WO2007048301A1 - A encryption method for ngn service - Google Patents

A encryption method for ngn service Download PDF

Info

Publication number
WO2007048301A1
WO2007048301A1 PCT/CN2006/001922 CN2006001922W WO2007048301A1 WO 2007048301 A1 WO2007048301 A1 WO 2007048301A1 CN 2006001922 W CN2006001922 W CN 2006001922W WO 2007048301 A1 WO2007048301 A1 WO 2007048301A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
negotiation
parameter
key
encryption parameter
Prior art date
Application number
PCT/CN2006/001922
Other languages
French (fr)
Chinese (zh)
Inventor
Cheng Chen
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007048301A1 publication Critical patent/WO2007048301A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to an encryption method for an NGN service.
  • NGN Next Generation Network
  • NGN Next Generation Network
  • softswitch is The device responsible for call control
  • the media gateway is responsible for TDM-IP (Time Division Multiple Access Internet Protocol) bearer media conversion device
  • MRS Media Resource Server
  • NGN business is a packet-based network that can provide telecommunication services and utilizes multiple broadband capabilities and QoS (Quality of Service) guarantees.
  • the typical networking application is shown in Figure 1, where softswitch is The device responsible for call control; the media gateway is responsible for TDM-IP (Time Division Multiple Access Internet Protocol) bearer media conversion device; MRS (Media Resource Server) is to provide functions such as playback, number collection, multi-party conference; NGN business;
  • TDM-IP Time Division Multiple Access Internet Protocol
  • MRS Media Resource Server
  • the main media message format is:
  • IP protocol part UDP User Datagram Protocol
  • RTP Real-Time Transport Protocol
  • User service information transmitted over an IP network includes voice, video, data, and in-band signaling such as DTMF (Dual Tone Multi-Frequency). Since the IP network is more likely to be intercepted and stolen than the information on the TDM network, there is a great security risk in transmitting user service information directly on the IP network. There are two aspects to this security risk: on the one hand, the user's voice, video, and data information may be monitored; on the other hand, the user's confidential information is stolen, such as the user's telephone bank account number and password being stolen. Even a dedicated IP network, such as a network management device connected to an IP network, can steal confidential information from users.
  • DTMF Dual Tone Multi-Frequency
  • the existing technologies for encrypted transmission mainly include the following three types:
  • the first is IPSec (IP Encryption Protocol) encrypted transmission technology:
  • IPSec encryption technology is a universal encryption transmission technology on IP networks. It encrypts all the content above the IP protocol layer.
  • the encryption algorithm and key can be configured on the device or exchanged by IKE (key exchange) protocol. Key, see definition in protocols such as RFC2401;
  • This technology only encrypts user service data, and voice messages in the following formats:
  • the encryption algorithm is fixed on the NGN device; the encryption key can be dynamically allocated, and the soft exchange is passed to the encryption device when the call is established.
  • the process is as shown in FIG. 2.
  • the softswitch generates a key, and when the media resource is allocated by the H.248 protocol to control the media gateway, the encryption key is also specified.
  • the default encryption algorithm encrypts all data; then, during the call setup with the IP terminal, the IP terminal is also notified of the encryption key, generally using the SIP (Session Initiation Protocol) protocol; after the call is established, both the media gateway and the IP terminal are obtained.
  • SIP Session Initiation Protocol
  • the encryption process is controlled by softswitch.
  • Softswitch is required to understand the encryption capabilities of different media gateways and IP terminal devices, which increases the complexity of softswitches.
  • IP terminals are diverse and difficult to be completely unified.
  • the third method provided is the RTP (Real-Time Transport Protocol) encryption method defined by RFC3711.
  • SRTP is an end-to-end encryption and authentication method for voice services carried by RTP. It uses the AES (Advanced Data Encryption Algorithm) encryption algorithm to encrypt the message content and supports authentication at the RTP protocol layer.
  • AES Advanced Data Encryption Algorithm
  • the shortcomings of the prior art 3 are basically the same as those of the prior art 2.
  • the fixed encryption algorithm requires that all the systems support the decryption algorithm to be used; each message is encrypted, the amount of encryption is large, and the efficiency is affected.
  • the object of the present invention is to provide an encryption method for an NGN service.
  • the two parties encrypt the encryption parameters end-to-end on the IP bearer network, and encrypt the media stream by using encryption parameters supported by both ends. Transmission improves the security of network transmission.
  • An encryption method for an NGN service including:
  • the encryption parameters are negotiated end-to-end between IP devices, and the parts of the media stream that need to be encrypted are encrypted and transmitted according to the encryption parameters confirmed by negotiation.
  • the encryption method specifically includes:
  • the calling party initiates encryption parameter negotiation
  • the called party After receiving the above negotiation, the called party selects the encryption parameter supported by the local end and returns to the calling party;
  • the calling party confirms the encryption parameter selected by the called party, and the encryption negotiation is successful, and the specific part of the media stream is encrypted and transmitted by using the negotiated encryption parameter.
  • the step A further includes: before initiating the encryption parameter negotiation:
  • the calling party configures or uses the key exchange protocol.
  • IKE sets the key a used to encrypt the key information in the signaling during the encryption negotiation process and the encryption algorithm a of the key a.
  • the step A further includes:
  • the calling party allocates IP resources for the calling service and reserves the encrypted resources.
  • the step A further includes: the softswitch receives the encrypted parameter negotiation message of the calling party, and transparently transmits the message to the called party, and the softswitch does not participate in the negotiation process.
  • the encryption parameter in the negotiation of the encryption parameter initiated by the calling party in the step A is a plurality of encryption parameter sequences that can be selected by the called party.
  • the encryption parameters include: acknowledgment encryption, acknowledgment not encryption, encryption algorithm, key, and/or encryption object.
  • the encryption method further includes:
  • the encryption method further includes:
  • the present invention can flexibly negotiate whether to support the encryption function, the encryption algorithm, the key, and the encryption object between the media devices using the IP bearer by supporting the end-to-end negotiation function of the encryption parameters.
  • Control parameters such as encryption parameters and softswitches do not need to control this negotiation process, which increases the flexibility of encrypted transmission and improves the service security of the IP network.
  • FIG. 1 is a schematic diagram of networking of a prior art NGN network
  • FIG. 2 is a flow chart showing another operation of an encryption method in the prior art
  • Figure 3 is a flow chart showing the operation of the method of the present invention.
  • the core idea of the present invention is to provide an NGN service encryption method, which encrypts the end-to-end negotiation of the IP bearer network, whether encryption, encryption algorithm, key and encrypted object, and increases the reliability and flexibility of encryption.
  • the present invention provides an NGN service encryption method, which is described by taking a media gateway and an IP terminal as an example.
  • the method is applicable to communication between devices in the NGN and IMS domains that carry IP media over the IP interface.
  • the operation flow of the method is as shown in FIG. 3, and specifically includes the following steps: Step 10: The encryption algorithm a and the key a of the configuration key are used to encrypt the encryption key in the call negotiation process. '
  • IKE key exchange protocol negotiation key a.
  • the key a is used to encrypt the key b information in the signaling during the encryption negotiation process. If the key and the encryption algorithm in the negotiation process are stolen, the encryption of the media stream may be cracked.
  • Step 11 Start the call.
  • the softswitch receives the call, it notifies the media gateway to allocate the IP resource.
  • the media gateway initiates the negotiation of the encryption parameter in the response message.
  • the softswitch and the media gateway generally use the H.248/MGCP (Media Gateway Control Protocol) protocol to communicate.
  • the softswitch and the IP terminal generally use the SIP/H.323 protocol to communicate.
  • the following uses the commonly used H.248 and SIP protocols as an example. The call setup process using these protocols follows the standard protocol.
  • the softswitch uses the H.248 protocol to notify the media gateway to allocate IP resources, that is, assign an IP address and port number for receiving and transmitting the media stream, and the softswitch also needs to notify the media gateway to reserve the encrypted resource.
  • the media gateway After receiving the message sent by the softswitch, the media gateway reserves the ciphering resource, sends the acknowledgment message, and initiates the ciphering parameter negotiation, which can be implemented by carrying the ciphering parameter in the SDP (Session Description Protocol) of the acknowledgment message, in the SDP protocol.
  • the encryption parameters carried include: an encryption calculation b, a key b, and an encryption object, and the media gateway can provide a plurality of the encryption parameter sequences selectable by the other party.
  • the encryption algorithm may be an encryption algorithm such as RSA (Public Key Algorithm), DES (Data Encryption Standard Algorithm), AES (Advanced Data Encryption Algorithm), RC4, or the like.
  • RSA Public Key Algorithm
  • DES Data Encryption Standard Algorithm
  • AES Advanced Data Encryption Algorithm
  • the key b is generated in accordance with the requirements of the encryption algorithm.
  • the encryption object refers to which part of the media stream is encrypted, and may be: an encrypted 2833 message, an encrypted T38 fax data, an encrypted Modem data, an encrypted G.711 A voice code, etc., and the encrypted object may be pressed by PT. (Load type) to distinguish, the PT is a parameter that distinguishes different message types in the media stream, and different encryption objects can be identified by PT.
  • the key b, the field is encrypted and encrypted according to the encryption algorithm a and the key a configured in step 10.
  • the encryption algorithm a and the encryption algorithm b may be different algorithms, and the key a and the key b should be different.
  • the call initiated by the media gateway side is the same as the call initiated by the IP terminal.
  • the SDP of the request message carries the encryption parameter and initiates the negotiation.
  • the process is the same as the negotiation process initiated by the media gateway.
  • Step 12 After receiving the encryption parameter negotiation message of the media gateway, the softswitch transparently transmits the negotiated encryption parameter to the IP terminal.
  • the softswitch is only a transparent transmission parameter and does not participate in negotiation.
  • the negotiation process is performed end-to-end between the media gateway and the IP terminal.
  • the media gateway uses the H.248 protocol.
  • the softswitch only needs to send the SDP in the H.248 protocol message to the IP terminal through the SIP protocol.
  • Step 13 After receiving the negotiation request message, the IP terminal selects the encryption parameter supported by the device in the encryption parameter carried in the SDP, and returns the selected encryption parameter to the softswitch in the response message through the SIP protocol.
  • the IP terminal selects the encryption parameter used for the current call from the request SDP according to the encryption algorithm and encryption capability supported by the device. If no encryption is used, no encryption parameter is returned. .
  • the encryption parameters selected by the IP terminal include: Encryption algorithm! ), key c, encrypted object.
  • the key c and the key b may be different, and the key c herein refers to the decryption key.
  • the key c is different from the key b, indicating that the upstream and downstream media streams of the call use different keys.
  • Step 14 After receiving the response message from the IP terminal, the softswitch notifies the media gateway of the negotiation result.
  • the softswitch confirms the negotiated encryption parameter through the Modify message of the H.248 protocol. If the media gateway accepts the negotiation result, the negotiation succeeds and sends an acknowledgement message to the softswitch. If the negotiation result is not accepted, the negotiation is unsuccessful. User service requirements, you can suspend the service or not encrypt the call.
  • Step 15 During the call progress, the specific part of the media stream is encrypted and decrypted according to the negotiated encryption parameters.
  • Step 16 During the call progress, either party can modify the encryption parameters as needed.
  • the encryption parameter negotiation process may be re-initiated.
  • the IP terminal to initiate the renegotiation as an example, if the IP terminal requests to change the encryption parameter, the cryptographic parameter negotiation request is sent to the softswitch through the SIP protocol, and the softswitch then sends the cryptographic parameter negotiation request to the media gateway through the H.248 protocol.
  • the media gateway selects the encryption parameter supported by the local end in the received encryption parameter, modifies the current encryption parameter, returns the modified encryption parameter to the softswitch, and finally sends it to the IP terminal, and the re-negotiation is completed.
  • the media gateway does not accept the encryption parameters provided by the IP terminal during the renegotiation process, the original encryption parameters are retained.
  • the softswitch is notified by the H.248 Notify message, which is the same as the renegotiation process initiated by the IP terminal.
  • the present invention can flexibly negotiate whether to support encryption functions, encryption algorithms, encryption parameters such as encryption keys, encryption keys, etc., softswitch, etc., by supporting end-to-end negotiation functions of encryption parameters.
  • the control device does not need to control this negotiation process, which increases the flexibility of the encrypted transmission and improves the service security of the IP network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A encryption method for NGN service in the network communication technology, both parties end-to-end negotiate the encryption parameter on the bearing network, encrypt the transmission for the specific portion of the transferring media flow according to the negotiated the encryption parameter, it is advantageous for the compatible interconnection between the different devices as well as large-scale commercial operation. By the end-to-end negotiation function supporting the encryption parameter, the present invention may flexibly negotiate the parameters including whether supporting the negotiation function, the negotiation algorithm, the cryptographic key and the encryption object and the like between the media devices using IP bearing, the soft switching control devices and the like do not need to control such negotiation course, increase the adaptability of the encryption transmission, also improve the service security of IP network.

Description

一种 NGN业务的加密方法  Encryption method for NGN service
技术领域 Technical field
本发明涉及网络通信技术领域, 尤其涉及一种 NGN业务的加密方法。  The present invention relates to the field of network communication technologies, and in particular, to an encryption method for an NGN service.
发明背景 Background of the invention
NGN (下一代网络)是一种基于分组网络, 能够提供电信业务, 利用多种宽带能力 和 QoS (服务质量)保证的传送技术,其典型的组网应用如图 1所示, 其中软交换是负责 呼叫控制的设备; 媒体网关是负责 TDM-IP (时分复用互联网协议) 承载媒体转换的设 备; MRS (媒体资源服务器)是提供放音、 收号、 多方会议等功能; 应用服务器提供各 种 NGN业务;  NGN (Next Generation Network) is a packet-based network that can provide telecommunication services and utilizes multiple broadband capabilities and QoS (Quality of Service) guarantees. The typical networking application is shown in Figure 1, where softswitch is The device responsible for call control; the media gateway is responsible for TDM-IP (Time Division Multiple Access Internet Protocol) bearer media conversion device; MRS (Media Resource Server) is to provide functions such as playback, number collection, multi-party conference; NGN business;
这些设备连接在 IP网络上, 相互间通过 IP承载媒体进行通信。 主要的媒体报文格式 为:  These devices are connected to the IP network and communicate with each other via IP bearer media. The main media message format is:
IP协议部分 UDP (用户数据报协议)协议部分 ~~ RTP (实时传输协议)协议 部分——语音数据部分。  IP protocol part UDP (User Datagram Protocol) protocol part ~~ RTP (Real-Time Transport Protocol) protocol part - voice data part.
在 IP网络上传输的用户业务信息包括语音、 视频、 数据、 带内信令如 DTMF (双音 多频)等。 由于 IP网络相对于 TDM网络上的信息更容易被监听、 窃取, 直接在 IP网络上 传输用户业务信息存在很大的安全隐患。这种安全隐患存在两个方面: 一方面是用户的 语音、 视频、 数据信息可能被监听; 另一方面是用户的机密信息被窃取, 如用户的电话 银行帐号和密码被窃取。 即使是专门的 IP网络, 连接在 IP网络上的网管等设备, 也能盗 取用户的机密信息。  User service information transmitted over an IP network includes voice, video, data, and in-band signaling such as DTMF (Dual Tone Multi-Frequency). Since the IP network is more likely to be intercepted and stolen than the information on the TDM network, there is a great security risk in transmitting user service information directly on the IP network. There are two aspects to this security risk: on the one hand, the user's voice, video, and data information may be monitored; on the other hand, the user's confidential information is stolen, such as the user's telephone bank account number and password being stolen. Even a dedicated IP network, such as a network management device connected to an IP network, can steal confidential information from users.
因此, 为了保证 NGN业务传输的安全性, 必须对 NGN用户的业务信息提供加密传 输功能。 现有的关于加密传输的技术主要包括如下三种:  Therefore, in order to ensure the security of NGN service transmission, it is necessary to provide an encrypted transmission function for the NGN user's service information. The existing technologies for encrypted transmission mainly include the following three types:
第一种为 IPSec (IP加密协议) 加密传输技术:  The first is IPSec (IP Encryption Protocol) encrypted transmission technology:
IPSec加密技术是 IP网络上的通用加密传输技术,对 IP协议层以上层的所有内容进行 加密, 加密算法和密钥可'以在设备上配置, 或者通过 IKE (密钥交换)协议交换双方的 密钥, 详见 RFC2401等协议中的定义;  IPSec encryption technology is a universal encryption transmission technology on IP networks. It encrypts all the content above the IP protocol layer. The encryption algorithm and key can be configured on the device or exchanged by IKE (key exchange) protocol. Key, see definition in protocols such as RFC2401;
由于这种加密技术是纯 IP传输层的加密,不是专门针对 NGN业务的加密技术,因此, 该 IPSec加密传输技术存在如下缺点 - Since this encryption technology is a pure IP transport layer encryption, not an encryption technology specifically for NGN services, the IPSec encryption transmission technology has the following disadvantages -
1、 需要对整个 IP协议层以上的数据全部加密, 加密和解密的数据量巨大, 对系统 处理能力要求很高, 一般 IPSec加密处理后, 系统性能至少降低一半; 1. It is necessary to encrypt all the data above the entire IP protocol layer. The amount of data encrypted and decrypted is huge, and the system processing capability is very high. After the IPSec encryption process, the system performance is reduced by at least half;
2、 同一 IP地址上的呼叫始终使用相同的密钥和加密算法, 不够安全。 针对上述 IPSec加密传输技术的不足, 目前, 提出了另一种只对用户数据加密的传 输技术: . 2. Calls on the same IP address always use the same key and encryption algorithm, which is not secure enough. In view of the above IPSec encryption transmission technology, at present, another transmission technology that only encrypts user data is proposed:
这种技术只对用户业务数据进行加密, 对如下格式的语音报文:  This technology only encrypts user service data, and voice messages in the following formats:
IP协议部分—— UDP协议部分—— RTP协议部分——语音数据部分,  The IP protocol part - the UDP protocol part - the RTP protocol part - the voice data part,
只加密 "语音数据部分", 其加密算法是在 NGN设备上固定配置; 加密密钥可以动 态分配, 由软交换在呼叫建立时传递给加密双方设备。  Only the "voice data part" is encrypted, and the encryption algorithm is fixed on the NGN device; the encryption key can be dynamically allocated, and the soft exchange is passed to the encryption device when the call is established.
以媒体网关和 IP终端的通信为例, 流程如图 2所示, 在呼叫开始时, 软交换生成密 钥, 在通过 H.248协议控制媒体网关分配媒体资源时, 同时指定加密密钥, 使用默认的 加密算法,加密所有数据; 然后在和 IP终端建立呼叫过程中, 同时通知 IP终端加密密钥, 一般用 SIP (会话起始协议)协议; 呼叫建立完成后, 媒体网关和 IP终端都获得密钥, 就可以对媒体流进行加密和解密。  Taking the communication between the media gateway and the IP terminal as an example, the process is as shown in FIG. 2. At the beginning of the call, the softswitch generates a key, and when the media resource is allocated by the H.248 protocol to control the media gateway, the encryption key is also specified. The default encryption algorithm encrypts all data; then, during the call setup with the IP terminal, the IP terminal is also notified of the encryption key, generally using the SIP (Session Initiation Protocol) protocol; after the call is established, both the media gateway and the IP terminal are obtained. The key, you can encrypt and decrypt the media stream.
可以看出, 上述对用户数据加密传输的技术虽然相对于 IPSec加密技术, 每个呼叫 都可以用不同的加密密钥, 安全性提高, 而且只加密数据部分, 加密量减少, 但是, 仍 存在以下缺点:  It can be seen that although the above technology for encrypting and transmitting user data is different from IPSec encryption technology, each call can use a different encryption key, the security is improved, and only the data portion is encrypted, and the amount of encryption is reduced. However, the following still exists. Disadvantages:
1、 只能使用固定的加密算法, 要求系统所有设备使用相同的加密算法, 不够安全; 1. Only use a fixed encryption algorithm, requiring all devices in the system to use the same encryption algorithm, which is not secure enough;
2、 对呼叫媒体流中的每个数据包都加密, 对系统的处理能力要求较高, 不能有选 择的对部分关键信息进行加密, 加密和解密的数据量大, 对系统处理能力要求高;2. Encrypt each data packet in the call media stream, which requires high processing power of the system, and cannot select some key information to be encrypted. The amount of data encrypted and decrypted is large, and the system processing capability is high;
3、 加密过程要受软交换的控制, 要求软交换了解不同媒体网关、 IP终端设备的加 密能力, 增加了软交换的复杂度, 而且 IP终端多种多样, 很难完全统一。 3. The encryption process is controlled by softswitch. Softswitch is required to understand the encryption capabilities of different media gateways and IP terminal devices, which increases the complexity of softswitches. Moreover, IP terminals are diverse and difficult to be completely unified.
目前, 提供的第三种方法为 RFC3711定义的 RTP (实时传送协议) 加密方法称为 Currently, the third method provided is the RTP (Real-Time Transport Protocol) encryption method defined by RFC3711.
SRTP, 是专门用于 RTP承载的语音业务的端到端加密和认证方法。 它使用 AES (高级数 据加密算法)加密算法对报文内容进行加密, 同时支持在 RTP协议层对报文进行认证。 SRTP is an end-to-end encryption and authentication method for voice services carried by RTP. It uses the AES (Advanced Data Encryption Algorithm) encryption algorithm to encrypt the message content and supports authentication at the RTP protocol layer.
该现有技术三的缺点和现有技术二的缺点基本相同: 固定的加密算法, 要求所有系 统都支持此解密算法才可使用; 对每个报文都进行加密, 加密量大, 影响效率。  The shortcomings of the prior art 3 are basically the same as those of the prior art 2. The fixed encryption algorithm requires that all the systems support the decryption algorithm to be used; each message is encrypted, the amount of encryption is large, and the efficiency is affected.
因此, 需要提供一种方法可以更有效的保证 NGN业务传输的安全性。  Therefore, it is necessary to provide a method for more effectively ensuring the security of NGN service transmission.
发明内容 Summary of the invention
鉴于上述现有技术所存在的问题, 本发明的目的在于提供一种 NGN业务的加密方 法, 加密双方在 IP承载网上端到端协商加密参数, 采用两端都支持的加密参数进行媒体 流的加密传输, 提高了网络传输的安全性。  In view of the above problems in the prior art, the object of the present invention is to provide an encryption method for an NGN service. The two parties encrypt the encryption parameters end-to-end on the IP bearer network, and encrypt the media stream by using encryption parameters supported by both ends. Transmission improves the security of network transmission.
本发明的目的是通过以下技术方案实现的- 一种 NGN业务的加密方法, 包括: The object of the invention is achieved by the following technical solutions - An encryption method for an NGN service, including:
在 IP设备间端到端协商加密参数, 根据协商确认的加密参数对媒体流中需要加密的 部分进行加密传输。  The encryption parameters are negotiated end-to-end between IP devices, and the parts of the media stream that need to be encrypted are encrypted and transmitted according to the encryption parameters confirmed by negotiation.
所述加密方法具体包括:  The encryption method specifically includes:
A、 呼叫方发起加密参数协商;  A. The calling party initiates encryption parameter negotiation;
B、 被叫方接收到上述协商后, 选择本端支持的加密参数, 并返回至呼叫方; B. After receiving the above negotiation, the called party selects the encryption parameter supported by the local end and returns to the calling party;
C、 呼叫方确认上述被叫方选择的加密参数, 加密协商成功, 采用协商的加密参数 对媒体流中的特定部分进行加密传输。 C. The calling party confirms the encryption parameter selected by the called party, and the encryption negotiation is successful, and the specific part of the media stream is encrypted and transmitted by using the negotiated encryption parameter.
所述步骤 A在发起加密参数协商前还包括:  The step A further includes: before initiating the encryption parameter negotiation:
呼叫双方配置或使用密钥交换协议 IKE设定用于对加密协商过程中信令中的密钥信 息进行加密的密钥 a及所述密钥 a的加密算法 a。  The calling party configures or uses the key exchange protocol. IKE sets the key a used to encrypt the key information in the signaling during the encryption negotiation process and the encryption algorithm a of the key a.
所述步骤 A还包括:  The step A further includes:
呼叫方为呼叫业务分配 IP资源, 同时预留加密资源。  The calling party allocates IP resources for the calling service and reserves the encrypted resources.
所述步骤 A还包括- 软交换接收呼叫方的加密参数协商消息, 将其透传给被叫方, 软交换不参与协商处 理。  The step A further includes: the softswitch receives the encrypted parameter negotiation message of the calling party, and transparently transmits the message to the called party, and the softswitch does not participate in the negotiation process.
所述步骤 A中呼叫方发起加密参数协商中的加密参数是多个可供被叫方选择的加密 参数序列。  The encryption parameter in the negotiation of the encryption parameter initiated by the calling party in the step A is a plurality of encryption parameter sequences that can be selected by the called party.
所述加密参数包括: 确认加密、 确认不加密、 加密算法、 密钥和 /或加密对象。 所述加密方法还包括:  The encryption parameters include: acknowledgment encryption, acknowledgment not encryption, encryption algorithm, key, and/or encryption object. The encryption method further includes:
D、 确定呼叫任一方要求修改加密参数, 则重新发起加密参数协商过程。  D. Determine whether the calling party requests to modify the encryption parameter, and then re-initiate the encryption parameter negotiation process.
所述加密方法还包括:  The encryption method further includes:
若重协商不成功, 则保留原来协商的加密参数。  If the renegotiation is unsuccessful, the original negotiated encryption parameters are retained.
由上述本发明提供的技术方案可以看出,本发明通过支持加密参数的端到端协商功 能, 可以在使用 IP承载的媒体设备间灵活协商是否支持加密功能、 加密的算法、 密钥和 加密对象等加密参数, 软交换等控制设备不需要控制此协商过程, 增加了加密传输的灵 活性, 提高了 IP网络的业务安全性。  It can be seen from the technical solution provided by the present invention that the present invention can flexibly negotiate whether to support the encryption function, the encryption algorithm, the key, and the encryption object between the media devices using the IP bearer by supporting the end-to-end negotiation function of the encryption parameters. Control parameters such as encryption parameters and softswitches do not need to control this negotiation process, which increases the flexibility of encrypted transmission and improves the service security of the IP network.
附图简要说明 BRIEF DESCRIPTION OF THE DRAWINGS
图 1为现有技术 NGN网络组网示意图;  1 is a schematic diagram of networking of a prior art NGN network;
图 2为现有技术另一种加密方法操作流程图; 图 3为本发明所述方法操作流程图。 2 is a flow chart showing another operation of an encryption method in the prior art; Figure 3 is a flow chart showing the operation of the method of the present invention.
实施本发明的方式 Mode for carrying out the invention
本发明的核心思想是提供一种 NGN业务加密方法,加密双方在 IP承载网上端到端协 商是否加密、 加密算法、 密钥和加密的对象, 增加了加密的可靠性和灵活性。  The core idea of the present invention is to provide an NGN service encryption method, which encrypts the end-to-end negotiation of the IP bearer network, whether encryption, encryption algorithm, key and encrypted object, and increases the reliability and flexibility of encryption.
本发明提供了一种 NGN业务加密方法,以媒体网关和 IP终端通讯为例对本方法进行 说明, 该方法适用于 NGN和 IMS域中的各种出 IP接口承载媒体流的设备之间的通讯, 该 方法操作流程如图 3所示, 具体包括如下步骤- 步骤 10: 配置密钥的加密算法 a和密钥 a, 用于对呼叫协商过程中的加密密钥进行加 密。 '  The present invention provides an NGN service encryption method, which is described by taking a media gateway and an IP terminal as an example. The method is applicable to communication between devices in the NGN and IMS domains that carry IP media over the IP interface. The operation flow of the method is as shown in FIG. 3, and specifically includes the following steps: Step 10: The encryption algorithm a and the key a of the configuration key are used to encrypt the encryption key in the call negotiation process. '
在媒体网关和 IP终端等设备上配置加密算法 a和密钥 a, 或者使用 RFC2409定义的 Configure the encryption algorithm a and key a on the media gateway and IP terminal, or use RFC2409
IKE (密钥交换)协议协商密钥 a。 IKE (key exchange) protocol negotiation key a.
所述密钥 a是用来对加密协商过程中信令中的密钥 b信息进行加密, 因为协商过程信 令中的密钥和加密算法如果被窃取, 对媒体流的加密就可能被破解。  The key a is used to encrypt the key b information in the signaling during the encryption negotiation process. If the key and the encryption algorithm in the negotiation process are stolen, the encryption of the media stream may be cracked.
软交换不参与此加密过程。  Softswitches do not participate in this encryption process.
步骤 11 : 开始呼叫, 软交换接收到呼叫时, 通知媒体网关分配 IP资源, 媒体网关在 应答消息中, 发起加密参数的协商。  Step 11: Start the call. When the softswitch receives the call, it notifies the media gateway to allocate the IP resource. The media gateway initiates the negotiation of the encryption parameter in the response message.
软交换和媒体网关一般使用 H.248/MGCP (媒体网关控制协议)协议通讯, 软交换 和 IP终端一般使用 SIP/H.323协议通讯; 以下以常用的 H.248和 SIP协议为例说明; 使用这 些协议的呼叫建立过程都遵从标准协议。  The softswitch and the media gateway generally use the H.248/MGCP (Media Gateway Control Protocol) protocol to communicate. The softswitch and the IP terminal generally use the SIP/H.323 protocol to communicate. The following uses the commonly used H.248 and SIP protocols as an example. The call setup process using these protocols follows the standard protocol.
软交换在接收到呼叫后, 利用 H.248协议通知媒体网关分配 IP资源, 即分配一个 IP 地址和端口号, 用于接收和发送媒体流, 软交换还需要通知媒体网关预留加密资源。  After receiving the call, the softswitch uses the H.248 protocol to notify the media gateway to allocate IP resources, that is, assign an IP address and port number for receiving and transmitting the media stream, and the softswitch also needs to notify the media gateway to reserve the encrypted resource.
媒体网关在接收到上述软交换发送的消息后, 预留加密资源, 发送应答消息, 同时 发起加密参数协商, 可以通过在应答消息的 SDP (会话描述协议) 中携带加密参数来实 现, SDP协议中携带的加密参数包括: 加密算 b、 密钥 b、 加密对象, 该媒体网关可以 提供多个可供对方选择的所述加密参数序列。  After receiving the message sent by the softswitch, the media gateway reserves the ciphering resource, sends the acknowledgment message, and initiates the ciphering parameter negotiation, which can be implemented by carrying the ciphering parameter in the SDP (Session Description Protocol) of the acknowledgment message, in the SDP protocol. The encryption parameters carried include: an encryption calculation b, a key b, and an encryption object, and the media gateway can provide a plurality of the encryption parameter sequences selectable by the other party.
所述的加密算法可以是 RSA (公开密钥算法)、 DES (数据加密标准算法)、 AES (高 级数据加密算法)、 RC4等加密算法。  The encryption algorithm may be an encryption algorithm such as RSA (Public Key Algorithm), DES (Data Encryption Standard Algorithm), AES (Advanced Data Encryption Algorithm), RC4, or the like.
所述密钥 b是按加密算法的要求配套生成的。  The key b is generated in accordance with the requirements of the encryption algorithm.
所述加密对象是指对媒体流中哪部分内容进行加密, 可以是: 加密 2833报文、 加 密 T38传真数据、 加密 Modem数据, 加密 G.711 A语音编码等, 所述加密对象可以按 PT (载荷类型)来区别, 所述 PT是媒体流中区分不同报文类型的参数, 不同的加密对象可 以按 PT进行标识。 The encryption object refers to which part of the media stream is encrypted, and may be: an encrypted 2833 message, an encrypted T38 fax data, an encrypted Modem data, an encrypted G.711 A voice code, etc., and the encrypted object may be pressed by PT. (Load type) to distinguish, the PT is a parameter that distinguishes different message types in the media stream, and different encryption objects can be identified by PT.
上述的密钥 b, 其字段是按步骤 10中配置的加密算法 a和密钥 a加密后传输的, 加密 算法 a和加密算法 b可以是不同的算法, 密钥 a和密钥 b应当不同。  The key b, the field is encrypted and encrypted according to the encryption algorithm a and the key a configured in step 10. The encryption algorithm a and the encryption algorithm b may be different algorithms, and the key a and the key b should be different.
本实施例所述的是媒体网关侧发起的呼叫, 若是 IP终端首先发起的呼叫, 则在请求 消息的 SDP中携带加密参数,发起协商,该过程和媒体网关侧发起的协商过程原理相同。  In this embodiment, the call initiated by the media gateway side is the same as the call initiated by the IP terminal. The SDP of the request message carries the encryption parameter and initiates the negotiation. The process is the same as the negotiation process initiated by the media gateway.
步骤 12: 软交换接收到媒体网关的加密参数协商消息后, 把协商的加密参数透传给 IP终端。  Step 12: After receiving the encryption parameter negotiation message of the media gateway, the softswitch transparently transmits the negotiated encryption parameter to the IP terminal.
此过程软交换只是透传参数, 不参与协商, 协商过程由媒体网关和 IP终端之间端到 端进行。  In this process, the softswitch is only a transparent transmission parameter and does not participate in negotiation. The negotiation process is performed end-to-end between the media gateway and the IP terminal.
媒体网关使用 H.248协议, IP终端使用 SIP协议时,软交换只需要把 H.248协议消息中 SDP通过 SIP协议发送给 IP终端。  The media gateway uses the H.248 protocol. When the IP terminal uses the SIP protocol, the softswitch only needs to send the SDP in the H.248 protocol message to the IP terminal through the SIP protocol.
步骤 13 : IP终端接收到上述协商请求消息后, 在 SDP中携带的加密参数中选择本设 备支持的加密参数, 通过 SIP协议在应答消息中把选择的加密参数返回给软交换。  Step 13: After receiving the negotiation request message, the IP terminal selects the encryption parameter supported by the device in the encryption parameter carried in the SDP, and returns the selected encryption parameter to the softswitch in the response message through the SIP protocol.
IP终端根据本设备支持的加密算法和加密能力, 从请求 SDP中选择本次呼叫使用的 加密参数, 若不使用加密, 则不返回任何加密参数。 .  The IP terminal selects the encryption parameter used for the current call from the request SDP according to the encryption algorithm and encryption capability supported by the device. If no encryption is used, no encryption parameter is returned. .
IP终端选择的加密参数包括: 加密算法!)、 密钥 c、 加密对象。 密钥 c和密钥 b可以不 同, 这里的密钥 c指解密密钥。 令密钥 c与密钥 b不同, 表明呼叫的上下行媒体流使用不 同的密钥。  The encryption parameters selected by the IP terminal include: Encryption algorithm! ), key c, encrypted object. The key c and the key b may be different, and the key c herein refers to the decryption key. The key c is different from the key b, indicating that the upstream and downstream media streams of the call use different keys.
步骤 14: 软交换接收到 IP终端的应答消息后, 将协商结果通知给媒体网关。  Step 14: After receiving the response message from the IP terminal, the softswitch notifies the media gateway of the negotiation result.
软交换通过 H.248协议的 Modify (修改) 消息确认协商的加密参数, 媒体网关若接 受协商结果,则协商成功,发送确认消息给软交换;若不接受协商结果, 即协商不成功, 则根据用户业务要求, 可以中止业务或者不加密进行通话。  The softswitch confirms the negotiated encryption parameter through the Modify message of the H.248 protocol. If the media gateway accepts the negotiation result, the negotiation succeeds and sends an acknowledgement message to the softswitch. If the negotiation result is not accepted, the negotiation is unsuccessful. User service requirements, you can suspend the service or not encrypt the call.
步骤 15: 呼叫进行过程中, 按协商的加密参数, 对媒体流中的特定部分进行加密及 解密传输。  Step 15: During the call progress, the specific part of the media stream is encrypted and decrypted according to the negotiated encryption parameters.
步骤 16: 呼叫进行过程中, 任一方可以根据需要修改加密参数。  Step 16: During the call progress, either party can modify the encryption parameters as needed.
在呼叫进行过程中,若一方要求修改加密参数,则可以重新发起加密参数协商过程。 以 IP终端发起重协商为例,若 IP终端要求改变加密参数,则通过 SIP协议发送加密参 数协商请求给软交换, 软交换再把加密参数协商请求通过 H.248协议发送给媒体网关, 媒体网关选择在接收到的加密参数中选择本端支持的加密参数, 修改当前的加密参数, 并将修改后的加密参数返回给软交换, 最后发送到 IP终端, 重协商完成。 During the call progress, if one party requests to modify the encryption parameters, the encryption parameter negotiation process may be re-initiated. Taking the IP terminal to initiate the renegotiation as an example, if the IP terminal requests to change the encryption parameter, the cryptographic parameter negotiation request is sent to the softswitch through the SIP protocol, and the softswitch then sends the cryptographic parameter negotiation request to the media gateway through the H.248 protocol. The media gateway selects the encryption parameter supported by the local end in the received encryption parameter, modifies the current encryption parameter, returns the modified encryption parameter to the softswitch, and finally sends it to the IP terminal, and the re-negotiation is completed.
若重协商不成功, 即媒体网关不接受重协商过程中 IP终端提供的加密参数, 则保留 原来的加密参数。  If the renegotiation is unsuccessful, that is, the media gateway does not accept the encryption parameters provided by the IP terminal during the renegotiation process, the original encryption parameters are retained.
若是媒体网关主动发起重协商, 则通过 H.248的 Notify (通知)消息通知软交换, 该 过程和 IP终端发起的重协商过程相同。  If the media gateway initiates renegotiation, the softswitch is notified by the H.248 Notify message, which is the same as the renegotiation process initiated by the IP terminal.
综上所述, 本发明通过支持加密参数的端到端协商功能, 可以在使用 IP承载的媒体 设备间灵活协商是否支持加密功能、 加密的算法、 密钥和加密对象等加密参数, 软交换 等控制设备不需要控制此协商过程, 增加了加密传输的灵活性, 提高了 IP网络的业务安 全性。  In summary, the present invention can flexibly negotiate whether to support encryption functions, encryption algorithms, encryption parameters such as encryption keys, encryption keys, etc., softswitch, etc., by supporting end-to-end negotiation functions of encryption parameters. The control device does not need to control this negotiation process, which increases the flexibility of the encrypted transmission and improves the service security of the IP network.
以上所述, 仅为本发明较佳的具体实施方式, 但本发明的保护范围并不局限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到的变化或替 换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应该以权利要求的保 护范围为准。  The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or within the technical scope disclosed by the present invention. Alternatives are intended to be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权利要求 Rights request
1、 一种 NGN业务的加密方法, 其特征在于, 包括:  An encryption method for an NGN service, which is characterized by comprising:
在 IP设备间端到端协商加密参数, 根据协商确认的加密参数对媒体流中需要加密的 部分进行加密传输。  The encryption parameters are negotiated end-to-end between IP devices, and the parts of the media stream that need to be encrypted are encrypted and transmitted according to the encryption parameters confirmed by negotiation.
2、如权利要求 1所述的一种 NGN业务的加密方法, 其特征在于, 所述加密方法具体 包括:  The method for encrypting an NGN service according to claim 1, wherein the encryption method specifically includes:
A、 呼叫方发起加密参数协商;  A. The calling party initiates encryption parameter negotiation;
B、 被叫方接收到上述协商后, 选择本端支持的加密参数, 并返回至呼叫方; B. After receiving the above negotiation, the called party selects the encryption parameter supported by the local end and returns to the calling party;
C、 呼叫方确认上述被叫方选择的加密参数, 加密协商成功, 釆用协商的加密参数 对媒体流中的特定部分进行加密传输。 C. The calling party confirms the encryption parameter selected by the called party, and the encryption negotiation succeeds, and the specific part of the media stream is encrypted and transmitted by using the negotiated encryption parameter.
3、 如权利要求 2所述的一种 NGN业务的加密方法, 其特征在于, 所述步骤 A在发起 加密参数协商前还包括:  The method for encrypting an NGN service according to claim 2, wherein the step A further includes: before initiating the encryption parameter negotiation:
呼叫双方配置或使用密钥交换协议 IKE设定用于对加密协商过程中信令中的密钥信 息进行加密的密钥 a及所述密钥 a的加密算法 a。  The calling party configures or uses the key exchange protocol. IKE sets the key a used to encrypt the key information in the signaling during the encryption negotiation process and the encryption algorithm a of the key a.
4、如权利要求 2所述的一种 NGN业务的加密方法,其特征在于,所述步骤 A还包括: 呼叫方为呼叫业务分配 IP资源, 同时预留加密资源。  The method for encrypting an NGN service according to claim 2, wherein the step A further comprises: the calling party allocates an IP resource for the call service, and reserves an encrypted resource at the same time.
5、如权利要求 2所述的一种 NGN业务的加密方法,其特征在于,所述步骤 A还包括: 软交换接收呼叫方的加密参数协商消息, 将其透传给被叫方, 软交换不参与协商处 理。  The method for encrypting an NGN service according to claim 2, wherein the step A further comprises: receiving, by the softswitch, an encryption parameter negotiation message of the calling party, and transparently transmitting the message to the called party, the softswitch Do not participate in the negotiation process.
6、 如权利要求 2所述的一种 NGN业务的加密方法, 其特征在于, 所述步骤 A中呼叫 方发起加密参数协商中的加密参数是多个可供被叫方选择的加密参数序列。  The encryption method of the NGN service according to claim 2, wherein the encryption parameter in the negotiation of the encryption parameter initiated by the calling party in the step A is a plurality of encryption parameter sequences selectable by the called party.
7、 如权利要求 1至 6中任一项所述的一种 NGN业务的加密方法, 其特征在于, 所述 加密参数包括: 确认加密、 确认不加密、 加密算法、 密钥和 /或加密对象。  The method for encrypting an NGN service according to any one of claims 1 to 6, wherein the encryption parameter comprises: confirming encryption, confirming no encryption, encrypting algorithm, key, and/or encrypting object. .
8、如权利要求 2所述的一种 NGN业务的加密方法,其特征在于, 所述加密方法还包 括:  The method for encrypting an NGN service according to claim 2, wherein the encryption method further comprises:
D、 确定呼叫任一方要求修改加密参数, 则重新发起加密参数协商过程。  D. Determine whether the calling party requests to modify the encryption parameter, and then re-initiate the encryption parameter negotiation process.
9、如权利要求 8所述的一种 NGN业务的加密方法, 其特征在于, 所述加密方法还包 括- 若重协商不成功, 则保留原来协商的加密参数。  The encryption method for an NGN service according to claim 8, wherein the encryption method further comprises: if the renegotiation is unsuccessful, retaining the originally negotiated encryption parameter.
PCT/CN2006/001922 2005-10-24 2006-08-01 A encryption method for ngn service WO2007048301A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510114400.6 2005-10-24
CN 200510114400 CN1956443A (en) 2005-10-24 2005-10-24 Encipher method of NGN service

Publications (1)

Publication Number Publication Date
WO2007048301A1 true WO2007048301A1 (en) 2007-05-03

Family

ID=37967398

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001922 WO2007048301A1 (en) 2005-10-24 2006-08-01 A encryption method for ngn service

Country Status (2)

Country Link
CN (1) CN1956443A (en)
WO (1) WO2007048301A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494538B (en) * 2008-01-23 2014-04-02 华为技术有限公司 Data transmission control method and communication system and encipher control network element
CN101247218B (en) * 2008-01-23 2012-06-06 中兴通讯股份有限公司 Safety parameter negotiation method and device for implementing media stream safety
CN101222503A (en) * 2008-01-25 2008-07-16 中兴通讯股份有限公司 Safety parameter generating method and device for implementing media stream safety
CN101800734B (en) * 2009-02-09 2013-10-09 华为技术有限公司 Session information interacting method, device and system
CN101882995B (en) * 2009-05-06 2013-08-07 中兴通讯股份有限公司 Data sending, receiving and transmitting method and device thereof
CN102036232B (en) * 2010-12-17 2015-12-09 中兴通讯股份有限公司 A kind of base station data sending, receiving method and device
CN104038930B (en) * 2013-03-04 2017-10-10 北京信威通信技术股份有限公司 A kind of method of Duan Dao centers IP packets encryption
CN108696512B (en) * 2018-04-24 2021-02-02 苏州科达科技股份有限公司 Cross-protocol code stream encryption negotiation method and device and conference equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1479480A (en) * 2002-08-26 2004-03-03 华为技术有限公司 Method of consulted encryption algorithm
CN1564509A (en) * 2004-03-23 2005-01-12 中兴通讯股份有限公司 Key consaltation method in radio LAN
CN1564514A (en) * 2004-03-26 2005-01-12 中兴通讯股份有限公司 Self arranged net mode shared key authentication and conversation key consulant method of radio LAN
CN1658552A (en) * 2004-02-17 2005-08-24 华为技术有限公司 Method for safety transfering medium flow
US20050198490A1 (en) * 2004-03-02 2005-09-08 Microsoft Corporation Dynamic negotiation of encryption protocols
CN1681239A (en) * 2004-04-08 2005-10-12 华为技术有限公司 Method for supporting multiple safe mechanism in wireless local network system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1479480A (en) * 2002-08-26 2004-03-03 华为技术有限公司 Method of consulted encryption algorithm
CN1658552A (en) * 2004-02-17 2005-08-24 华为技术有限公司 Method for safety transfering medium flow
US20050198490A1 (en) * 2004-03-02 2005-09-08 Microsoft Corporation Dynamic negotiation of encryption protocols
CN1564509A (en) * 2004-03-23 2005-01-12 中兴通讯股份有限公司 Key consaltation method in radio LAN
CN1564514A (en) * 2004-03-26 2005-01-12 中兴通讯股份有限公司 Self arranged net mode shared key authentication and conversation key consulant method of radio LAN
CN1681239A (en) * 2004-04-08 2005-10-12 华为技术有限公司 Method for supporting multiple safe mechanism in wireless local network system

Also Published As

Publication number Publication date
CN1956443A (en) 2007-05-02

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
KR100862050B1 (en) Secure voip communication method and user agent using the same
CN101379802B (en) Method and device for the encoded transmission of media data between the media server and the subscriber terminal
WO2009021441A1 (en) Transmitting and receiving method, apparatus and system for security policy of multicast session
WO2007048301A1 (en) A encryption method for ngn service
CN101268644A (en) Method and apparatus for transporting encrypted media streams over a wide area network
US7986773B2 (en) Interactive voice response system security
KR101297936B1 (en) Method for security communication between mobile terminals and apparatus for thereof
WO2017215443A1 (en) Message transmission method, apparatus and system
WO2008040213A1 (en) Message encryption and signature method, system and device in communication system
US8181013B2 (en) Method, media gateway and system for transmitting content in call established via media gateway control protocol
CN1881869B (en) Method for realizing encryption communication
WO2005104423A1 (en) The method of secret communication between the endpoints
WO2017197968A1 (en) Data transmission method and device
WO2007093079A1 (en) Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy
WO2011131051A1 (en) Method and device for security communication negotiation
WO2008083607A1 (en) Method and system of safely transferring media stream
WO2009094813A1 (en) Security parameters negotiation method and apparatus for realizing the security of the media flow
KR101121230B1 (en) Sip base voip service protection system and the method
WO2008074226A1 (en) A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones
KR20120087550A (en) Encrypted Communication Method and Encrypted Communication System Using the Same
KR101094631B1 (en) Video banking service system and its method
WO2009094814A1 (en) A security parameter generating method for implementing media stream security and the apparatus thereof
JP6554851B2 (en) IP phone encryption apparatus and encryption method
KR101269828B1 (en) Secure call service method using radio communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06761613

Country of ref document: EP

Kind code of ref document: A1