CN1777095A - Method for updating group key in multicast broadcasting application of mobile communication system - Google Patents
Method for updating group key in multicast broadcasting application of mobile communication system Download PDFInfo
- Publication number
- CN1777095A CN1777095A CN 200410091013 CN200410091013A CN1777095A CN 1777095 A CN1777095 A CN 1777095A CN 200410091013 CN200410091013 CN 200410091013 CN 200410091013 A CN200410091013 A CN 200410091013A CN 1777095 A CN1777095 A CN 1777095A
- Authority
- CN
- China
- Prior art keywords
- msk
- updating message
- old
- user
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
When new user joins multimedia broadcast service in multicast, the multicast data source uses MSKold as secret shared with old users to construct updating message of MSK sent to old users. When constructing updating message of MSK by using cipher key MUK shared with new joined users, the multicast data source carries out enciphering operation. Comparing with prior art, the invention lightens calculating burden for the multicast data source in updating MSK effectively, especially when number of users taking part in service is large so as to raise operating efficiency of system.
Description
Technical field
The present invention relates to moving communicating field, relate in particular to the method for update group key during broadcast/multi broadcast is used in the moving communicating field.
Background technology
At present, people no longer are satisfied with phone and messaging service to the demand of mobile communication, a large amount of multimedia services emerge along with the fast development of Internet, and a plurality of users of some of them application requirements can receive identical data simultaneously, as video request program, television broadcasting etc.3GPP and 3GPP2 have proposed corresponding multimedia broadcast multi-broadcasting business, this business will be put the thought of multiple spot and introduce mobile communication system, the point-to-multipoint service of a data source to a plurality of users send data can be provided in the mobile network, share and improve the purpose of network resource utilization to obtain Internet resources.
The safety of multimedia broadcast multi-broadcasting business realizes by three keys in the mobile communication system at present: cipher key shared MUK between single multimedia broadcast multi-broadcasting business participant and the data source; All multimedia broadcast multi-broadcasting business participants and data source cipher key shared MSK (Minimum Shift Key, MSK minimal shift keying); The multicast transmission data encryption key MTK that all multimedia broadcast multicast service participants and data source are shared.MUK is used to MSK is sent to professional participant safely, and MSK is used to MTK is sent to professional participant safely, and MTK then is real multicast transmission data encryption key.
In order to guarantee the safety of multimedia broadcast multi-broadcasting business, MSK and MTK need to upgrade regularly, and validated user is revealed MSK or MTK gives the disabled user so that it obtains the influence that the multi-casting communication content causes service security to reduce.Utilize MSK to protect the renewal of MTK among the standard TS 33.246v1.3.0 of 3GPP, utilize MUK to protect the renewal of MSK.This scheme is when MSK upgrades, require the multi-case data source to use with service-user cipher key shared MUK and construct an independently MSK updating message for each participates in professional user, new MSK is comprised in this MSK updating message and is passed to service-user by point-to-point mode safely.As can be seen, when the number of users that participates in business was very big, the computation burden in multi-case data source was very heavy, has greatly increased system burden, has influenced the operational efficiency of system.
Summary of the invention
Technical problem to be solved by this invention is to overcome the number of users when participating in business that prior art exists when very big, the computation burden in multi-case data source is very heavy, greatly increased system burden, influenced the shortcomings such as operational efficiency of system, in the hope of provide a kind of can effectively alleviate the multi-case data source computation burden, the mobile communication system multicast and broadcast that improves running efficiency of system are used when MSK upgrades in the method for update group key.
The method of update group key during mobile communication system multicast and broadcast proposed by the invention is used comprises following aspect:
When new user added multimedia broadcast multicast service, MSK was used in the multi-case data source
OldAs and old user between shared secret construct the MSK updating message that sends to old user;
Cryptographic calculation is carried out in the multi-case data source when use is constructed the MSK updating message with initiate user's cipher key shared MUK.
The method of the invention further may further comprise the steps:
At multi-case data source side face, carry out following steps:
The first step: judge that the MSK renewal by which kind of reason is caused, if caused by user's adding, carries out subsequent step;
Second step: use and initiate service-user cipher key shared MUK structure MSK updating message, in this MSK updating message, comprise new key MSK
NewThis MSK updating message sends to initiate service-user by the mode of clean culture; Need to comprise identifier and the MSK of MUK in this MSK updating message
NewIdentifier, and the type of this MSK updating message (use MUK protection MSK updating message);
The 3rd step: use old MSK
OldConstruct the MSK updating message as being respectively each old service user, only carry out computations in this process one time with the shared key of old service-user; Comprise new key MSK in these MSK updating message
New, they send to old service-user respectively by the mode of clean culture; Need to comprise MSK in these MSK updating message
OldAnd MSK
NewIdentifier, and the type of this MSK updating message (use MSK protection MSK updating message);
Aspect service user device, carry out following steps:
The first step: judge the type of the MSK updating message that receives, if this message is for using MSK
OldThe MSK updating message of protection is then carried out subsequent step; If this message is then handled according to the method among the 3GPP TS33.246v1.3.0 for using the MSK updating message of MUK protection;
Second step: according to the MSK in the MSK updating message
OldIdentifier obtain to be used to protect the key MSK of this message
Old, utilize this key the MSK updating message to be verified and from message, obtained new key MSK
New
In the method for the invention, when a new user added business, cryptographic calculation only need be carried out twice in the multi-case data source, once carried out when use is constructed the MSK updating message with initiate user's cipher key shared MUK; And because other MSK updating message is all used identical MSK
OldTherefore structure only need carry out a cryptographic calculation and get final product.So just can alleviate the computation burden of multi-case data source when the MSK that is added triggering by the member upgrades effectively.
Description of drawings
Fig. 1 is a multi-case data source executable operations flow chart in the method for the invention.
Fig. 2 is a subscriber equipment process chart in the method for the invention.
Embodiment
Be described in further detail below in conjunction with the enforcement of accompanying drawing technical scheme.
Basic thought of the present invention is: the trigger condition that MSK upgrades in the multimedia broadcast multicast multicast service can be divided into following three classes: the user adds business, the user leaves other reasonses such as business, Admin Events.When new user adds multimedia broadcast multicast service, because old user knows old shared key MSK
Old, so MSK can be used in the multi-case data source
OldAs and old user between shared secret construct the MSK updating message that sends to old user.When a new user added business, cryptographic calculation only need be carried out twice in the multi-case data source like this, once carried out when use is constructed the MSK updating message with initiate user's cipher key shared MUK; And because other MSK updating message is all used identical MSK
OldTherefore structure only need carry out a cryptographic calculation and get final product.So just can alleviate the computation burden of multi-case data source when the MSK that is added triggering by the member upgrades effectively.
For achieving the above object, group key management method during a kind of mobile communication system multicast and broadcast of the present invention is used is characterized in that, may further comprise the steps:
Following steps are carried out in the multi-case data source:
The first step: judge that the MSK renewal by which kind of reason is caused, if caused by user's adding, carries out subsequent step;
Second step: use and initiate service-user cipher key shared MUK structure MSK updating message, in this MSK updating message, comprise new key MSK
NewThis MSK updating message sends to initiate service-user by the mode of clean culture.Need to comprise identifier and the MSK of MUK in this MSK updating message
NewIdentifier, and the type of this MSK updating message (use MUK protection MSK updating message).
The 3rd step: use old MSK
OldConstruct the MSK updating message as being respectively each old service user, only need to carry out a computations in this process with the shared key of old service-user.Comprise new key MSK in these MSK updating message
New, they send to old service-user respectively by the mode of clean culture.Need to comprise MSK in these MSK updating message
OldAnd MSK
NewIdentifier, and the type of this MSK updating message (use MSK protection MSK updating message).
Service user device is carried out following steps:
The first step: judge the type of the MSK updating message that receives, if this message is for using MSK
OldThe MSK updating message of protection is then carried out subsequent step.If this message is then handled according to the method among the 3GPP TS33.246v1.3.0 for using the MSK updating message of MUK protection.
Second step: according to the MSK in the MSK updating message
OldIdentifier obtain to be used to protect the key MSK of this message
Old, utilize this key the MSK updating message to be verified and from message, obtained new key MSK
New
With reference to Fig. 1, at first the MSK renewal is carried out in the decision of multi-case data source, and renewal may be caused by many reasons.If it is to be added by new service-user to cause that then original MSK is used in the multi-case data source that MSK upgrades
OldAs with old user's shared key structure MSK updating message.The MSK updating message can use the MIKEY agreement to transmit.This MIKEY message needs the MIKEY message of energy and other types to distinguish, so that subscriber equipment can be with MIKEY message (as the MIKEY message that the MSK that uses the MUK structure upgrades, the MIKEY message that the MTK of the use MSK structure upgrades) separate processes of this type of MIKEY message and other classes.The multi-case data source needs the MSK with this message of protection in MIKEY message
OldIdentifier and this message in the MSK that carries
NewIdentifier send to the user.
, MSK causes that then use sends to the user with the MIKEY message that user's cipher key shared MUK structure carries MSK if upgrading by other reasons.
With reference to figure 2, after subscriber equipment received MIKEY message, subscriber equipment was at first judged the type of MIKEY message.When MIKEY message is to use MSK
OldThe MSK of structure
NewDuring updating message, subscriber equipment at first carries out some inspections (as the anti-protection etc. of resetting) to MIKEY message, obtains to be used to protect the MSK of this message then according to the content in the MIKEY message
Old, utilize this key the MIKEY message that receives to be verified and obtained new key MSK
New
If the MIKEY message that receives is the message of other types, then subscriber equipment uses the corresponding information that obtains from MIKEY message to handle accordingly.
Claims (8)
1, the method for update group key is characterized in that during a kind of mobile communication system multicast and broadcast was used, and comprised following aspect:
When new user added multimedia broadcast multicast service, MSK was used in the multi-case data source
OldAs and old user between shared secret construct the MSK updating message that sends to old user;
Cryptographic calculation is carried out in the multi-case data source when use is constructed the MSK updating message with initiate user's cipher key shared MUK.
2, the method for update group key is characterized in that during mobile communication system multicast and broadcast according to claim 1 was used, and at multi-case data source side face, carried out following steps:
The first step: judge that the MSK renewal by which kind of reason is caused, if caused by user's adding, carries out subsequent step;
Second step: use and initiate service-user cipher key shared MUK structure MSK updating message;
The 3rd step: use old MSK
OldConstruct the MSK updating message as being respectively each old service user, only carry out computations in this process one time with the shared key of old service-user.
3, the method for update group key is characterized in that during mobile communication system multicast and broadcast according to claim 2 was used, and was comprising new key MSK in the MSK updating message described in second step and the 3rd step
New
4, the method for update group key is characterized in that during mobile communication system multicast and broadcast according to claim 2 was used, and sent to initiate service-user in the mode of MSK updating message described in second step by clean culture.
5, the method for update group key is characterized in that during mobile communication system multicast and broadcast according to claim 2 was used, and comprised identifier and the MSK of MUK in MSK updating message described in second step
NewIdentifier, and the type of this MSK updating message.
6, the method for update group key is characterized in that during mobile communication system multicast and broadcast according to claim 2 was used, and sent to old service-user respectively in the mode of MSK updating message described in the 3rd step by clean culture.
7, the method for update group key is characterized in that during mobile communication system multicast and broadcast according to claim 2 was used, and was needing to comprise MSK in the MSK updating message described in the 3rd step
OldAnd MSK
NewIdentifier, and the type of this MSK updating message.
8, the method for update group key is characterized in that during mobile communication system multicast and broadcast according to claim 1 was used, and aspect service user device, carried out following steps:
The first step: judge the type of the MSK updating message that receives, if this message is for using MSK
OldThe MSK updating message of protection is then carried out subsequent step; If this message is then handled according to the method for stipulating among the 3GPP TS33.246v1.3.0 for using the MSK updating message of MUK protection;
Second step: according to the MSK in the MSK updating message
OldIdentifier, obtain to be used to protect the key MSK of this message
Old, utilize this key the MSK updating message to be verified and from message, obtained new key MSK
New
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200410091013 CN1777095A (en) | 2004-11-15 | 2004-11-15 | Method for updating group key in multicast broadcasting application of mobile communication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200410091013 CN1777095A (en) | 2004-11-15 | 2004-11-15 | Method for updating group key in multicast broadcasting application of mobile communication system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1777095A true CN1777095A (en) | 2006-05-24 |
Family
ID=36766425
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200410091013 Pending CN1777095A (en) | 2004-11-15 | 2004-11-15 | Method for updating group key in multicast broadcasting application of mobile communication system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1777095A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101511082B (en) * | 2008-02-15 | 2011-01-05 | 中国移动通信集团公司 | Method, equipment and system for updating group cipher key |
CN101488850B (en) * | 2008-01-18 | 2011-03-16 | 中兴通讯股份有限公司 | Method for ciphering content of multimedia broadcast |
CN101150467B (en) * | 2006-09-19 | 2011-12-21 | 华为技术有限公司 | Method for adding multicast and broadcast service into communication system and terminal |
CN101741497B (en) * | 2008-11-17 | 2012-05-09 | 财团法人资讯工业策进会 | Key updating device and method and wireless network system comprising device |
US8184569B2 (en) | 2006-09-19 | 2012-05-22 | Huawei Technologies Co., Ltd. | Method for terminal to join multicast broadcast service in wireless network and system using thereof |
CN103797750A (en) * | 2011-09-20 | 2014-05-14 | 皇家飞利浦有限公司 | Management of group secrets by group members |
-
2004
- 2004-11-15 CN CN 200410091013 patent/CN1777095A/en active Pending
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150467B (en) * | 2006-09-19 | 2011-12-21 | 华为技术有限公司 | Method for adding multicast and broadcast service into communication system and terminal |
US8184569B2 (en) | 2006-09-19 | 2012-05-22 | Huawei Technologies Co., Ltd. | Method for terminal to join multicast broadcast service in wireless network and system using thereof |
CN101488850B (en) * | 2008-01-18 | 2011-03-16 | 中兴通讯股份有限公司 | Method for ciphering content of multimedia broadcast |
CN101511082B (en) * | 2008-02-15 | 2011-01-05 | 中国移动通信集团公司 | Method, equipment and system for updating group cipher key |
CN101741497B (en) * | 2008-11-17 | 2012-05-09 | 财团法人资讯工业策进会 | Key updating device and method and wireless network system comprising device |
CN103797750A (en) * | 2011-09-20 | 2014-05-14 | 皇家飞利浦有限公司 | Management of group secrets by group members |
US9948455B2 (en) | 2011-09-20 | 2018-04-17 | Koninklijke Philips N.V. | Management of group secrets by group members |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2341028C2 (en) | Effective cryptographic data transmission in real-time security protocol | |
US8175278B2 (en) | Key management messages for secure broadcast | |
CN102379134B (en) | Securing messages associated with a multicast communication session within a wireless communications system | |
CN1771706A (en) | Methods and apparatus for secure and adaptive delivery of multimedia content | |
US20090190764A1 (en) | Method and system of key sharing | |
CN1350735A (en) | Indirect public-key encryption | |
Kruus et al. | Techniques and issues in multicast security | |
CN111818360B (en) | Media on-demand method, system and device | |
MX2008003128A (en) | Method and apparatus for providing a digital rights management engine. | |
CN113347215B (en) | Encryption method for mobile video conference | |
CN1921682A (en) | Method for enhancing key negotiation in universal identifying framework | |
RU2356170C2 (en) | Method and device for protection in system of data processing | |
CN1777095A (en) | Method for updating group key in multicast broadcasting application of mobile communication system | |
CN1744706A (en) | Method for protecting broadband video-audio broadcasting content | |
CN1758593A (en) | Service key updating method of multimedium playing service | |
CN101433011A (en) | Method and system for protecting broadcast service/content in a mobile broadcast system, and method for generating short term key message therefor | |
Angamuthu et al. | Balanced key tree management for multi‐privileged groups using (N, T) policy | |
CN1509006A (en) | Firewall and invasion detecting system linkage method | |
CN100342687C (en) | An update method for cipher key shared by multicast/broadcasting service group | |
CN1852092A (en) | Multicast data enciphered transmission method | |
CN1681241A (en) | Secret key distributing method of end-to-end encrypted telecommunication | |
CN1777099A (en) | Method for updating group key in mobile communication multicast application | |
CN1595880A (en) | Method of information integrity protection in multicast/broadcast | |
US20030206637A1 (en) | Mechanism and method to achieve group-wise perfect backward secrecy | |
CN111835754A (en) | Industry message management method, system, terminal device and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20060524 |