CN115278669A - VoLTE encrypted communication call connection method, network, system and storage medium - Google Patents

VoLTE encrypted communication call connection method, network, system and storage medium Download PDF

Info

Publication number
CN115278669A
CN115278669A CN202110473877.2A CN202110473877A CN115278669A CN 115278669 A CN115278669 A CN 115278669A CN 202110473877 A CN202110473877 A CN 202110473877A CN 115278669 A CN115278669 A CN 115278669A
Authority
CN
China
Prior art keywords
user
session key
identity
volte
call
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110473877.2A
Other languages
Chinese (zh)
Inventor
郭茂文
卢燕青
张�荣
黎艳
郭建昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202110473877.2A priority Critical patent/CN115278669A/en
Publication of CN115278669A publication Critical patent/CN115278669A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/16Communication-related supplementary services, e.g. call-transfer or call-hold
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1096Supplementary features, e.g. call forwarding or call holding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The disclosure provides a call connection method, a network and a system for VoLTE encrypted communication and a storage medium, and relates to the technical field of mobile communication. The call connection method for VoLTE encrypted communication disclosed by the invention comprises the following steps: under the condition that a first user is switched out of an LTE network, a key management service node KMS locally inquires a session key of VoLTE encrypted conversation between the first user and a second user before network switching according to the identity of the first user and the identity of the second user, and sends the session key and the identity of the second user to an enhanced mobile switching center Server eMSC Server corresponding to the first user; the eMSC Server initiates a call request to the second user so that the terminal of the second user can inquire a session key before network switching; the eMSC Server sends the session key to a circuit switching domain CS media gateway MGW so that the first user and the second user can carry out VoLTE encrypted communication based on the session key. By the method, the time required by synchronizing the session key is shortened, the session continuing efficiency is improved, and the continuity of the conversation is improved.

Description

VoLTE encrypted communication call connection method, network, system and storage medium
Technical Field
The present disclosure relates to the field of mobile communications technologies, and in particular, to a call connection method, a network, a system, and a storage medium for Voice over Long-Term Evolution (VoLTE-Term Evolution) encrypted communication.
Background
In a scenario where the LTE Network cannot fully cover, when a user moves to an area where LTE signals are weak but GERAN (GSM EDGE Radio Access Network, GSM/EDGE wireless communication Network)/UTRAN (UMTS Terrestrial Radio Access Network) Network signals cover well in a VoLTE Voice Call process using the LTE Network, in order to ensure VCC (Voice Call Continuity), a Call path needs to be switched from LTE to GERAN/UTRAN.
The service continuity of the mobile terminal of the existing network is based on a Single Radio mode, namely a dual-mode Single-standby mode. Therefore, 3GPP proposes an SRVCC (Single Radio Voice Call Continuity)/eSRVCC scheme to adapt to such a service scenario.
Disclosure of Invention
An object of the present disclosure is to improve continuity and continuation efficiency of a user's call.
According to an aspect of some embodiments of the present disclosure, a call connection method for VoLTE encrypted communication is provided, including: in the process of a first user and a second user communicating through a VoLTE encrypted session, when the first user switches out of an LTE network, a KMS (Key Management Service) locally queries a session Key of the VoLTE encrypted session between the first user and the second user before the network Switching according to an identity of the first user and an identity of the second user, and sends the session Key and the identity of the second user to an eMSC Server (enhanced Mobile Switching center Server) corresponding to the first user; the eMSC Server initiates a call request to a second user, wherein the call request comprises synchronous session key indication information and an identity of a first user, so that a terminal of the second user can inquire a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user; the eMSC Server transmits the session key to a CS (Circuit Switched) MGW (Media Gateway) so that the first user and the second user perform VoLTE encrypted communication based on the session key.
In some embodiments, after the first user hands off the LTE network, the first user and the second user perform VoLTE encrypted communication based on the session key, including: CS domain non-encrypted communication is adopted between the terminal of the first user and the CS MGW; the CS MGW communicates with the second user terminal by using PS (Packet Switched) domain encryption.
In some embodiments, in the VoLTE encrypted call process, when the first user switches out of the LTE network, the method further includes: the eMSC Server sends a session key request to the KMS, wherein the session key request comprises the identity of the first user and switching indication information; the KMS queries, according to the identity of the first user and the handover instruction information, an identity of a second user from an SCC AS (Service centralized and Continuity Application Server), so AS to obtain a session key according to the identity of the first user and the identity of the second user.
In some embodiments, the eMSC Server initiating the call request to the called subscriber comprises: the eMSC Server sends a call request to the SCC AS, and the SCC AS forwards the call request to a second user; the call connection method of the VoLTE encrypted communication further comprises the following steps: and the SCC AS feeds back the call response to the eMSC Server corresponding to the first user under the condition of receiving the call response fed back by the second user, so that the eMSC Server can confirm that the session key is synchronized.
In some embodiments, the KMS sending the session key and the identity of the second user to the eMSC Server includes: the KMS encrypts the session key and the identity of the second user by a preset shared key and then sends the encrypted data to the eMSC Server; the call connection method of the VoLTE encrypted communication further comprises the following steps: the eMSC Server decrypts the encrypted data according to the preset shared key to acquire the session key and the identity of the second user.
In some embodiments, STN-SR (Session Transfer Number-Single Radio) information is also included in the Session key request; the KMS querying the SCC AS for the identity of the second user according to the identity of the first user includes: the KMS determines the address of the corresponding SCC AS according to the STN-SR information; and sending a query request to an address of the SCC AS, wherein the query request comprises the identity of the first user and the switching indication information.
By the method, when a user adopting VoLTE encrypted communication leaves the LTE network during the conversation, the session key before network switching can be acquired and used after the network switching without applying a new session key to the KMS, so that the time required by synchronizing the session key is shortened, the conversation continuing efficiency is improved, and the conversation continuity is improved.
According to an aspect of some embodiments of the present disclosure, a call connection network for VoLTE encrypted communication is provided, including: the system comprises a KMS, a first user and a second user, wherein the KMS is configured to locally inquire a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to an identity of the first user and an identity of the second user when the first user is switched out of an LTE network in the VoLTE encrypted conversation process of the first user and the second user, and send the session key and the identity of the second user to an eMSC Server corresponding to the first user; the eMSC Server is configured to initiate a call request to a second user, wherein the call request comprises synchronous session key indication information and an identity of the first user, so that a terminal of the second user queries a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user; sending the session key to CS MGW; and the CS MGW is configured to receive the session key from the eMSC Server so that the first user and the second user can perform VoLTE encrypted communication based on the session key.
In some embodiments, the CS MGW is further configured to: CS domain non-encrypted communication is adopted between the terminal and the first user; and PS domain encrypted communication is adopted between the terminal and the second user.
In some embodiments, the eMSC Server is further configured to send a session key request to the KMS in a case where the first user is handed off from the LTE network, where the session key request includes the identity of the first user and handover indication information; the KMS is configured to inquire the identity of a second user to the SCC AS according to the identity of the first user and the switching indication information; the call connection network for the VoLTE encrypted communication further comprises an SCC AS configured to locally query an identity of a second user performing VoLTE encrypted communication with the first user according to the identity of the first user and feed back the identity to the KMS, when receiving a query request including the handover indication information.
In some embodiments, the eMSC Server is configured to send the call request to the SCC AS for the SCC AS to forward the call request to the second user; an SCC AS configured to forward the call request to the second user; and under the condition of receiving the call response fed back by the second user, feeding back the call response to the eMSC Server corresponding to the first user so that the eMSC Server confirms that the session key is synchronized.
In some embodiments, the session key request further includes STN-SR information; the KMS is configured to determine the address of a corresponding SCC AS according to the STN-SR information; and sending a query request to an address of the SCC AS, wherein the query request comprises the identity of the first user and the switching indication information.
In the process of supporting the user conversation adopting VoLTE encrypted communication, when one party leaves the LTE network, the network can acquire the session key before network switching and continue to be used after the network switching, a new session key does not need to be applied to the KMS, the time required by synchronizing the session key is shortened, the session continuing efficiency is improved, and the conversation continuity is improved.
According to an aspect of further embodiments of the present disclosure, a computer-readable storage medium is proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of any of the above call connection methods for VoLTE encrypted communication.
According to an aspect of some embodiments of the present disclosure, a call connection system for VoLTE encrypted communication is provided, including: any one of the call connection networks for VoLTE encrypted communication in the foregoing; and a terminal configured to: receiving a call request from an eMSC Server; under the condition that the call request comprises synchronous session key indication information, inquiring a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user in the call request; and feeding back a call response to the eMSC Server.
The conversation connection system can acquire the session key before network switching and continue to be used after network switching when a party leaves the LTE network in the conversation process of the user adopting VoLTE encryption communication, does not need to apply a new session key to the KMS, shortens the time required by synchronizing the session key, improves the conversation connection efficiency and improves the continuity of the conversation.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this disclosure, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure and not to limit the disclosure. In the drawings:
fig. 1 is a schematic diagram of a KMS scheme for end-to-end VoLTE voice encryption communication in the related art.
Fig. 2 is a flowchart of some embodiments of a call connection method of VoLTE encrypted communication according to the present disclosure.
Fig. 3 is a flowchart of another embodiment of a call connection method for VoLTE encrypted communication according to the present disclosure.
Fig. 4 is a signaling interaction diagram of some embodiments of a call connection method of VoLTE encrypted communication according to the present disclosure.
Fig. 5 is a schematic diagram of some embodiments of a talk-through network for VoLTE encrypted communications according to the present disclosure.
Fig. 6 is a schematic diagram of some embodiments of a call continuation system for VoLTE encrypted communications according to the present disclosure.
Detailed Description
The technical solution of the present disclosure is further described in detail by the accompanying drawings and embodiments.
For VoLTE voice encryption communication services, the 3gpp ts33.328 specification specifies an IMS media plane security solution, wherein a scheme suitable for VoLTE voice encryption is mainly an end-to-end KMS (Key Management Service) scheme, as shown in fig. 1.
The basic idea of the KMS scheme is to generate a session key and an encrypted Ticket (Ticket) through the KMS, and the KMS is used as a third-party server and is responsible for providing functions such as security and user authentication, and issuing the Ticket and analyzing the Ticket to ensure that a calling party and a called party can safely obtain a shared key (Masterkey) of the VoLTE session.
In the VoLTE encrypted call process, when one party in the call is switched from the LTE network of the PS domain to the 2G/3G network of the CS domain, the corresponding eMSC Server needs to apply for a new session key and ticket to the KMS, as shown in 101 and 102 in fig. 1; then ticket is sent to the other party by initiating an SIP call to the other party of the call, as shown at 103 in fig. 1; the other party of the call acquires the session key from the KMS through ticket, as shown at 104 and 105 in FIG. 1, and further realizes the matching of the session key at 106, and the session is continued. In addition, the eMSC Server also needs to transfer the session key to the CS MGW, so as to implement the session key synchronization after SRVCC/eSRVCC switching, and the media plane security from the CS MGW to the other party of the call.
In this process, the KMS regenerates the session key, and both parties need to go back to the KMS to acquire a new session key.
A flowchart of some embodiments of a call continuation method of VoLTE encrypted communication of the present disclosure is shown in fig. 2.
In step 201, in the process of the VoLTE encrypted call between the first user and the second user, when the first user switches out of the LTE network, the KMS locally queries the session key of the VoLTE encrypted call between the first user and the second user before the network switch according to the identity of the first user and the identity of the second user.
In some embodiments, the eMSC Server corresponding to the first user may initiate an operation of looking up the session key to the KMS. In some embodiments, the eMSC Server may send a session key request to the KMS, where the session key request includes an identity of the first user and handover indication information, and the KMS determines that an operation of querying the session key needs to be performed according to the handover indication information.
In some embodiments, after receiving the session key request from the eMSC Server, the KMS queries the SCC AS for the identity of the second user, using the identity of the first user AS an index. The SCC AS inquires a stored nearest opposite end user adopting VoLTE encryption communication with the first user, namely the opposite end user is a second user, and feeds back the identity of the second user.
In step 202, the KMS sends the session key and the identity of the second user to the eMSC Server corresponding to the first user.
In step 203, the eMSC Server receiving the session key and the identity of the second user initiates a call request to the second user.
In some embodiments, the synchronization session key indication information and the identity of the first user are included in the call request. After receiving the call request, the terminal of the second user initiates an operation of searching for the existing session key according to the synchronous session key indication information. And the terminal of the second user inquires a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the identity of the first user.
In step 204, the eMSC Server sends the session key to the CS MGW for the first user and the second user to perform VoLTE encrypted communication based on the session key.
In some embodiments, CS domain non-encrypted communication is used between the terminal of the first user and the CS MGW; PS domain encrypted communication is adopted between the CS MGW and the terminal of the second user.
By the method, when a user adopting VoLTE encrypted communication leaves the LTE network during the conversation, the session key before network switching can be acquired and used after the network switching without applying a new session key to the KMS, so that the time required by synchronizing the session key is shortened, the conversation continuing efficiency is improved, and the conversation continuity is improved.
In some embodiments, the eMSC Server may send the call request to the SCC AS, which forwards the call request to the second user. And the second user feeds back a call response to the SCC AS under the condition that the inquiry of the existing session key is successful according to the identity information of the first user in the call request. And the SCC AS feeds back the call response to the eMSC Server corresponding to the first user under the condition of receiving the call response so that the eMSC Server can confirm that the session key is synchronized.
In some embodiments, after querying the session key in response to the session key request of the eMSC Server, the KMS may encrypt the obtained session key and the identifier of the second user by using a preset shared key, and then send the encrypted data to the eMSC Server. And after receiving the encrypted data, the eMSC Server decrypts the encrypted data according to a preset shared key to obtain a session key and an identity of the second user. By the method, the security of the session key can be improved, and the security of the VoLTE encrypted communication can be improved.
In some embodiments, the session key request sent by the eMCS Server to the KMS also includes STN-SR information. The KMS can determine the domain name and address of the SCC AS that needs to be queried according to the STN-SR information, so AS to send a query request to the address of the SCC AS, where the query request includes the identity of the first user and the handover indication information.
By the method, the efficiency of searching the identity of the second user can be improved, and the efficiency of call connection is further improved.
A flow chart of further embodiments of the call continuation method of VoLTE encrypted communication of the present disclosure is shown in fig. 3. In the process of procedure initiation, a first user and a second user are communicated through VoLTE encryption. Any one of the first user and the second user can be a calling user, and the other one can be a called user. When the first user is switched out of the LTE network, the following steps are executed:
in step 301, the eMSC Server sends a session key request to the KMS, where the session key request includes the identity of the first user and the handover indication information.
In step 302, the KMS queries the SCC AS for the identity of the second user according to the identity of the first user and the handover indication information. In some embodiments, the session key request sent by the eMCS Server to the KMS also includes STN-SR information. The KMS can determine the domain name and address of the SCC AS needing to be queried according to the STN-SR information, so that a query request can be sent to the address of the SCC AS. The query request includes the identity of the first user and the handover indication information.
In step 303, the KMS queries, according to the identifier of the first user and the identifier of the second user, a session key of a VoLTE encrypted call between the first user and the second user before the network is switched locally.
In step 304, the KMS sends the queried session key and the identity of the second user to the eMSC Server corresponding to the first user.
In step 305, the eMSC Server sends a call request to the SCC AS, which forwards the call request to the second user.
In step 306, the SCC AS feeds back the call response to the eMCS Server corresponding to the first user when receiving the call response fed back by the second user, so that the eMCS Server confirms that the session key is synchronized.
In step 307, the eMSC Server sends the session key to the CS MGW. CS domain non-encrypted communication is adopted between the terminal of the first user and the CS MGW; PS domain encrypted communication is adopted between the CS MGW and the terminal of the second user.
By the method, through optimizing the service flow, the user does not need to go to the KMS again to acquire a new session key, the time for synchronizing the session key between the CS MGW and the user is shortened, and the service experience of VoLTE voice encryption communication of the user is improved.
A signaling interaction diagram of some embodiments of the call connection method of VoLTE encrypted communication of the present disclosure is shown in fig. 4.
In 401, two users UE1 and UE2 normally perform VoLTE voice encryption communication.
In 402, UE1 moves in the middle of a call and is handed over from the PS domain LTE network area SRVCC/eSRVCC to the CS domain 2G/3G network.
In 403, the eMSC Server corresponding to the UE1 sends a request message to the KMS to acquire a session key of VoLTE encrypted communication before UEA handover, where the request message includes an identity ID-1 of the UE1, handover indication information, and STN-SR.
In 404, the KMS queries the domain name and IP address information of the SCC AS according to the STN-SR information, further carries the ID-1 and the handover indication information, sends a query request to the SCC AS, and queries the identity of the UE2 performing the VoLTE voice communication with the UE 1.
In 405, the SCC AS queries, based on the ID-1 and the handover indication information, the identity ID-2 of the UE2 performing the VoLTE voice call with the UE1 in the local data record, and returns the identity ID-2 of the UE2 to the KMS.
In 406, the KMS queries locally the session key (MasterKey) of VoLTE encrypted voice communication of UE1 and UE2 before SRVCC/eSRVCC handover occurs based on their identity information.
In 407, the KMS returns the queried session key and user identity information to the eMSC Server. In some embodiments, the security of the transmission may be improved, such as by symmetric encryption with a pre-set shared key.
At 408, the eMSC Server initiates a new SIP (Session Initiation Protocol) call request message to UE2 over the IMS network. The request message carries a user identity identifier, a switching indication and a synchronous session key indication, wherein the synchronous session key indication information is used for indicating that the new VoLTE voice encryption adopts a session key before switching.
In 409, the SCC AS forwards the SIP call request message to UE2, the request message including the handover indication, ID-1 and sync session key indication information.
In 410, UE2 queries its own storage for the session key for VoLTE voice encryption with UE1 before SRVCC/eSRVCC handover occurs.
In 411, UE2 sends a SIP call response message to the SCC AS.
In 412, the SCC AS forwards the SIP call response message to the eMSC Server over the IMS network.
In 413, the eMSC Server sends the session key to the CS MGW via the Mc interface after confirming that the UEB has performed session key synchronization.
In 414, UE1 of the subsequent CS domain and UE2 of the PS domain may perform VoLTE voice encryption communication normally, where there is an unencrypted voice stream of the CS domain between UE1 and CS MGW, and there is an encrypted voice stream of the PS domain between CS MGW and UE 2.
By the method, in a VoLTE voice encryption communication scene, when one party of communication moves, the LTE network of the PS domain is switched to the 2G/3G network of the CS domain, the encryption communication can still be continuously kept, and both parties do not need to acquire the session key from the KMS, so that the time for synchronizing the session key is shortened, the session connection efficiency is improved, and the user service experience is improved.
A schematic diagram of some embodiments of a talk-through network 50 for VoLTE encrypted communications of the present disclosure is shown in fig. 5.
The KMS 501 can locally query a session key of VoLTE encrypted call between a first user and a second user before network handover according to an identity of the first user and an identity of the second user when the first user is handed over from an LTE network in a VoLTE encrypted call process between the first user and the second user, and send the session key and the identity of the second user to an eMSC Server corresponding to the first user.
The eMSC Server 502 can initiate a call request to the second user, wherein the call request comprises the synchronous session key indication information and the identity of the first user, so that the terminal of the second user can inquire the session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user; and sending the session key to a circuit switching domain CS media gateway MGW.
CS MGW 503 is capable of receiving a session key from the eMSC Server for the first user and the second user to perform VoLTE encrypted communication based on the session key. In some embodiments, the CS MGW is capable of using CS domain unencrypted communication with the terminal of the first user; and the terminal and the second user adopt the packet switching PS domain encryption communication.
In the process of supporting the conversation of the user adopting VoLTE encryption communication, when one party leaves the LTE network, the network can acquire the session key before network switching and continue to be used after the network switching, a new session key does not need to be applied to the KMS, the time required by synchronizing the session key is shortened, the session continuing efficiency is improved, and the conversation continuity is improved.
In some embodiments, AS shown in fig. 5, the call continuation network for VoLTE encrypted communications may also include SCC AS 504.
The eMSC Server 502 can send a session key request to the KMS when the first user is handed over out of the LTE network, where the session key request includes an identity of the first user and handover indication information.
The KMS 501 can query the SCC AS for the identity of the second user according to the identity of the first user and the handover indication information. In some embodiments, the session key request further includes STN-SR information; the KMS can determine the address of the corresponding SCC AS according to the STN-SR information, and further send a query request to the address of the SCC AS.
The SCC AS 504 can locally query, according to the identity of the first user, the identity of the second user performing VoLTE encrypted communication with the first user, and feed back the query request including the handover indication information to the KMS.
In such a network, the KMS can acquire the identity of the second user communicating with the first user through the SCC AS 504, so that the eMSC Server corresponding to the first user is not required to provide the identity, the requirement on the capability of the eMSC Server is reduced, the communication process is more compatible with the related technology, and the popularization and the application are facilitated.
In some embodiments, the eMSC Server 502 can send the call request to the SCC AS in order for the SCC AS to forward the call request to the second user. The SCC AS 504 may forward the call request to the second user, and feed back the call response to the eMCS Server corresponding to the first user when receiving the call response fed back by the second user, so that the eMCS Server may confirm that the session key is synchronized.
The network can improve the reliability of call connection through the setting of communication feedback, and the network side can obtain the session key inquiry state of the second user in time and respond, thereby further improving the connection efficiency.
In some embodiments, the present disclosure proposes a computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the corresponding embodiments of the call connection method for VoLTE encrypted communication. As will be appreciated by one of skill in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
A schematic diagram of some embodiments of a call continuation system for VoLTE encrypted communications of the present disclosure is shown in fig. 6.
The call connection network 61 for VoLTE encrypted communication may be any of those mentioned above.
The terminals 621 to 62n (n is a positive integer) can perform VoLTE encrypted communication with each other or with other terminals based on the call connection network 61 for VoLTE encrypted communication. The terminals 621 to 62n can receive a call request from the eMSC Server when the terminal on the other communication terminal leaves the LTE network. And under the condition that the call request comprises the synchronous session key indication information, inquiring the session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user in the call request, and further feeding back a call response to the eMSC Server.
The conversation connection system can acquire the session key before network switching and continue to be used after the network switching when a party leaves the LTE network in the conversation process of a user adopting VoLTE encrypted communication, does not need to apply a new session key to the KMS, shortens the time required by synchronizing the session key, improves the conversation connection efficiency and improves the conversation continuity.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. Those skilled in the art can now fully appreciate how to implement the teachings disclosed herein, in view of the foregoing description.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Finally, it should be noted that: the above examples are intended only to illustrate the technical solutions of the present disclosure and not to limit them; although the present disclosure has been described in detail with reference to preferred embodiments, those of ordinary skill in the art will understand that: modifications to the specific embodiments of the disclosure or equivalent substitutions for parts of the technical features may be made; all such modifications are intended to be included within the scope of the claims of this disclosure without departing from the spirit thereof.

Claims (13)

1. A call connection method of VoLTE encrypted communication comprises the following steps:
during a VoLTE encrypted call over a Long term evolution voice bearer between a first user and a second user, in the event that the first user switches out of the LTE network,
according to the identity of the first user and the identity of the second user, a key management service node KMS inquires a session key of VoLTE encrypted conversation between the first user and the second user before network switching is locally inquired, and sends the session key and the identity of the second user to an enhanced mobile switching center Server eMSC Server corresponding to the first user;
the eMSC Server initiates a call request to the second user, wherein the call request comprises synchronous session key indication information and the identity of the first user, so that a terminal of the second user can inquire a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user;
and the eMSC Server sends the session key to a circuit switching domain CS media gateway MGW so that the first user and the second user can carry out VoLTE encrypted communication based on the session key.
2. The method of claim 1, wherein the first user and the second user conducting VoLTE encrypted communications based on the session key after the first user hands off of an LTE network comprises:
the terminal of the first user and the CS MGW adopt CS domain non-encrypted communication;
and the CS MGW and the terminal of the second user adopt packet switching PS domain encryption communication.
3. The method of claim 1, wherein,
in the VoLTE encrypted call process, when the first user switches out of the LTE network, the method further includes:
the eMSC Server sends a session key request to the KMS, wherein the session key request comprises the identity of the first user and switching indication information;
and the KMS inquires the identity of the second user from a service centralization and continuity application server SCC AS according to the identity of the first user and the switching indication information so AS to acquire the session key according to the identity of the first user and the identity of the second user.
4. The method of claim 3, wherein the eMSC Server initiating a call request to a called subscriber comprises:
the eMSC Server sends a call request to the SCC AS, and the SCC AS forwards the call request to the second user;
further comprising:
and the SCC AS feeds back the call response to the eMSC Server corresponding to the first user under the condition that the SCC AS receives the call response fed back by the second user, so that the eMSC Server confirms that the session key is synchronized.
5. The method of claim 1, wherein a KMS sending a session key and an identity of the second user to the eMSC Server comprises: the KMS encrypts the session key and the identity of the second user by a preset shared key and then sends encrypted data to the eMSC Server;
further comprising: and the eMSC Server decrypts the encrypted data according to the preset shared key to acquire the session key and the identity of the second user.
6. The method of claim 3, wherein the session key request further includes session transfer number-single radio STN-SR information;
the querying, by the KMS, the identity of the second user from the SCC AS according to the identity of the first user includes:
the KMS determines the corresponding address of the SCC AS according to the STN-SR information;
and sending a query request to the address of the SCC AS, wherein the query request comprises the identity of the first user and the switching indication information.
7. A call continuation network for VoLTE encrypted communications, comprising:
a key management service node KMS, configured to, in a process that a first user and a second user carry a VoLTE encrypted call through a long term evolution voice, when the first user switches out of an LTE network, query a session key of the VoLTE encrypted call between the first user and the second user before network switching according to an identity of the first user and an identity of the second user, and send the session key and the identity of the second user to an enhanced mobile switching center Server eMSC Server corresponding to the first user;
the eMSC Server is configured to initiate a call request to the second user, wherein the call request comprises synchronous session key indication information and the identity of the first user, so that a terminal of the second user can inquire a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user; sending the session key to a circuit switching domain CS media gateway MGW;
the CS MGW is configured to receive the session key from the eMSC Server so that the first user and the second user can perform VoLTE encrypted communication based on the session key.
8. The network of claim 7, wherein the CS MGW is further configured to:
CS domain non-encrypted communication is adopted between the terminal and the first user;
and the terminal of the second user adopts packet switching PS domain encryption communication.
9. The network of claim 7, wherein,
the eMSC Server is also configured to send a session key request to the KMS under the condition that the first user is switched out of an LTE network, wherein the session key request comprises the identity of the first user and switching indication information;
the KMS is configured to query a service centralization and continuity application server (SCC AS) for the identity of the second user according to the identity of the first user and the switching indication information;
further comprising:
the SCC AS is configured to, when receiving an inquiry request including the handover indication information, locally inquire, according to the identity of the first user, an identity of a second user performing VoLTE encrypted communication with the first user, and feed back the inquiry to the KMS.
10. The network of claim 9, wherein,
the eMSC Server is configured to send a call request to the SCC AS, so that the SCC AS forwards the call request to the second user;
the SCC AS is further configured to forward the call request to the second user; and under the condition of receiving the call response fed back by the second user, feeding back the call response to the eMSC Server corresponding to the first user so that the eMSC Server can confirm that the session key is synchronized.
11. The network of claim 9, wherein the session key request further includes session transfer number-single radio STN-SR information;
the KMS is configured to determine an address of the corresponding SCC AS according to the STN-SR information; and sending a query request to an address of the SCC AS, wherein the query request comprises the identity of the first user and the switching indication information.
12. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 6.
13. A call connection system of VoLTE encrypted communication comprises:
a call connection network for VoLTE encrypted communications according to any one of claims 7 to 11; and
a terminal configured to:
receiving a call request from an eMSC Server;
under the condition that the call request comprises synchronous session key indication information, inquiring a session key of VoLTE encrypted conversation between the first user and the second user before network switching according to the synchronous session key indication information and the identity of the first user in the call request;
and feeding back a call response to the eMSC Server.
CN202110473877.2A 2021-04-29 2021-04-29 VoLTE encrypted communication call connection method, network, system and storage medium Pending CN115278669A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110473877.2A CN115278669A (en) 2021-04-29 2021-04-29 VoLTE encrypted communication call connection method, network, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110473877.2A CN115278669A (en) 2021-04-29 2021-04-29 VoLTE encrypted communication call connection method, network, system and storage medium

Publications (1)

Publication Number Publication Date
CN115278669A true CN115278669A (en) 2022-11-01

Family

ID=83745874

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110473877.2A Pending CN115278669A (en) 2021-04-29 2021-04-29 VoLTE encrypted communication call connection method, network, system and storage medium

Country Status (1)

Country Link
CN (1) CN115278669A (en)

Similar Documents

Publication Publication Date Title
CN110945892B (en) Security implementation method, related device and system
EP2192804B1 (en) Method of handling handover security configuration and related communication device
EP2182758B1 (en) Method of handling an inter rat handover in wireless communication system and related communication device
CN101518032B (en) Encryption in a wireless telecommunications
US8358627B2 (en) Radio communication system, radio communication method, and mobile station
US20100260105A1 (en) Domain transfer service continuity provision to a mobile terminal
US9167424B2 (en) Method of handling security in SRVCC handover and related communication device
WO2008023162A2 (en) Methods for call continuity telecommunication systems
CN104025650B (en) The enhanced instruction of the network support of voice on the SRVCC and/or IMS of the user equipment in EPS network
EP1926334B1 (en) A inter-system handover method
EP2104304B1 (en) Method and system for transformation of conversation control signaling
RU2552193C2 (en) Radio communication system, mtc device and gate
CN105873241B (en) Method and device for establishing call connection
CN108156634B (en) Service processing method, device and system
US20170289863A1 (en) Troubleshooting method, apparatus, and system
CN102711100B (en) Voice encryption and decryption processing method as well as base station and network system
CN101605324B (en) Method, device and system for negotiating algorithm
CN102209320B (en) Safety negotiation method and device during switching among different wireless access technologies
CN115278669A (en) VoLTE encrypted communication call connection method, network, system and storage medium
WO2011069375A1 (en) Method, apparatus and system for controlling local switching
WO2013127136A1 (en) Voice service switching method and device
KR102129901B1 (en) Mobile communication system and method for circuit switched fallback
EP2560435B1 (en) Method and system for implementing security of single radio voice call continuity
KR101780401B1 (en) Method and apparatus for setting of authorazation and security in radio communication system
CN107635217B (en) Improved eSRVCC switching implementation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination