WO2006081712A1 - Méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation - Google Patents

Méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation Download PDF

Info

Publication number
WO2006081712A1
WO2006081712A1 PCT/CN2005/000183 CN2005000183W WO2006081712A1 WO 2006081712 A1 WO2006081712 A1 WO 2006081712A1 CN 2005000183 W CN2005000183 W CN 2005000183W WO 2006081712 A1 WO2006081712 A1 WO 2006081712A1
Authority
WO
WIPO (PCT)
Prior art keywords
call
control device
core control
level
terminal user
Prior art date
Application number
PCT/CN2005/000183
Other languages
English (en)
Chinese (zh)
Inventor
Dengjun Su
Xianli Hu
Jiwen Lu
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Priority to PCT/CN2005/000183 priority Critical patent/WO2006081712A1/fr
Publication of WO2006081712A1 publication Critical patent/WO2006081712A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • the present invention relates to the field of communications, and more particularly to a method for switching the level of confidentiality of a call in an IP-based communication network. Background technique
  • VOIP technology is a very important technology in today's communications field.
  • media transmission technologies based on IP networks have been increasingly used in enterprise networks and public networks.
  • VOIP technology has some security issues, such as voice data IP packets being sniffed and monitored; user accounts and device spoofing. Therefore, the confidentiality of the unencrypted media stream when transmitted over IP is relatively poor, and it cannot meet the needs of users such as the military and government departments who have higher confidentiality requirements.
  • encrypted communication that encrypts signaling and voice is particularly important to prevent unauthorized users from stealing information from legitimate users.
  • Encrypted communication is a special feature in VOIP technology.
  • the general method is that the user terminal and the system device perform encryption and authentication according to the established authentication algorithm, authentication parameter and service encryption mode; the encryption function of the terminal includes encrypting the user account and the password.
  • the server is authenticated and the media stream is encrypted and decrypted.
  • the present invention has been made in view of the above technical problems in the prior art, and an object thereof is to provide a method for switching the confidentiality level of a call during a call, so as to allow the user to clear different secret levels according to different occasions. Call, and make different secrets without interrupting the call Level switching, so that users can flexibly adopt various encryption methods to communicate according to their needs.
  • a method for switching the confidentiality level of a call during a call comprising: registering, at a core control device of the communication network, a security parameter set by the terminal user; and establishing a certain relationship between the terminal users requiring the call A call of a secret level; if any one of the call terminal users needs to change the secret level of the call, the core control device switches the display level according to the security parameter of the new secret level.
  • the method further comprises: establishing a call with a certain level of confidentiality between the third party terminal user and any one of the end users who are talking.
  • the method further includes: if a terminal user has multiple calls with a clear level, when the switching terminal user switches between the multiple calls, the core control device is configured according to the switched call.
  • the level of confidentiality controls the call.
  • the step of the core control device registering the security parameter of the secret level set by the terminal user further comprises: the terminal user setting a secret level of the call and a security parameter thereof; and sending the security parameter to the core Control device; the core control device stores the security parameter.
  • the security parameter is sent to the core control device by using a registration message; wherein the step of sending the security parameter to the core control device further comprises: the terminal user initiating to the core control device a registration request; the core control device authenticates the terminal user and returns an authentication result; if the authentication is successful, the terminal user authenticates the core control device; if the authentication is successful, the The terminal user sends the authentication result and the security parameter of the secret level to the core control device; the core control device stores the security parameter.
  • the security parameter is sent to the core control device by using another predetermined message (such as a call setup message or a user extension message, etc.), wherein the step of sending the security parameter to the core control device further includes: The security parameters are added to the predetermined message according to a predetermined protocol and message format; the predetermined message is sent to the core control device; and the core control device processes the message.
  • another predetermined message such as a call setup message or a user extension message, etc.
  • the step of establishing a call with a certain level of confidentiality between the terminal users requiring a call further comprises: the terminal user initiating a call request to the core control device; the core control device according to the calling terminal
  • the security parameter set by the user in the call request message and the security parameter of the secret level registered by the called terminal user in the core control device are established with corresponding secrets between the calling and called terminal users.
  • Level of call the terminal user initiating a call request to the core control device.
  • the step of the core control device establishing a call with a corresponding secret level between the calling and called terminal users further comprises: the core control device performing a confidential parameter according to the security parameter of the primary called terminal user Negotiating; the core control device controls the encryption of the encryption parameter between the calling and the called terminal users; if the negotiation is successful, when the call belongs to the secret message, the core control device allocates the called terminal user a key for encrypting and decrypting a media stream; the core control device establishes a call between the calling and called terminal users; when the call belongs to a clear call, the core control device directly at the calling and called terminal A call is established between users; if the negotiation is unsuccessful, the call fails.
  • the step of the core control device switching the clearness level according to the security parameter of the new security level further comprises: any one of the call terminal users initiating a secret level for changing the call to the core control device a media switching request of the parameter, the media switching request carries a new security parameter of a secret level; the core control device forwards the media switching request to another call terminal user; and the control device of the core control device
  • the call terminal user re-negotiates the encryption parameter; if the negotiation is successful, when the call belongs to the secret message, the core control device re-distributes the key to the call terminal user, and the call terminal user performs the new key Call;
  • the call terminal user directly makes a call.
  • the step of the core control device controlling the current call according to the brightness level of the switched call further includes: the core control device controls the handover The terminal user suspends the call before the handover, and saves the information of the switched terminal user in the handover terminal user.
  • the control handover terminal user and the new call terminal user use the key of the switched call to encrypt and decrypt the media stream.
  • the terminal device can register a set of security parameters that set different brightness levels to the core control device;
  • the terminal user can set the terminal state of the terminal device according to the needs, including the clear words, the secret message, and the encryption level.
  • the user can adjust his or her own encryption mode according to the needs, that is, switch between different clear-level call states.
  • the terminal encryption mode is arbitrarily selected by the user according to the needs at that time.
  • FIG. 1 is a flow chart of a method of switching a clear level of a call during a call, in accordance with one embodiment of the present invention
  • FIG. 2 is a flow chart of a security parameter of a terminal user registering a secret level by a registration message in the method of FIG. 1 according to an embodiment of the present invention
  • FIG. 3 is a flow chart showing a process of switching the confidentiality level of a call by a terminal user in a single call in the method of FIG. 1 according to an embodiment of the present invention
  • FIG. 4 is a flow diagram of a terminal user forming a plurality of calls having a clear level in the method of FIG. 1 in accordance with an embodiment of the present invention. detailed description
  • the present invention has been proposed in an IP communication network that is implemented by softswitch technology, in which a call between two end users is established by a core control device. If the media stream of the call between the two end users is encrypted, the call is called a secret message, otherwise it is called a clear message.
  • a terminal with an encryption function it can change a single communication method in the past, and establish a clear message with another terminal according to different occasions, or a secret message of a different secret level; In the case of the terminal, it is also possible to switch between the clear call, the secret message and the secret level in the current call or between the multiple calls according to different situations.
  • “clear level” 00183 refers to the way the call is taken, that is, whether the call is a plain or a secret message. If it is a secret, what is its secret level?
  • the secret level is set by a set of security parameters, and at least the encrypted communication mode used by the terminal device is set in the set of security parameters.
  • FIG. 1 is a flow diagram of a method of switching the level of privacy of a call during a call, in accordance with one embodiment of the present invention.
  • the IP communication network using the softswitch technology includes at least one core control device, two or more user terminal devices, and the terminal device has the capability of locally encrypting and decrypting the communication content.
  • the security parameters of the secret level set by the terminal user are registered in the core control device of the communication network.
  • the terminal user can set multiple levels of security, and each terminal user can add the security parameter of the secret level to the established message at any time when the user needs to register or add a new level of confidentiality.
  • This message is sent to the core control device for registration.
  • the given message can be either a registered message or another message.
  • the registration message is carried in the registration message, and may include a service encryption mode, a security parameter, and the like corresponding to the user-defined brightness level.
  • the format and message content are related to the specific softswitch control device and the protocol supported by the terminal device.
  • the registration process of the security parameter of the terminal user's level of confidentiality is described by taking the registration of the security parameter to the core control device as an example.
  • FIG. 2 is a flow diagram of a security parameter of a terminal user registering a secret level by a registration message in the method of FIG. 1 in accordance with an embodiment of the present invention.
  • the terminal user carries the security parameter of the secret level in the registration message, and registers the security parameter with the core control device while the terminal performs registration authentication.
  • the registration authentication process of the terminal is a two-way authentication and authentication process between the terminal and the core control device, that is, the softswitch needs to authenticate the terminal, and the terminal also authenticates and authenticates the softswitch.
  • the registration process of the security parameters of the level of confidentiality in Fig. 1 will now be described in detail with reference to Fig. 2.
  • the terminal user sets the level of confidentiality that the terminal user complies with in a subsequent call through a user interface such as an interface.
  • each level of confidentiality is determined by a set of security parameters.
  • Set When the user initiates a registration request to the core control device, the user The security parameters of the selected secret level are included in the established registration message to form a message packet.
  • the security parameters include information such as media encryption mode, authentication algorithm, and authentication parameters.
  • the format of the registration message is not specified, because the embodiment is merely an exemplary description, and the message format and message content of the predetermined message used by the terminal device to perform security parameter registration are specific to The requirements of the core control device are related to the protocol supported by the terminal device user.
  • the terminal user initiates a registration authentication request to the core control device, where the request includes a secret level and a user identifier. .
  • the core control device authenticates the end user.
  • the core control device obtains the user identifier from the registration message, thereby searching for the corresponding user subscription information, and authenticating the user terminal.
  • the core control device sends a response message to the terminal, where the response message includes the signature information of the core control device and the authentication result, such as the success or failure of the authentication and the reason for the failure.
  • the authentication message interaction is only schematically represented, and the actual authentication message interaction process needs to be determined according to the actual authentication algorithm.
  • step 203 the terminal user performs authentication processing on the core control device according to the response message sent back by the core control device in step 202, and transmits the authentication result and the security parameter of the secret level to the core control device.
  • the core control device stores the security parameters carried in the registration message and authenticates the legitimacy of the terminal user.
  • the core control device returns a registration success response message to the terminal device.
  • the terminal successfully registers with the core control device and registers its own security parameters.
  • the security parameters set by the user may also be sent to the core control device by other established messages, such as a call setup message or a user extension message.
  • Security parameters are added to the intended message in accordance with the established protocol and message format, and the intended message is sent to the core control device.
  • the core control device processes these messages and stores the security parameters therein.
  • the user can start to initiate services such as calls.
  • the confidentiality status and the secret level of a call are determined by the master, the called terminal user and the core control device. Since the security parameters set by the terminal user can be inconsistent with the security parameters registered on the core control device, Call during call The switching of the confidentiality level not only needs to consider the service information and the secret level attribute of the calling user, but also considers the service information and the secret level attribute of the called user and the security level of the confidentiality level registered on the core control device. Information such as parameters.
  • the terminal user specifies the secret level of the call, and establishes a call with a certain level of confidentiality between the end users who need to call.
  • the end user can specify the desired level of confidentiality when making a call request, and the security parameter of the secret level is automatically sent as a parameter of the call request message along with the call request.
  • security parameters it may include a secret mode to initiate a call, when the called terminal device does not support the secret call, whether to adopt a call failure mode, or a clear call mode.
  • the specific parameter form is related to the specific media gateway controller device and the call protocol of the terminal. When the user dials, a call request with security parameters is sent to the core control device.
  • step 115 if any one of the call terminal users needs to change the secret level of the call, the core control device switches the clearness level according to the security parameter of the new secret level.
  • FIG. 3 is a flow diagram of a process for a terminal user to switch the secret level of a call during a one-way call in the method of FIG. 1 in accordance with an embodiment of the present invention.
  • Figure 3 illustrates the process by which end users A and B switch from establishing a call to making a call.
  • the call parameters are set, including the security parameters of the current call, and then the called number is dialed to initiate a call.
  • the users A and B can not hang up. Freely change the level of confidentiality of the call.
  • step 301 the terminal A initiates a call request to the core control device, and the call message carries a call parameter including a security parameter, where the core control device establishes a clear call, and the core control device according to the parameter and The attribute parameter of the called user determines the encryption attribute of the call, that is, the secret level of the secret or secret message and the secret message.
  • step 302 after receiving the call request, the core control device analyzes the security parameters and other information of the called user, and after performing the confidentiality parameter negotiation, transmits the call request message of the terminal A to the called terminal.
  • step 303 under the control of the core control device, the terminals B and A perform the negotiation of the encryption level parameter, thereby determining whether to accept the call request and the confidentiality level of the call and the corresponding security parameter. If the calling and called terminal user fails to negotiate, the called terminal B sends back a call failure response message to the core control device. Otherwise, if the established call is a secret, the core control device assigns a key to the two terminals A and B, and the role of the key is to encrypt and decrypt the media stream. If the call to be established is clear, the core control device does not assign a key. This process is not necessarily independent and can be done simultaneously with call signaling.
  • step 304 when the encryption level parameters of the two terminals A and B are successfully negotiated, the calling party terminals A and B establish a call.
  • step 305 if the established call belongs to a secret message, the terminals A and B perform encryption and decryption processing on the media stream according to the negotiated secret level and the obtained key. If the established call is clear, the media stream is not encrypted or decrypted.
  • step 306 during the call, if the call environment or occasion changes or for other reasons, terminal A (which may also be terminal B) wishes to change the secret level of the call, including switching between clear and secret messages or changing the secret message.
  • the level can directly initiate a media switch request to the core control device, and the request message includes the desired new security level of the secret level.
  • step 307 the core control device forwards the media switch request message received from the terminal A to the terminal B.
  • step 308 the terminal B and the terminal A re-enforce the encryption level parameter negotiation under the control of the core control device, and after the negotiation succeeds, the core control device re-allocates the key for the secret message.
  • step 309 after the negotiation of the encryption level parameters of the two terminals A and B is successful, the switching of the secret level of the call is successful.
  • terminals A and B talk at a new level of privacy.
  • a clear call or an end call may be established between the terminals A and B. Can be selected by the end user.
  • multiple calls can exist simultaneously on one end user, but at the same time, only One call is in a call state, that is, only one media stream, for example, a clear call is established between terminal A and terminal B, and terminal A establishes a secret call with terminal C, so that call hold, call waiting, etc. are implemented.
  • a clear call is established between terminal A and terminal B, and terminal A establishes a secret call with terminal C, so that call hold, call waiting, etc. are implemented.
  • it involves the switching of clear media streams.
  • a process in which a terminal user A forms a plurality of calls with a clear level is described in conjunction with FIG. 4, that is, the terminal user A first establishes a call with a certain level of confidentiality (such as a clear voice) with the terminal user B during the call. In the end, the end user C establishes another (such as a secret) call with the terminal user A.
  • a certain level of confidentiality such as a clear voice
  • the end user C establishes another (such as a secret) call with the terminal user A.
  • step 401 the terminal A initiates a call request to the core control device, where the call request message carries basic call parameter information, and the called number is the terminal ⁇
  • step 402 the core control device passes the call request to the called terminal B, and the message body carries the basic call parameter information of the terminal A.
  • step 403 after the basic call parameters of the terminals A and B are successfully negotiated, a clear call is established.
  • step 404 the terminals A and B enter a call state, and the media stream is an unencrypted clear media stream.
  • step 405 during the conversation between the terminals A and B, the terminal C sends a secret call to the core control device, the called number is terminal A, and the call request message carries information such as the security parameter of the terminal C.
  • step 406 after the core control device processes the call request of the terminal C, the call request is forwarded to the terminal A.
  • step 407 the terminal C and the terminal A perform the negotiation of the encryption parameters. After the negotiation succeeds, the core control device allocates the key for the terminal C and the terminal A.
  • step 408 terminal A suspends terminal B and saves the data area information of terminal B to talk with terminal C.
  • step 409 the terminal A switches the media stream to the call channel with the terminal C, and establishes a call with the terminal C.
  • step 410 the terminal A and the terminal C make a call, and the media stream of the call is a media stream encrypted by the key allocated by the core control device.
  • terminal A there is a clear call with terminal B and a secret message with terminal C. Call.
  • the core control device When the terminal user A switches between the two calls, for example, when switching from a clear call with the terminal B to a secret call with the terminal C, the core control device first switches the terminal user (terminal A). Switching the request, controlling the switching terminal user (terminal A) to suspend the call before the handover (talking with the terminal B), and storing the information of the switched terminal user (terminal B) in the switching terminal user (terminal A), Then, the switching terminal user (terminal A) and the new calling terminal user (terminal C) are used to encrypt and decrypt the media stream using the key of the switched call.
  • the core control device controls the terminal user A to suspend the secret call with the terminal C, and saves the information of the terminal user C, and then controls the terminal user A and the terminal.
  • User B makes a clear call (no key is required to encrypt and decrypt the media stream).
  • the security parameter of the terminal user's level of confidentiality may be transmitted by the terminal to the core control device through a message, or may be set in advance in the core control device;
  • the security parameters required for the second call may be transmitted in the message of the call setup, or may be separately transmitted through other messages;
  • the call parameters of the call initiated by the terminal refer to user setting parameters related to the call, including security parameters, media types, etc.
  • the call message is sent to the called user as a parameter.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L’invention concerne une méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation comprenant : l’inscription des paramètres de sécurité que l’utilisateur du terminal a définis dans le dispositif central de contrôle du réseau de communication, l’établissement d’une conversation possédant un certain degré de texte normal et de texte chiffré entre les utilisateurs de terminal devant converser ; si l’un quelconque des utilisateurs de terminal doit changer le niveau de texte normal et de texte chiffré pendant la conversation, le dispositif central de contrôle commute le niveau du texte normal et du texte chiffré en fonction des paramètres de sécurité du nouveau niveau de texte normal et de texte chiffré. L’invention permet à des utilisateurs de définir le niveau de texte normal et de texte chiffré dans la conversation en fonction des exigences.
PCT/CN2005/000183 2005-02-07 2005-02-07 Méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation WO2006081712A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2005/000183 WO2006081712A1 (fr) 2005-02-07 2005-02-07 Méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2005/000183 WO2006081712A1 (fr) 2005-02-07 2005-02-07 Méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation

Publications (1)

Publication Number Publication Date
WO2006081712A1 true WO2006081712A1 (fr) 2006-08-10

Family

ID=36776936

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/000183 WO2006081712A1 (fr) 2005-02-07 2005-02-07 Méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation

Country Status (1)

Country Link
WO (1) WO2006081712A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6070245A (en) * 1997-11-25 2000-05-30 International Business Machines Corporation Application interface method and system for encryption control
US6363150B1 (en) * 1999-12-30 2002-03-26 At&T Corporation Billing method for customers having IP telephony service with multiple levels of security
WO2004098144A1 (fr) * 2003-04-25 2004-11-11 Telefonaktiebolaget L M Ericsson (Publ) Dispositif et procede de protection des communications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6070245A (en) * 1997-11-25 2000-05-30 International Business Machines Corporation Application interface method and system for encryption control
US6363150B1 (en) * 1999-12-30 2002-03-26 At&T Corporation Billing method for customers having IP telephony service with multiple levels of security
WO2004098144A1 (fr) * 2003-04-25 2004-11-11 Telefonaktiebolaget L M Ericsson (Publ) Dispositif et procede de protection des communications

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
EP2677788B1 (fr) Méthode et système pour l'aggrégation de données pour des tâches communes à plusieurs appareils
EP1717986B1 (fr) Procede de distribution de cles
US6996716B1 (en) Dual-tier security architecture for inter-domain environments
KR101438243B1 (ko) Sim 기반 인증방법
EP1374533B1 (fr) Procede permettant de faciliter l'interception legale de connexions ip
US20140109213A1 (en) Method and Apparatus for Data Transmission
WO2011041962A1 (fr) Procédé et système de négociation de clé de session de bout en bout prenant en charge les interceptions légales
US20070074022A1 (en) Method for providing message transmission in H.323 communication system
WO2007048301A1 (fr) Procede de cryptage pour service mgn
WO2005104423A1 (fr) Procede de communication secrete entre deux points limites
WO2007093079A1 (fr) Procédé de mise en oeuvre d'une politique de sécurité en matière de négociation-clé dans un réseau interdomaine de commutation de paquets à plusieurs garde-portes
WO2008074226A1 (fr) Procédé pour négocier la clé secrète de session entre les points d'extrémité à travers des zones à multiples contrôleurs d'accès
WO2009094813A1 (fr) Procédé et appareil de négociation de paramètres de sécurité pour sécuriser le flux multimédia
WO2006081712A1 (fr) Méthode de commutation de niveau de texte normal et de texte chiffré pendant une conversation
JP2009135577A (ja) 情報中継システム、情報中継装置、方法及びプログラム
WO2012174843A1 (fr) Procédé de négociation de clé et système pour obtenir une sécurité de bout en bout
US20070133808A1 (en) Method for allocating session key across gatekeeper zones in a direct-routing mode
WO2009094814A1 (fr) Procédé de génération de paramètres de sécurité pour sécuriser un flux multimédia et appareil associé
WO2006066455A1 (fr) Procede permettant d'accomplir une session avec differents niveaux de securite standard dans un reseau de communication
CN1491002A (zh) Ip视频终端设备与信令网的交互
JP6554851B2 (ja) Ip電話暗号化装置および暗号化方法
JP2003229955A (ja) 通話方法及び通話システム
WO2011017851A1 (fr) Procédé permettant à un client d’accéder de manière sécurisée à un serveur de stockage de messages, et dispositifs correspondants
WO2008083620A1 (fr) Procédé, système et appareil pour une négociation de contexte de sécurité de flux multimédia

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05706620

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 5706620

Country of ref document: EP