CN1697353B - Encryption and encrypted communication method suitable to personal wireless communication system - Google Patents
Encryption and encrypted communication method suitable to personal wireless communication system Download PDFInfo
- Publication number
- CN1697353B CN1697353B CN 200410034768 CN200410034768A CN1697353B CN 1697353 B CN1697353 B CN 1697353B CN 200410034768 CN200410034768 CN 200410034768 CN 200410034768 A CN200410034768 A CN 200410034768A CN 1697353 B CN1697353 B CN 1697353B
- Authority
- CN
- China
- Prior art keywords
- cryptographic algorithm
- terminal
- base station
- encryption
- identification number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 title claims abstract description 48
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000013507 mapping Methods 0.000 claims description 12
- 238000012217 deletion Methods 0.000 claims description 2
- 230000037430 deletion Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000012559 user support system Methods 0.000 description 1
Images
Abstract
Serving specific user group, the method makes member of the said user group share common wireless access network with general users. Without need of building dedicaded network for specific user, operation manager is able to provide cryptographic communication service, in which user can select encryption algorithm on own responsibility, for specific user. Moreover, based on user's request encryption algorithm can be updated and upgraded, and not trusted encryption algorithms are out of use. The said user group can carry out general (not cryptographic) communication with general users.
Description
Technical field
The present invention relates to a kind of encryption and encipher communication method that is applicable to personal wireless communications system.
Background technology
The encipher communication method of the personal wireless communications system of existing service to the public all is at intrasystem all users, the cryptographic algorithm of standard is provided for all users, the user can only be with the cryptographic algorithm of these standards when protecting encryption communication, if these cryptographic algorithm are broken, perhaps owing to user's self reason is distrusted existing cryptographic algorithm, then system just can't continue to satisfy the demand that the user protects encryption communication.
Summary of the invention
For solving the defective of above-mentioned known technology effectively, the invention provides a kind of particular group that can be more reliable method of encrypting is provided, may further comprise the steps:
For a certain customer group is distributed an identification number, and the mapping relations of this customer identification number and this customer group identification number are stored in the database of core network;
At a certain customer group, be numbered by the cryptographic algorithm of core net its support, this numbering is called the cryptographic algorithm sign, and described cryptographic algorithm entity is installed in the subscriber identification module of user terminal, is installed in core network side simultaneously; And
Set up the secret letter road between the base station of described user terminal and described core network, thereby carry out encryption communication.
In the described encryption method, a customer group can not supported any cryptographic algorithm, also can support one or more cryptographic algorithm; And, in different customer groups, can store the cryptographic algorithm of its support and the mapping relations of cryptographic algorithm sign at the different user group in the database of core network with a kind of cryptographic algorithm with different cryptographic algorithm signs.
And described encryption method can increase the cryptographic algorithm that customer group is supported by following steps: increase new cryptographic algorithm entity and corresponding cryptographic algorithm sign in the subscriber identification module of all members in customer group; Simultaneously, in core network side this new cryptographic algorithm entity and mapping relations of cryptographic algorithm sign in the new database more are installed.
In addition, described encryption method can be deleted the cryptographic algorithm that customer group is supported by following steps: this cryptographic algorithm entity of deletion identifies with corresponding cryptographic algorithm in all members' the subscriber identification module in customer group; Simultaneously, unload this cryptographic algorithm entity, more the mapping relations of cryptographic algorithm sign in the new database in core network side.
Utilize described encryption method, the invention provides a kind of terminal beginning terminal and base station carries out the method for encryption communication when exhaling, and it may further comprise the steps:
A. terminal is sent the link setup request message to the base station, wherein carries the encryption communication designator, customer identification number, and this user wishes the sign of the cryptographic algorithm used;
B. link assignment message is sent in the base station, distributes to professional code channel of this user;
C. the base station is according to the sign of customer identification number and the cryptographic algorithm close parameter to the corresponding cryptographic algorithm of core network requests, and core net is found the identification number of customer group under this user from database according to customer identification number;
D. core net is distributed close parameter according to the identification number of described customer group and this user that is designated of cryptographic algorithm, and close parameter is encapsulated in the encryption parameter request-reply message passes to the base station;
E. the base station is exhaled terminal with close parameter configuration to the beginning, and both sides confirm that mutually encryption communication begins.
Utilize described encryption method, the method for encryption communication was carried out in terminal and base station when the present invention also provided a kind of terminal to be exhaled, and it may further comprise the steps:
A '. beep-page message is sent out to terminal in the base station;
B '. terminal is initiated the link setup request, carries the encryption communication designator in message, customer identification number, and the sign of the cryptographic algorithm of choosing wantonly in this terminal encryption set of algorithms;
C '. the base station link assignment message of setting out, distribute to professional code channel of this user;
D '. the base station sends the encryption parameter request message to core net, wherein carries customer identification number, and core net is found the identification number of the customer group of customer group under the called subscriber from database according to customer identification number;
E '. core net is distributed close parameter according to the identification number of described customer group and this user that is designated of cryptographic algorithm, and close parameter is encapsulated in the encryption parameter request-reply message passes to the base station;
F '. terminal is given with close parameter configuration in the base station, and both sides confirm that mutually encryption communication begins.
Wherein, carry being designated of cryptographic algorithm in the message when being exhaled terminal to initiate the link setup request and exhaled the terminal encryption capability indicator, be i.e. the maximum of the cryptographic algorithm sign of this terminal support.
The method of encryption communication of the present invention makes public's wireless communication networks in for domestic consumer's service, also can provide service for the special user group who protects the encryption communication demand is arranged.This guarantor's encryption communication has following superiority simultaneously:
When (1) member of this customer group does caller, can independently select the employed cryptographic algorithm of communication that to carry out;
(2) member of this customer group does when called, and core network requires it to use the cryptographic algorithm of the highest level that this user supports to communicate;
(3) manager of this customer group can increase new cryptographic algorithm by operator in the set of algorithms of this customer group; And can delete un-trusted cryptographic algorithm in the set of algorithms of this customer group by operator.
Description of drawings
Read in conjunction with the accompanying drawings, the detailed description of specific embodiments of the invention is more readily understood.In the accompanying drawing:
The message schematic diagram of the process of setting up in secret letter road when Fig. 1 exhaled for the terminal beginning;
The message schematic diagram of the process of setting up in secret letter road when Fig. 2 is exhaled for terminal.
Embodiment
Be to realize the present invention, will realize that at first core net is to the identification of customer group and to the identification of cryptographic algorithm.Wherein, described core net is the part of cordless communication network, and its equipment comprises base station controller, switch, and other auxiliary devices, has the function of finishing professional control, exchange and transmission.
At first, operator will distribute a customer group identification number CID that this customer group is exclusive for special user group usually.When opening an account for the member of this customer group, customer identification number and the binding of customer group identification number with this member are stored in the database of core network side.
Simultaneously, the cryptographic algorithm entity of this customer group use and cryptographic algorithm sign are written in this user's the subscriber identification module together.In core network side, the cryptographic algorithm entity that all special user groups use then is installed, and in the database of core network, is stored the cryptographic algorithm of its support and the mapping relations of cryptographic algorithm sign EA_ID at the different user group.
Just can realize that by above method core net is to the identification of customer group and to the identification of cryptographic algorithm.
In addition, when the manager of customer group decision increases a new cryptographic algorithm for the set of algorithms of this customer group, can by operator new cryptographic algorithm entity and the corresponding cryptographic algorithm sign EA_ID of subscriber identification module increase of all members in this customer group, for core network side new cryptographic algorithm entity is installed simultaneously, more the mapping relations of cryptographic algorithm sign in the new database.Otherwise, when the some cryptographic algorithm in the manager of customer group thinks the set of algorithms of this customer group are trustless, can delete this cryptographic algorithm entity and corresponding cryptographic algorithm sign EA_ID for the subscriber identification module of all members in this customer group by operator, simultaneously unload this cryptographic algorithm entity, more the mapping relations of cryptographic algorithm sign in the new database in core network side.
On the basis of having set up above recognition mode, just can realize encryption communication by the foundation in terminal and secret letter road, base station.
The beginning exhaled the message exchange procedure of terminal and base station to be when as shown in Figure 1, the terminal beginning exhaled:
A. terminal is sent the link setup request message to the base station, wherein carries encryption communication designator EI, customer identification number UID, and this user wishes the sign EA_ID of the cryptographic algorithm used;
B. link assignment message is sent in the base station, distributes to professional code channel of this user;
C. the base station is according to customer identification number UID and the EA_ID close parameter to the corresponding cryptographic algorithm of core network requests, and core net is found the identification number CID of customer group under this user from database according to customer identification number;
D. core net is distributed close parameter according to CID and EA_ID for this user, and close parameter is encapsulated in the encryption parameter request-reply message passes to the base station;
E. the base station is exhaled terminal with close parameter configuration to the beginning, and both sides confirm that mutually encryption communication begins.
As shown in Figure 2, exhaled the message exchange procedure of terminal and base station:
A '. the base station exhales terminal to send beep-page message to quilt;
B '. terminal is sent the link setup request, carries encryption communication indication EI in message, customer identification number UID, with and cryptographic capabilities designator Encryption_Capability, the i.e. maximum of the cryptographic algorithm sign EA_ID that supports of this terminal;
C '. link assignment message is sent out in the base station, distributes to professional code channel of this user;
D '. the base station sends the encryption parameter request message to core net, wherein carries customer identification number UID, and core net is found the identification number CID of customer group under the called subscriber from database according to customer identification number;
E '. core net is distributed close parameter according to the identification number CID of customer group and cryptographic algorithm sign EA_ID for this user, and close parameter is encapsulated in the encryption parameter request-reply message passes to the base station;
F '. terminal is given with close parameter configuration in the base station, and both sides confirm that mutually encryption communication begins.
Wherein, among the step b ', the cryptographic capabilities designator can replace with the sign of cryptographic algorithm optional in this terminal encryption set of algorithms.
In addition, can not have the identifier of encryption communication designator and cryptographic algorithm when terminal is sent the link setup request, this situation is applicable to that terminal carries out common no encryption communication.Exhale terminal and exhaled one of terminal not belong to this special user's group time when the beginning, although the beginning exhales between terminal and the base station or is exhaled and set up the secret letter road between terminal and the base station, but another sets up channel is conventional channel, and this type of communication is as general as common unclassified communication.The communication of promptly corresponding certain special user group user of this communication and domestic consumer.In addition, certain special user group also can and another special user group between carry out communication.Secret letter road establishment step that beginning exhales and the secret letter road establishment step of being exhaled are separate, and cryptographic algorithm was independently selected by the user when beginning exhaled, and cryptographic algorithm used when being exhaled is by being exhaled terminal oneself to select or use the cryptographic algorithm of highest level at random.
Claims (6)
1. encryption method that is applicable to personal wireless communications system, this method may further comprise the steps:
By operator is that a certain customer group is distributed an identification number, and the mapping relations of all customer identification numbers in this customer group and this customer group identification number are stored in the database of core network;
At described customer group, be numbered by the cryptographic algorithm of core net its support, this numbering is called the cryptographic algorithm sign, described cryptographic algorithm is installed in the subscriber identification module of user terminal, is installed in core network side simultaneously; And
Set up the secret letter road between the base station of described user terminal and described core network, thereby carry out encryption communication, it is characterized in that, the method for encryption communication is carried out in terminal and base station when exhaling in the terminal beginning, may further comprise the steps:
A. a certain terminal is sent the link setup request message to the base station, wherein carries the encryption communication designator, customer identification number, and this user selects the sign of the cryptographic algorithm used;
B. link assignment message is sent in the base station, distributes to professional code channel of this user;
C. the base station is according to the sign of customer identification number and the cryptographic algorithm close parameter to the corresponding cryptographic algorithm of core network requests, and core net is found the identification number of customer group under this user from database according to customer identification number;
D. core net is distributed close parameter according to the identification number of described customer group and this user that is designated of cryptographic algorithm, and close parameter is encapsulated in the encryption parameter request-reply message passes to the base station;
E. the base station is exhaled terminal with close parameter configuration to the beginning, and both sides confirm that mutually encryption communication begins.
2. encryption method as claimed in claim 1, it is characterized in that, identify with different cryptographic algorithm in different customer groups with a kind of cryptographic algorithm, store the cryptographic algorithm of its support and the mapping relations of cryptographic algorithm sign at the different user group in the database of core network.
3. encryption method as claimed in claim 1 is characterized in that, increases the cryptographic algorithm that customer group is supported by following steps:
Increase new cryptographic algorithm entity and corresponding cryptographic algorithm sign in the subscriber identification module of all members in customer group; Simultaneously, in core network side this new cryptographic algorithm entity and mapping relations of cryptographic algorithm sign in the new database more are installed.
4. encryption method as claimed in claim 1 is characterized in that, deletes the cryptographic algorithm that customer group is supported by following steps:
This cryptographic algorithm entity of deletion identifies with corresponding cryptographic algorithm in all members' the subscriber identification module in customer group; Simultaneously, unload this cryptographic algorithm entity, more the mapping relations of cryptographic algorithm sign in the new database in core network side.
5. encryption method that is applicable to personal wireless communications system, this method may further comprise the steps:
By operator is that a certain customer group is distributed an identification number, and the mapping relations of all customer identification numbers in this customer group and this customer group identification number are stored in the database of core network;
At described customer group, be numbered by the cryptographic algorithm of core net its support, this numbering is called the cryptographic algorithm sign, described cryptographic algorithm is installed in the subscriber identification module of user terminal, is installed in core network side simultaneously; And
Set up the secret letter road between the base station of described user terminal and described core network, thereby carry out encryption communication, it is characterized in that, the method for encryption communication is carried out in terminal and base station when terminal is exhaled, and may further comprise the steps:
A '. beep-page message is sent out to terminal in the base station;
B '. terminal is initiated the link setup request, carries the encryption communication designator in message, customer identification number, and the sign of the cryptographic algorithm of choosing wantonly in this terminal encryption set of algorithms;
C '. link assignment message is sent in the base station, distributes to professional code channel of this user;
D '. the base station sends the encryption parameter request message to core net, wherein carries customer identification number, and core net is found the identification number of the customer group of customer group under the called subscriber from database according to customer identification number;
E '. core net is distributed close parameter according to the identification number of described customer group and this user that is designated of cryptographic algorithm, and close parameter is encapsulated in the encryption parameter request-reply message passes to the base station;
F '. terminal is given with close parameter configuration in the base station, and both sides confirm that mutually encryption communication begins.
6. the encryption method that is applicable to personal wireless communications system as claimed in claim 5, being designated of cryptographic algorithm of carrying in the message when being exhaled terminal to initiate the link setup request exhaled the terminal encryption capability indicator, i.e. the maximum of the cryptographic algorithm sign of this terminal support.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410034768 CN1697353B (en) | 2004-05-12 | 2004-05-12 | Encryption and encrypted communication method suitable to personal wireless communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410034768 CN1697353B (en) | 2004-05-12 | 2004-05-12 | Encryption and encrypted communication method suitable to personal wireless communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1697353A CN1697353A (en) | 2005-11-16 |
| CN1697353B true CN1697353B (en) | 2010-04-21 |
Family
ID=35349901
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410034768 Expired - Fee Related CN1697353B (en) | 2004-05-12 | 2004-05-12 | Encryption and encrypted communication method suitable to personal wireless communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1697353B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000151578A (en) * | 1998-11-10 | 2000-05-30 | Mitsubishi Electric Corp | Encryption communication system |
| CN1426185A (en) * | 2001-12-13 | 2003-06-25 | 华为技术有限公司 | Method for realizing secrete communication by autonomously selecting enciphered algorithm |
| CN1427635A (en) * | 2001-12-21 | 2003-07-02 | 华为技术有限公司 | Method of determining encrypted algorithm in secret communication based on mobile national code |
| CN1471326A (en) * | 2002-07-26 | 2004-01-28 | ��Ϊ��������˾ | Method of wireless link encrypting aglorithm for autonomous selective secret communication |
-
2004
- 2004-05-12 CN CN 200410034768 patent/CN1697353B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000151578A (en) * | 1998-11-10 | 2000-05-30 | Mitsubishi Electric Corp | Encryption communication system |
| CN1426185A (en) * | 2001-12-13 | 2003-06-25 | 华为技术有限公司 | Method for realizing secrete communication by autonomously selecting enciphered algorithm |
| CN1427635A (en) * | 2001-12-21 | 2003-07-02 | 华为技术有限公司 | Method of determining encrypted algorithm in secret communication based on mobile national code |
| CN1471326A (en) * | 2002-07-26 | 2004-01-28 | ��Ϊ��������˾ | Method of wireless link encrypting aglorithm for autonomous selective secret communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1697353A (en) | 2005-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7050797B2 (en) | Remote control system in mobile communication terminal and method thereof | |
| US8214643B2 (en) | Service verifying system, authentication requesting terminal, service utilizing terminal, and service providing method | |
| CN101563944A (en) | IMSI handling system | |
| US20060141987A1 (en) | Identification of a terminal with a server | |
| US20050047597A1 (en) | Method of selecting encrypting arithmetric for realizing communication of secrecy | |
| CN1231108A (en) | Preventing misure of copied subscriber identity in mobile communication system | |
| CN101409592A (en) | Method, system and apparatus for implementing multi-application business based on condition receiving card | |
| CN101202936B (en) | Method, system realizing RRC signal order integrality protection referring to SRNS relocation and wireless network controller | |
| CN1205833C (en) | Authentication in radiotelephone network | |
| US20220030429A1 (en) | Authentication Method and Apparatus and Device | |
| CN108848495A (en) | A kind of user identity update method using preset key | |
| CN101990211A (en) | Method, device and system for network access | |
| CN1332576C (en) | Method and system for realizing concentration service to dynamic establish user group | |
| CN100477859C (en) | Method for user terminal accessing in network | |
| US7136646B1 (en) | Method and apparatus for electing an identification confirmation information | |
| CN100525156C (en) | Method of selecting safety communication algorithm | |
| CN1697353B (en) | Encryption and encrypted communication method suitable to personal wireless communication system | |
| TW456124B (en) | Method and apparatus for controlling a subscriber's local operation in a mobile communication system | |
| EP0963671A1 (en) | Method for establishing a connection in a mobile communication network | |
| CN1815955B (en) | Method for identifying authority of user | |
| JP2019153922A (en) | LTE communication system and communication control method | |
| US20110311047A1 (en) | Method of making secure a link between a data terminal and a data processing local area network, and a data terminal for implementing the method | |
| CN101137203A (en) | Method to establish user plane | |
| CN103108291A (en) | Short message sending method and mobile switching center and mobile communication system | |
| KR100250979B1 (en) | The method for authentication center |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20051116 Assignee: Beijing Xin Wei Yongsheng telecom technology co., ltd Assignor: Xinwei Communications Technological Co., Ltd., Beijing Contract record no.: 2013110000075 Denomination of invention: Encryption and encrypted communication method suitable to personal wireless communication system Granted publication date: 20100421 License type: Exclusive License Record date: 20131230 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20051116 Assignee: Beijing Xin Wei Yongsheng telecom technology co., ltd Assignor: Xinwei Communications Technological Co., Ltd., Beijing Contract record no.: 2013110000075 Denomination of invention: Encryption and encrypted communication method suitable to personal wireless communication system Granted publication date: 20100421 License type: Exclusive License Record date: 20131230 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model | ||
| PP01 | Preservation of patent right |
Effective date of registration: 20191121 Granted publication date: 20100421 |
|
| PP01 | Preservation of patent right | ||
| PD01 | Discharge of preservation of patent |
Date of cancellation: 20200710 Granted publication date: 20100421 |
|
| PD01 | Discharge of preservation of patent | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100421 Termination date: 20200512 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |