP2845362B1 (en) Secure communications for computing devices utilizing proximity services
CN104661216B (en) The method and WTRU of NAS message are transmitted in WTRU
US8295488B2 (en) Exchange of key material
EP2903322B1 (en) Security management method and apparatus for group communication in mobile communication system
CN110830989B (en) Communication method and device
CN101917711B (en) A kind of method of mobile communication system and voice call encryption thereof
CN109040976B (en) Data transmission method and equipment
CN107710801A (en) Exempt from method, user equipment, access network equipment and the equipment of the core network of authorized transmissions
US20110130119A1 (en) Staging a mobile device to an enterprise network securely using voice channel of a wireless wide area network (wwan)
CN108293223A (en) A kind of data transmission method, user equipment and network side equipment
CN113543126B (en) Key obtaining method and device
CN109768861B (en) Massive D2D anonymous discovery authentication and key agreement method
CN109246696B (en) Key processing method and related device
WO2017133021A1 (en) Security processing method and relevant device
CN102036230A (en) Method for implementing local route service, base station and system
US20240080316A1 (en) Methods and apparatus for provisioning, authentication, authorization, and user equipment (ue) key generation and distribution in an on-demand network
CN108156604B (en) Group calling encryption transmission method and device of cluster system, cluster terminal and system
CN110234102A (en) Communication means and equipment
WO2022134089A1 (en) Method and apparatus for generating security context, and computer-readable storage medium
US12069471B2 (en) Handling of NAS container in registration request at AMF re-allocation
EP2790377A1 (en) Apparatus and methods for key generation
CN110225518A (en) Method, terminal device and the network equipment of message transmission
CN107872793B (en) Base station identification method, terminal and server
CN107529159B (en) Access layer encryption, decryption and integrity protection method and device for broadband cluster downlink shared channel and security implementation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190910

RJ01 Rejection of invention patent application after publication