WO2008089694A1 - Procédé, système et équipement d'obtention de clé de protection de flux multimédia dans un réseau ims - Google Patents

Procédé, système et équipement d'obtention de clé de protection de flux multimédia dans un réseau ims Download PDF

Info

Publication number
WO2008089694A1
WO2008089694A1 PCT/CN2008/070138 CN2008070138W WO2008089694A1 WO 2008089694 A1 WO2008089694 A1 WO 2008089694A1 CN 2008070138 W CN2008070138 W CN 2008070138W WO 2008089694 A1 WO2008089694 A1 WO 2008089694A1
Authority
WO
WIPO (PCT)
Prior art keywords
calling
called
key
message
network entity
Prior art date
Application number
PCT/CN2008/070138
Other languages
English (en)
Chinese (zh)
Inventor
Chengdong He
Jun Yan
Zhanjun Zhang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008089694A1 publication Critical patent/WO2008089694A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment

Definitions

  • the present invention relates to media stream encryption techniques, and more particularly to a method, system and apparatus for obtaining a media stream protection key in an IMS network. Background of the invention
  • the IP Multimedia Service Subsystem is the core session control layer for fixed and mobile networks. It is one of the focuses of the development of the communications field and is already in the 3GPP, The Third Generation Partnership Project. IMS-related specifications such as network architecture, interfaces, protocols, etc. are defined in the Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN).
  • IMS IP Multimedia Service Subsystem
  • the IMS network is divided into an access domain and a network domain, and security specifications of the access domain and the network domain are respectively defined.
  • the current security specifications are for the control plane in the IMS network, that is, how to ensure the security of the session protocol in the IMS network, and the media stream itself is transmitted in plaintext.
  • the user may be eavesdropped, tampered, etc. during the call, and the user's call security cannot be guaranteed.
  • an embodiment of the present invention provides a method for acquiring a media stream protection key in an IMS network, where a calling terminal device (UE) and a called UE can obtain a key from a network side, The media stream transmitted by the user to the user can be protected.
  • UE calling terminal device
  • UE called UE
  • the technical solution proposed by the embodiment of the present invention is: a.
  • the calling terminal device UE sends a session request message to the network entity, and the network entity adds the key to the session request message, and sends the message to the session request message.
  • the called UE returns a response message to the network entity, and the network entity adds the key to the response message and sends the key to the calling UE.
  • the embodiment of the invention provides a system for acquiring a media stream protection key in an IMS network.
  • the calling UE and the called UE can obtain a key from the network side, so as to protect the media stream transmitted by the user to the user.
  • the technical solution provided by the embodiment of the present invention is: a system for acquiring a media stream protection key in an IMS network, where the system includes: a terminal device UE, when used as a calling UE, Sending a session request message to the network entity, and receiving the session response message carrying the key; when receiving the session request message, receiving the session request message sent from the network entity, and returning the session response message;
  • a network entity configured to: when receiving a session request message sent by the calling UE, add a key to the session request message, and send the key to the called UE; and further, receive the session response message sent by the called UE, and The key is added to the session response message and sent to the calling UE.
  • the embodiment of the invention further provides a network entity that obtains a media stream protection key in an IMS network, and can provide a key for the calling UE and the called UE.
  • the technical solution provided by the embodiment of the present invention is: A network entity that provides a media stream protection key to a terminal device UE in an IMS network, where the network entity includes:
  • a receiving unit configured to receive a session request message sent by the calling UE, and receive a session response message sent by the called UE;
  • the key obtaining unit when receiving the session request message sent by the calling UE, Adding to the session request message, and sending it to the called UE through the sending unit; when receiving the session response message sent by the called UE, adding the key to the session response message, and transmitting the key to the calling UE through the sending unit;
  • the sending unit sends a session request message to the called UE, and sends a session response message to the calling UE.
  • the embodiment of the invention further provides a user equipment for acquiring a media stream protection key in an IMS network, which can obtain a key from a network entity.
  • a user equipment UE that obtains a media stream protection key in an IMS network, where the user equipment includes:
  • transceiver unit configured to send and receive session messages
  • a parsing unit configured to parse the key from the session message when the session message received by the transceiver unit carries the key
  • the key deriving unit is configured to: when the parsing unit parses the key generated by the calling network side and the key generated by the called network side from the session message, the parsed key and the called party generated by the calling network side are parsed.
  • the key generated by the network side is derived into a new key, and the derived key is used as a media stream protection key.
  • the embodiment of the present invention further provides a method for protecting a key by a media stream.
  • the UE and the media processing function entity (MP) can obtain a key from the network side, so as to protect the media stream transmitted by the user to the network.
  • MP media processing function entity
  • the technical solution provided by the embodiment of the present invention is: A method for obtaining a media stream protection key in an IMS network, the method comprising the following steps:
  • the network entity After receiving the session message, the network entity obtains the key from the key management function entity KMF; the network entity sends the obtained key to the terminal device UE and the media processing function respectively. Body MP.
  • the embodiment of the present invention further provides a system for protecting a key of a media stream.
  • the UE and the media processing function entity (MP) can obtain a key from the network side, so as to protect the media stream transmitted by the user to the network.
  • MP media processing function entity
  • the technical solution provided by the embodiment of the present invention is: A system for acquiring a media stream protection key in an IMS network, the system comprising: a terminal device UE, configured to receive a key sent by a network entity ;
  • a media processing function MP configured to receive a key sent by a network entity
  • a network entity configured to receive a session message, and obtain a key from a key management function KMF, and send the key to the UE and the MP;
  • KMF Key management function KMF, used to generate keys.
  • the embodiment of the present invention further provides a network entity that provides a media stream protection key in an IMS network, and provides a key for the UE and the MP to protect the media stream transmitted by the user to the network.
  • the technical solution provided by the embodiment of the present invention is: A network entity that provides a media stream protection key in an IMS network, where the network entity includes:
  • a receiving unit configured to receive a session message
  • the key obtaining unit when receiving the session message, obtains a key from the key management function KMF, adds the key to the session message, and transmits the key to the sending unit;
  • the sending unit sends the session message carrying the key to the UE and the media processing function
  • the present invention provides a method, system, and apparatus for acquiring a media stream protection key in an IMS network, which may generate a key by the network side, and deliver the generated key to an entity that needs to protect the media stream. , in turn, to protect the transmitted media stream.
  • Embodiment 1 is a flow chart of Embodiment 1 of the method of the present invention.
  • FIG. 2a is a schematic diagram of a message flow of Embodiment 2 of the method of the present invention.
  • FIG. 2b is a schematic diagram of a message flow according to Embodiment 3 of the method of the present invention.
  • FIG. 3 is a schematic diagram of a message flow of a fourth embodiment of the method of the present invention.
  • FIG. 4 is a schematic diagram of a basic structure of a system for user-to-user media stream protection according to the present invention
  • FIG. 5a is a schematic diagram of a basic structure of a system embodiment of the present invention
  • Figure 5b is a schematic diagram showing the basic structure of the second embodiment of the system of the present invention.
  • Figure 5c is a schematic diagram showing the basic structure of the third embodiment of the system of the present invention.
  • Figure 5d is a schematic diagram of the internal structure of the network entity in the case of user-to-user media stream protection
  • Figure 5e is a schematic diagram of the internal structure of the user equipment in the case of user-to-user media stream protection
  • Figure 6 is a flowchart of Embodiment 5 of the method of the present invention
  • FIG. 7 is a schematic diagram of message flow on a calling side of a sixth embodiment of the method according to the present invention.
  • FIG. 8 is a schematic diagram of a message flow of a called party side according to Embodiment 6 of the method of the present invention.
  • Embodiment 7 of the method according to the present invention.
  • FIG. 10 is a schematic diagram of a message flow of a called party side according to Embodiment 7 of the method of the present invention.
  • FIG. 11 is a schematic diagram of a message flow on a calling side of an embodiment of the method according to the present invention.
  • FIG. 12 is a schematic diagram of a message flow of a called party side according to Embodiment 8 of the method of the present invention.
  • FIG. 13 is a schematic diagram of message flow on the calling side of the ninth embodiment of the method according to the present invention.
  • FIG. 15 is a schematic diagram of a basic structure of a system for protecting a user to a network media stream according to the present invention
  • FIG. 16 is a schematic diagram of a basic structure of a fourth embodiment of the system of the present invention.
  • FIG. 17 is a schematic diagram showing the basic structure of Embodiment 5 of the system of the present invention.
  • FIG. 18 is a schematic diagram showing the internal structure of a network entity in the case of user-to-network media stream protection. Mode for carrying out the invention
  • the basic idea of the present invention is that the generated key is obtained by the network side entity, and then the key is sent to an entity that needs to protect the transmitted media stream.
  • the entity that needs to protect the transmitted media stream here may be a terminal device (UE) or a media processing function entity (MP) in the network. That is, the media stream protection key may be obtained by the calling UE and the called UE, and then the media stream transmitted between the calling UE and the called UE may be protected by using the key, that is, user-to-user protection; The media stream protection key may also be obtained by the UE and the MP on the network side. The media stream transmitted between the UE and the MP may also be protected by the key, that is, user-to-network protection.
  • UE terminal device
  • MP media processing function entity
  • the present invention provides a method and system for obtaining a media stream protection key for user-to-user media stream protection and user-to-network media stream protection, respectively.
  • FIG. 1 is a flowchart of Embodiment 1 of a method for obtaining a media stream protection key. As shown in FIG. 1, the method embodiment 1 may include the following steps:
  • Step 101 The calling terminal device UE sends a session request message to the network entity, and the network entity adds the media stream protection key to the session request message, and sends the message to the called UE.
  • Step axl After receiving the session request message sent by the calling UE, the calling network entity obtains the key generated by the calling network side, and sends the key generated by the calling network side to the called network entity through the session request message.
  • the session request message is a PRACK or an UPDATE message
  • the calling network entity may be a calling call session control function entity S-CSCF or a calling application server.
  • AS can also be AS-KMF. If the calling S-CSCF or the calling AS is the calling party, the method for the calling S-CSCF or the calling AS to obtain the key generated by the local side may be:
  • the calling S-CSCF or the calling AS sends a key request message to the calling KMF, and the calling KMF returns the generated key to the calling S-CSCF or the calling AS through the key response message.
  • the key on the calling network side is AS-KMF
  • Step ax2 After receiving the session request message, the called network entity obtains the key generated by the called network side and adds the key to the session request message, and then sends the session request message to the called UE.
  • the called network entity has obtained the key generated by the calling network side and the key generated by the local side, and can directly use the key generated by the calling side and the key generated by the side as a media stream.
  • Protecting the key after the received UE receives the session request message, the called UE derives a new one according to the key generated by the calling network side and the key generated by the local side in the session request message. Key, and the derived key as the media stream protection key.
  • the called network entity may also derive a new key according to the key generated by the calling network side and the key generated by the local side, and use the derived key as the media stream protection key.
  • Step 102 The called UE returns a response message to the network entity, and the network entity sends the media stream. A protection key is added to the response message and sent to the calling UE.
  • the session response message may be a 200 response message
  • the step 102 may include:
  • Step bxl after receiving the session response message returned by the called UE, the called network entity carries the key generated by the called network side in the session response message, and sends the key to the calling network entity;
  • Step b2 After receiving the session response message, the calling network entity adds a key generated by the calling network side to the session response message and sends the message to the calling UE.
  • the calling network entity is called the S-CSCF, the calling AS or the calling AS-KMF, and the calling S-CSCF, the calling AS or the calling AS-KMF can directly generate the key generated by the calling network side.
  • the key generated by the network side and the called network side are used as the media stream protection key, and after the calling UE receives the session response, the calling UE generates the key generated by the local side and the called side according to the session response message.
  • the key derives a new key and uses the derived key as a media stream protection key.
  • the calling S-CSCF, the calling AS or the calling AS-KMF may also derive a new key according to the key generated by the calling network side and the key generated by the called network side, and will be derived.
  • the key acts as a media stream protection key.
  • the security capability may be negotiated before the calling UE and the called UE obtain the media stream protection key.
  • the method may be:
  • the calling UE sends a session establishment request message carrying the media stream security capability information provided by itself to the called UE through the network entity, where the session establishment request message is an invite (INVITE) request message; the called UE provides according to the calling UE.
  • the media stream security capability information determines the media stream security capability information that needs to be provided, and the provided media stream security capability information is carried in the session establishment response response message, and is returned to the calling UE by the network entity, and the session establishment response message is sent.
  • a response message of 183 when the calling network entity receives the INVITE request message, the method further includes: the calling network entity determines that the calling UE has subscribed to the media stream security service, and the calling UE has subscribed to the media stream security. Adding an identifier of the service to the INVITE request message, and then performing the step of sending the INVITE request message to the called network entity;
  • the method further includes: the called network entity checks that the requesting message has an identifier that the calling UE has subscribed to the media stream security service, and determines that the called UE is also already Signing the media stream security service, and then continuing to perform the step of sending the INVITE request message to the called UE;
  • the method further includes: the called network entity adds an identifier of the called UE that has subscribed to the media stream security service to the 183 response message, and then continues to perform the 183 response.
  • the method further includes: the calling network entity checks that the called UE has subscribed to the identifier of the media stream security service, and then continues to send the 183 response message to the primary message.
  • the step of calling UE is the calling network entity checks that the called UE has subscribed to the identifier of the media stream security service, and then continues to send the 183 response message to the primary message. The step of calling UE.
  • the network entity that generates the key on the calling side is called the AS, and the entity that generates the key is the KMF, which is an independent entity.
  • the network entity that generates the generated key on the called side is called.
  • AS the entity that generates the key is called KMF, which is a separate entity.
  • Independent KMFs and ASs can use a direct interface to pass keys, such as carrying keys using protocols such as Diameter or HTTP.
  • Independent KMF can be used as an IMS
  • the way of the application server in the network communicates with the S-CSCF through the ISC interface, so that both the KMF and the AS communicate in the form of an application server.
  • Step 201 The calling UE sends a session establishment request message to the calling CSCF, where the session The setup request message carries the media stream security capability information provided by the calling UE.
  • the session establishment request message described in this step is an invitation (INVITE) message in a Session Initiation Protocol (SIP), and the media stream security capability information includes a security algorithm, and may also include a media type to be protected, a security transmission protocol type, and security.
  • INVITE invitation
  • SIP Session Initiation Protocol
  • the security algorithm may be an integrity security algorithm or a confidentiality security algorithm
  • the media type to be protected may be text, audio, video, etc.
  • the security transmission protocol type may be RTP/SAVP or RTP/SAVPF.
  • the security premise is used to indicate the security requirements of the media stream in the current session, and may include the strength identifier of the media stream security protection that the initiating entity desires, such as: mandatory, optional, negligible ( none ).
  • the security premise may also include a desired security negotiation configuration result and a current configuration situation, such as: whether to complete the negotiation, the receiving direction has completed the security configuration, and the receiving and transmitting methods complete the security configuration.
  • the media stream security capability information of the calling UE may be used to provide the media stream security capability information of the called UE to the called UE.
  • the calling UE can support five security algorithms, but only three security algorithms can be selected for the called UE.
  • the INVITE message can carry only three security algorithms provided.
  • the calling UE can also provide the supported 5 security algorithms to the called UE. How to determine the provided media stream security capability information needs to be determined by the actual situation.
  • Step 202 The calling CSCF sends the session establishment request message to the calling AS.
  • the calling CSCF may trigger a session establishment request message to the calling AS by using an initial filtering rule set in advance. As for how to trigger, it belongs to the prior art, and will not be described here.
  • Step 203 to step 205 The calling AS determines that the calling UE has subscribed to the media stream protection service, adds the identifier of the subscribed media stream protection service of the calling UE to the session establishment request message, and then passes the session establishment request message.
  • the calling CSCF is sent to the called CSCF.
  • the calling AS may determine whether the calling UE has subscribed to the media stream protection service according to the information related to the subscription recorded in advance. For example: querying the information related to the subscription according to the identifier of the calling UE in the session establishment request message, and determining whether the calling UE subscribes according to the information related to the subscription.
  • the calling AS can also check the signing situation of the calling UE by other methods, and details are not described herein again.
  • Step 206 After receiving the session establishment request message, the called CSCF sends the session establishment request message to the called AS.
  • Step 207 to step 209 The called AS checks that the session establishment request message has an identifier that the calling UE has subscribed to the media stream protection service, and determines that the called UE has also subscribed to the media stream protection service, and then the session establishment request is performed. The message is sent to the called UE through the called CSCF.
  • the called AS can also use the same method as the calling party to determine that the called UE has subscribed to the media stream protection service, and details are not described herein.
  • the session establishment response message is a 183 message, and the media stream security capability information that the called UE needs to provide may be all or part of information that can be supported by the calling UE.
  • the called UE determines from the received INVITE message that the calling UE can support three security algorithms. If the called UE supports only two security algorithms, it can return all two types that can be supported to the calling UE.
  • the security algorithm may also return one of the security algorithms to the calling UE.
  • Step 216 to step 218 The calling AS checks that the session establishment response message includes the identifier that the called UE has subscribed, and sends the session establishment response message to the calling UE through the calling CSCF.
  • steps 201 to 218 are actually a process of negotiating security capabilities between the calling UE and the called UE, and the acquiring party can support parameters such as a security algorithm and a secure transmission protocol, thereby determining to be used for the session.
  • Media stream security capabilities information is actually a process of negotiating security capabilities between the calling UE and the called UE, and the acquiring party can support parameters such as a security algorithm and a secure transmission protocol, thereby determining to be used for the session.
  • Media stream security capabilities information is actually a process of negotiating security capabilities between the calling UE and the called UE, and the acquiring party can support parameters such as a security algorithm and a secure transmission protocol, thereby determining to be used for the session.
  • the calling AS In the process of negotiating between the calling UE and the called UE, on the calling side, the calling AS also needs to check whether the calling UE has subscribed, and adds the identifier that the calling UE has subscribed to the message; The called AS also needs to check whether the called UE has subscribed, and adds the identifier of the called UE that has been signed to the returned response message.
  • the calling UE and the called UE are the default users who have subscribed to the media stream protection service, or the media stream protection service is a basic service, all users do not need to perform the subscription check.
  • the calling AS and the called AS may not check the subscription situation; or, the calling AS and the called AS may also check by one party, and the other party does not check; or the calling CSCF and the called CSCF directly check the subscription.
  • the calling CSCF inspection or the AS inspection can be determined according to the actual situation, and will not be repeated here.
  • the calling AS Similar to the check signing, in the process of negotiating between the calling UE and the called UE, if the calling UE has already signed the contract, the calling AS also needs to add the identity that the calling UE has subscribed to the session establishment request message; The UE has already signed the contract, and the called AS also needs to add the identifier that the called UE has subscribed to the session establishment response message. In this way, the calling side and the called side can clarify the other party's signing situation, so that different strategies can be adopted according to the situation.
  • the calling AS and the called AS may not notify the other party of the signing of the local side, and then it is not necessary to add the identifier that the local UE has subscribed to the message, so that the corresponding one of the above steps is corresponding. Contract processing can also be done.
  • the session request message described herein may be an acknowledgment (PRACK) message and carries media stream security capability information for the current session determined by the calling UE.
  • PRACK acknowledgment
  • Step 221 The calling AS obtains the key Kl from the calling KMF.
  • the primary The called AS can send a key request message to the calling KMF, the calling KMF generates a key, and then returns the generated key K1 to the calling AS.
  • the calling KMF may also return information such as the key identifier of the key K1, the key validity period, and the like to the calling AS.
  • Step 226 The called AS obtains the key K2 from the called KMF.
  • the called AS can send a key request message to the called KMF, the called KMF generates a key, and returns the generated key K2 to the called AS.
  • the called KMF can also return the key identification of the key K2, the key validity period, and the like to the called AS.
  • the session response message described herein is a 200 message, and may carry the media stream security capability information confirmed by the called UE.
  • the media stream security capability includes a security algorithm, and may also include one or more arbitrary groups of media types, secure transmission protocol types, and security prerequisites to be protected. Hehe.
  • Step 232 ⁇ Step 235 The called AS adds the key K2 to the session response message, and sends it to the calling AS through the called CSCF and the calling CSCF.
  • the called KMF also returns the key identifier of the key K2, the key validity period and the like to the called AS in advance, the called AS can also identify the key for the key K2, Information such as the key validity period is also added to the session response message.
  • Step 236 to step 238 The calling AS derives a new key according to the key K1 generated by the local side and the key K2 generated by the called side, and uses the derived key as a media stream protection key, and the The media stream protection key is added to the session response message and then sent to the calling UE through the calling CSCF.
  • the calling side and the called side respectively generate a key, and a new key is derived according to the key generated by the side and the key generated by the other party, and the derived key is used as a media stream to protect the secret.
  • the keys are sent to the calling UE and the called UE, respectively. Thereafter, the calling UE and the called UE can use the key to protect the transmitted media stream. For example, when the calling UE needs to transmit the media stream to the called UE, the media stream can be protected and transmitted to the called UE by using the derived key. Conversely, if the called UE needs to transmit the media stream to the calling UE, The media stream is protected and transmitted to the calling UE by using the derived key.
  • the calling AS and the called AS may also generate the derived key and directly use the key generated by the local side and the generated key of the other party as the media stream protection key. That is, the calling UE and the called UE will simultaneously obtain the key K1 and the key K2, one of which serves as a key for protecting the media stream when sent to the other party, and the other key for receiving the protected media. flow.
  • the key is derived by the calling AS and the called AS.
  • the key may be derived by the calling CSCF and the called CSCF respectively; or, by the calling UE and the called party respectively
  • the UE derives the key.
  • the method for deriving a key in this embodiment may be: string K1 and key K2 are connected by a string, and key K1 and key K2 may be used as input parameters of a key generation function, etc., - enumeration.
  • the KMF is an independent entity.
  • the KMF may also be a function unit in an entity such as an AS, a CSCF, or a Home Subscriber Server (HSS).
  • HSS Home Subscriber Server
  • the KMF is integrated with the AS as an independent functional entity AS-KMF, and the network entity that generates the key on the calling side is called the AS-KMF; the network entity that generates the key on the called side is sent.
  • AS-KMF the network entity that generates the key on the called side is sent.
  • AS-KMF the network entity that generates the key on the called side is sent.
  • AS-KMF the network entity that generates the key on the called side
  • AS For the called AS-KMF.
  • the AS needs to obtain a key from the KMF.
  • the specific process is similar to that of the second embodiment.
  • Step 201 The calling UE sends a session establishment request message to the calling CSCF, where The session establishment request message carries the media stream security capability information provided by the calling UE.
  • step 201 is similar to step 201 in the second embodiment of the method, and details are not described herein again.
  • the calling CSCF may send a session establishment request message to the calling AS-KMF by using an initial filtering rule set in advance.
  • Step 206' After receiving the session establishment request message, the called CSCF sends the session establishment request message to the called AS-KMF.
  • Step 207 ′ to step 209 ′ the called AS-KMF check session establishment request message has an identifier that the calling AS-KMF supports media stream security protection, and then sends the session establishment request message to the called UE through the called CSCF. .
  • Step 210' The called UE sends a session establishment response message to the called CSCF, and the called CSCF sends the received session establishment response message to the called AS-KMF.
  • the session establishment response message is a 183 message
  • the media stream security capability information that the called UE needs to provide is the media stream security capability provided by the calling UE in the session establishment request supported by the called UE.
  • the calling UE provides three security algorithms. If the called UE supports only two security algorithms, it can return two supported security algorithms to the calling UE, and can also return to the calling UE. One of the security algorithms.
  • Step 212' ⁇ Step 215':
  • the called AS-KMF adds the identifier of the called AS-KMF support media stream security protection to the session establishment response message, and sends a session establishment response message to the called CSCF and the calling CSCF.
  • the caller is AS-KMF.
  • AS-KMF adds support for media stream security protection identifiers.
  • Called AS-KMF added method
  • the step 20 to the step 218 ′ are actually a process of negotiating the security capability between the calling UE and the called UE, and acquiring the parameters that the other party can support the security algorithm and the secure transmission protocol, thereby determining the current use for this time.
  • Media stream security capability information for the session are actually a process of negotiating the security capability between the calling UE and the called UE, and acquiring the parameters that the other party can support the security algorithm and the secure transmission protocol, thereby determining the current use for this time.
  • Media stream security capability information for the session are actually a process of negotiating the security capability between the calling UE and the called UE, and acquiring the parameters that the other party can support the security algorithm and the secure transmission protocol, thereby determining the current use for this time.
  • the calling and called AS-KMFs notify each other by supporting the media stream security protection so that the calling and called AS-KMF can confirm that both the calling and the called network entities can support the media stream security, thus confirming the follow-up.
  • the key can be issued in the session.
  • the called AS-KMF After the called AS-KMF checks the identity of the media stream security protection of the calling AS-KMF in the session establishment request message, the identifier of the called AS-KMF supporting the media stream security protection may be further added in the message and sent to the called UE. Therefore, the called UE can confirm that both the calling network and the called network support the flow stream security protection.
  • Step 219' to step 220' The calling UE sends a request message to the calling AS-KMF through the calling CSCF.
  • the request message described herein may be an acknowledgment (PRACK) or an UPDATE message, and carries the media stream security capability information determined by the calling UE.
  • PRACK acknowledgment
  • UPDATE UPDATE
  • the method for determining the media stream security capability information used by the calling UE may be: The calling UE determines the used media stream security capability information according to the media security capability information provided by the called UE. That is, the media stream security provided by the calling UE from the called UE Select the media stream security capability information actually used in this session, such as called
  • the UE returns two security algorithms, and the calling UE selects a security algorithm as the actual used security algorithm.
  • Step 22 to Step 224' The calling AS-KMF generates a key K1 and adds it to the request message, and sends it to the called AS-KMF through the calling CSCF and the called CSCF.
  • the called AS-KMF uses a similar method to the calling AS-KMF to generate the corresponding key.
  • Step 228' The called UE derives a new key ⁇ according to the key K1 and the key ⁇ 2, and uses the derived key ⁇ as the media stream protection key.
  • Step 229' The called UE sends a response message to the called AS-KMF through the called CSCF.
  • the response message described here is a 200 message, which carries the media stream security capability information used by the session in the request message.
  • Step 231' ⁇ Step 234': The called AS-KMF adds the key K2 to the session response message and sends it to the calling AS-KMF through the called CSCF and the calling CSCF.
  • Step 238' The calling UE derives a new key K according to the key K1 and the key K2, and uses the derived key K as a media stream protection key.
  • the calling side and the called side AS-KMF respectively generate keys K1 and K2, and the calling UE and the called UE further derive the key K according to the key K1 and the key K2, which will be derived.
  • the key K is used as a media stream protection key.
  • the calling UE and the called UE can use the key to protect the transmitted media stream. For example, when the calling UE needs to transmit the media stream to the called UE, the media stream can be protected and transmitted to the called UE by using the derived key. Conversely, if the called UE needs to transmit the media stream to the calling UE, The media stream is protected and transmitted to the calling UE by using the derived key.
  • the calling and called AS-KMF can also derive the key, and send the derived key as the key of the media stream to the calling UE and the called UE.
  • the specific derivation and delivery mode and implementation Example 2 is similar.
  • the keys can be derived by the calling CSCF and the called CSCF, respectively, in a similar manner.
  • the calling UE and the called UE can also directly use the key K1 and the key K2 as keys for protecting the media stream without deriving a new key K, for example, where the key K1 is sent to the called party as the calling UE.
  • the UE media data protects the key of the media stream, and the key K2 is used by the calling UE to decrypt and receive the protected media stream sent by the called UE.
  • the method for deriving a key in this embodiment may be: the key K1 and the key K2 are connected by a character string; the key K1 and the key K2 may also be used as input parameters of the key generation function, for example, using a hash function.
  • the key generation function generates a key, not here - enumerated.
  • the network entity that generates the key generated by the calling network side is called the CSCF.
  • the calling KMF that generates the key is a functional unit in the AS.
  • the network entity that obtains the generated key on the called side is the called CSCF, and the called KMF that generates the key is a functional unit in the called AS.
  • FIG. 3 is a schematic diagram of a message flow of this embodiment. As shown in FIG. 3, this embodiment may include the following steps:
  • step 201 of the second embodiment is the same as step 201 of the second embodiment, and details are not described herein again.
  • Step 302 The calling CSCF sends the session establishment request message to the calling AS. This step is the same as step 201 of the second embodiment, and details are not described herein again.
  • Step 306 After receiving the session establishment request message, the called CSCF sends the session establishment request message to the called AS.
  • step 206 of the second embodiment This step is the same as step 206 of the second embodiment, and details are not described herein again.
  • Step 307 ?? Step 309 The called AS determines that the called UE has also subscribed to the media stream protection service, and then sends the session establishment request message to the called UE through the called CSCF.
  • Steps 310 to 312 The called UE sends a session establishment response message to the called CSCF, and the called CSCF sends the session establishment response message to the calling UE through the calling CSCF.
  • the called UE may determine the media stream security capability information that needs to be provided according to the media stream security capability information provided by the calling UE in the session establishment request message, and carry the determined media stream security capability information in the session establishment response message. , is sent to the calling UE through the called CSCF and the calling CSCF.
  • the session establishment response message described herein is a 183 message, and the media stream security capability information to be provided by the called UE may be all or part of information that can be supported by the calling UE.
  • the calling AS and the called AS may not check the subscription situation; or the calling AS and the called AS may check by one party, and the other party does not check; or directly
  • the contract is checked by the calling CSCF and the called CSCF.
  • the CSCF inspection or the AS inspection can be determined according to the actual situation, and will not be repeated here.
  • the calling AS can also add the identifier of the subscribed media stream protection service of the calling UE to the session establishment request message, and the called AS can sign the media stream protection service of the called UE. The identity is added to the session establishment response message.
  • Step 313 The calling UE sends a session request message to the calling CSCF.
  • Step 314 The calling CSCF obtains the key K1 from the calling KMF.
  • step 221 is similar to step 221 in the second embodiment.
  • the calling CSCF obtains the key K1 directly from the calling KMF, and can also obtain the key identifier for the key K1, the key validity period, and the like. Information, no more details here.
  • Step 320 The called UE returns a session response message to the called CSCF.
  • Step 323 to step 324 The calling CSCF derives a new key according to the key K1 generated by the local side and the key K2 generated by the called side, and uses the derived key as a media stream protection key, and the The media stream protection key is added to the session response message and then sent to the calling UE.
  • the unique media stream security mode is determined, and the mode in the message is modified to ensure the determined media stream security.
  • the mode is further executed, that is, the INVITE message is sent to the called S-CSCF; the called S-CSCF sends the INVITE message to the called UE through the called AS and the called P-CSCF;
  • the called P-CSCF sends a 183 message carrying the security capability information of the media stream provided by itself, and the called P-CSCF sends it to the called S-CSCF, and is sent by the called S-CSCF to the called AS;
  • the 183 message is sent to the called S-CSCF; the called S-CSCF is sent to the calling S-CSCF; and the calling S-CSCF receives the 183 message and sends the message.
  • the calling AS checks the media stream security determined by the called network from the 183 message. After the 183 message is sent to the calling S-CSCF; the calling S-CSCF is then sent to the calling P-CSCF; the calling P-CSCF confirms the media stream security mode, and continues to send to the calling UE, thereby completing the main
  • the media stream security mode negotiation between the UE and the called UE is called.
  • the present invention also provides a corresponding system for acquiring the media stream protection key.
  • Figure 4 is a schematic diagram of the basic structure of the system.
  • the system includes at least: a terminal device UE401, configured to send a session request message to the network entity 402, and receive a session response message carrying a key, when acting as a calling UE; And receiving a session request message sent from a network entity, and returning a session response message.
  • the network entity 402 is configured to: when receiving the session request message sent by the calling UE, add the key to the session request message, and send the key to the called UE; and further, receive the session response message sent by the called UE, The key is added to the session response message and sent to the calling UE.
  • the UE 401 may be further configured to derive a new key generated by the received key generated by the calling network side and the generated key of the called network side, and use the derived key as a media stream to protect the confidentiality. key.
  • the network entity 402 when acting as a calling network entity, is configured to receive a session request message sent by the calling UE, obtain a key generated by the calling network, and pass the key generated by the calling network side.
  • the session request message is sent to the called network entity; the session response message returned by the called network entity is received, and the key generated by the calling network side and the key generated by the called network side are derived from the new key, and carried
  • the session response message is sent to the calling UE.
  • the network entity 402 when used as the called network entity, it is configured to receive a session request message from the calling network entity, and obtain a key generated by the called network side, according to the calling party.
  • the key generated by the network side and the key generated by the called network side derive a new key, and the derived key is carried as a media stream protection key in the session request message and sent to the called party.
  • the key management function entity KMF is configured to receive a key request message of the S-CSCF or the AS, generate a key, and return it to the S-CSCF or the AS through the key response message. That is to say, in this case, when the network entity 402 needs to acquire a key, it can request KMF, and the key is provided by KMF.
  • the system may further include:
  • the S-CSCF is used to forward a session message between the UE and the AS-KMF. That is, when the S-CSCF forwards the session message from the UE to the AS-KMF, the AS-KMF can generate the key by itself without having to acquire it from other entities.
  • the S-CSCF forwards the session message from the UE to the AS-KMF
  • the AS-KMF can generate the key by itself without having to acquire it from other entities.
  • FIG. 5a is a schematic diagram of the basic structure of the first embodiment of the system.
  • the system embodiment includes: UE401, AS-KMF402x, S-CSCF403, P-CSCF404.
  • the UE 401, the S-CSCF 403, the AS-KMF 402x, and the P-CSCF 404 are the entities in the calling network side, the functions corresponding to the calling side in the foregoing method may be completed; the UE 401, the S-CSCF 403, the AS-KMF 402x, and the P-CS CF 404 are When the entity in the network side is called, the function corresponding to the called side in the above method can be completed.
  • AS-KMF402x is equivalent to the network in FIG. Entity entity 402.
  • the P-CSCF 404 is configured to forward a message between the UE 401 and the S-CSCF 403.
  • AS-KMF402 used to generate a key, add the key to the message, and send it to the S-CSCF 403.
  • the network entity 402b includes a calling network entity and a called network entity, the calling network entity is a calling S-CSCF4021b, and the called network entity is a called S-CSCF4022b.
  • network entity 402 includes:
  • the key acquired by the network entity is the key provided by the KMF; if the network entity is AS-KMF, the key is the secret generated by the AS-KMF itself. key.
  • the MP may be a single functional entity, or may be a functional unit of a functional entity such as a GPRS gateway support node GGSN or a border gateway function entity BGF; the MP may also be a media resource function entity MRF, and the MRF may be a media resource.
  • the control function entity MRFC and the media resource processing function entity MRFP are composed.
  • the session establishment response message described here is a 183 message.
  • the session establishment request message described herein may be an INVITE message.
  • the called S-CSCF may trigger a session establishment request message to the called AS by using an initial filtering rule set in advance.
  • an initial filtering rule set As for how to trigger, it belongs to the prior art, and will not be described here.
  • the media stream security capability information for the current session may be determined from the media stream security capability information carried in the session establishment response message, and carried in the session establishment response. In the message.
  • the called P-CSCF can also delete the media stream security capability set in the response message, so that the called AS cannot obtain the media stream security capability set, and the subsequent AS request key process does not need to refer to the media stream security. Ability set to apply.
  • the called AS here may also not delete the media stream security capability information.
  • the session message described here is a PRACK message.
  • FIG. 9 is a schematic diagram of a message flow of a method for acquiring a media stream protection key by a calling side in this embodiment. As shown in FIG. 9, the method may include the following steps:
  • the session establishment request message is an INVITE message, and the steps 901 to the step are performed.
  • 902 is the same as step 701 to step 702 in the fifth embodiment, and details are not described herein again.
  • Step 903 The calling S-CSCF sends the session establishment request message to the calling AS.
  • the step 903 is the same as the step 703 in the fifth embodiment, and details are not described herein again.
  • Step 909 The calling P-CSCF carries the provided media stream security capability information supported by the calling MP in the session establishment response message, and returns the message to the calling UE.
  • Step 915 to step 916 The calling S-CSCF obtains a key from the calling KMF, and will obtain The key is carried in the session response message and sent to the calling P-CSCF.
  • the calling S-CSCF can send a key request message to the calling KMF, the calling KMF generates a key and returns it to the calling S-CSCF; the calling S-CSCF will then acquire the key. It is carried in the session response message, that is, the 200 message is sent to the calling P-CSCF.
  • the message between the calling S-CSCF and the calling KMF can be either Diameter or SIP.
  • the calling KMF can also send information such as the key validity period and key identification of the key to the calling S-CSCF.
  • the calling UE needs to perform a subsequent call flow in this embodiment, and details are not described herein again.
  • FIG. 10 is a schematic diagram of a message flow of a method for acquiring a media stream protection key on the called side in this embodiment. As shown in FIG. 10, the method may include the steps of:
  • Step 1001 ?? Step 1002 The called S-CSCF receives the session establishment request message from the calling network and forwards it to the called AS.
  • the session message described here is a PRACK message.
  • Step 1014 to step 1015 The called P-CSCF sends the session message to the called UE, and sends the key in the session message to the called MP.
  • the media stream protection key obtained by both the called UE and the called MP can use the key to protect the transmitted media stream.
  • the called UE sends a 200 message to the calling network through the called S-CSCF, the called P-CSCF, and receives an UPDATE message from the calling network. I will not repeat them here.
  • Step 1102 The calling S-CSCF sends the session establishment request message to the calling AS. This step is the same as step 703 of the fifth embodiment, and details are not described herein again.
  • the steps 1103 to 1105 are similar to the steps 704 to 706 in the fifth embodiment, except that the calling AS regenerates a session establishment request message, and the regenerated session establishment request message can be recorded as INVITE[2]. .
  • Step 1112 to Step 1113 The calling AS regenerates the session message, and sends the regenerated session message to the calling S-CSCF, and then the calling S-CSCF sends the session message to the called network.
  • Step 1116 to step 1119 The calling AS obtains the key from the calling KMF, and the obtained key is sent to the calling MRF, and the session response message is regenerated, and the obtained key is carried in the regenerated session response message. It is sent to the calling UE through the calling S-CSCF.
  • the session establishment response message regenerated by the called AS is for the previous INVITE[2] message, which can be recorded as 183 [2].
  • FIG. 13 is a schematic diagram of message flow of a method for acquiring a media stream protection key by a calling side according to this embodiment. As shown in FIG. 13, the method may include the following steps:
  • the session message regenerated by the called AS can be recorded as PRACK[3].
  • Step 1415 The called UE sends a session response message to the called S-CSCF.
  • Step 1416 to step 1419 The called S-CSCF carries the previously acquired key in the session response message and sends it to the called AS.
  • the called AS sends the key in the session response message to the called MRF, and
  • the session response message is regenerated, and the regenerated session response message is sent to the calling network through the called S-CSCF.
  • a UE1501 configured to receive a key sent by a network entity
  • the system may further include an AS, and may further include a P-CSCF; if the network entity is an AS, the system may further include an S-CSCF, and may further include a P-CSCF.
  • the KMF of the present invention may be a separate entity or a functional unit in a CSCF, AS or HSS.
  • Figure 16 is a schematic diagram showing the basic structure of the fourth embodiment of the system. As shown in FIG. 16, the system embodiment includes: a calling UE 1501, a calling S-CSCF 1502A, a calling KMF 1503, and a calling party.
  • the third embodiment of the system and the fourth embodiment of the system are all based on the calling side.
  • the structure of the system is similar to that of the calling side, and details are not described herein again.
  • the key obtaining unit 1802 upon receiving the session message, acquires a key from the key management function KMF, adds the key to the session message, and transmits the key to the transmitting unit 1803.
  • the key generated by the network side may be carried in the media stream security capability information and sent to the other party.
  • the media stream security capability information may further include parameters such as a key validity period. If there are multiple media streams to be protected, a different key may be generated for each different media stream.
  • the media stream security capability information may further include a key identifier to distinguish the corresponding media stream.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé, un système et un équipement d'obtention d'une clé de protection d'un flux multimédia dans un réseau IMS. Selon ledit procédé, un équipement (UE) de terminal d'appel envoie un message de demande de session à une entité de réseau, l'entité de réseau ajoute la clé audit message de demande de session et envoie le message à l'UE (101) appelé; l'UE appelé envoie le message de réponse à l'entité de réseau, l'entité de réseau ajoute la clé dans ledit message de réponse et envoie le message à l'UE appelant (102). Ledit procédé peut également comprendre des étapes dans lesquelles l'entité de réseau reçoit le message de session, et obtient la clé de l'entité fonctionnelle de gestion de clé, puis l'entité de réseau envoie respectivement la clé obtenue à l'équipement terminal (UE) et à l'entiité fonctionnelle de traitement multimédia (MP).
PCT/CN2008/070138 2007-01-19 2008-01-18 Procédé, système et équipement d'obtention de clé de protection de flux multimédia dans un réseau ims WO2008089694A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200710000760 CN101227272A (zh) 2007-01-19 2007-01-19 一种获取媒体流保护密钥的方法和系统
CN200710000760.2 2007-01-19

Publications (1)

Publication Number Publication Date
WO2008089694A1 true WO2008089694A1 (fr) 2008-07-31

Family

ID=39644134

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/070138 WO2008089694A1 (fr) 2007-01-19 2008-01-18 Procédé, système et équipement d'obtention de clé de protection de flux multimédia dans un réseau ims

Country Status (2)

Country Link
CN (1) CN101227272A (fr)
WO (1) WO2008089694A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618903A (zh) * 2013-11-04 2015-05-13 华为技术有限公司 密钥协商处理方法和装置

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101834722B (zh) * 2010-04-23 2012-06-13 西安西电捷通无线网络通信股份有限公司 一种加密设备和非加密设备混合组网的通信方法
CN101834862B (zh) * 2010-04-29 2013-02-13 西安西电捷通无线网络通信股份有限公司 一种节点间安全连接建立方法及系统
CN101902324B (zh) * 2010-04-29 2012-11-07 天维讯达无线电设备检测(北京)有限责任公司 一种节点间通信密钥的建立方法及系统
CN101814987B (zh) * 2010-04-29 2012-06-13 西安西电捷通无线网络通信股份有限公司 一种节点间密钥的建立方法及系统
CN101841547B (zh) * 2010-05-20 2012-08-08 西安西电捷通无线网络通信股份有限公司 一种端到端共享密钥的建立方法及系统
CN101841413B (zh) * 2010-05-20 2012-03-07 西安西电捷通无线网络通信股份有限公司 一种端到端安全连接的建立方法及系统
CN101841414B (zh) * 2010-05-20 2012-05-23 西安西电捷通无线网络通信股份有限公司 一种端到端通信密钥的建立方法及系统
CN107342970B (zh) * 2016-05-03 2020-08-07 华为技术有限公司 加密方式确定方法、主叫设备、被叫设备及VoIP系统
CN109981527B (zh) * 2017-12-27 2021-09-17 中国移动通信集团山东有限公司 关联处理的方法、装置、电子设备和存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1658552A (zh) * 2004-02-17 2005-08-24 华为技术有限公司 媒体流安全传输的实现方法
CN1681241A (zh) * 2004-04-07 2005-10-12 华为技术有限公司 一种端到端加密通信的密钥分发方法
CN1773904A (zh) * 2004-11-08 2006-05-17 中兴通讯股份有限公司 一种通用的安全等级协商方法
CN1801698A (zh) * 2005-01-07 2006-07-12 华为技术有限公司 在ip多媒体业务子系统网络中保障媒体流安全性的方法
CN1801697A (zh) * 2005-01-07 2006-07-12 华为技术有限公司 一种在ip多媒体业务子系统网络中协商密钥的方法
CN1889767A (zh) * 2005-06-30 2007-01-03 华为技术有限公司 实现媒体流安全的方法及通信系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1658552A (zh) * 2004-02-17 2005-08-24 华为技术有限公司 媒体流安全传输的实现方法
CN1681241A (zh) * 2004-04-07 2005-10-12 华为技术有限公司 一种端到端加密通信的密钥分发方法
CN1773904A (zh) * 2004-11-08 2006-05-17 中兴通讯股份有限公司 一种通用的安全等级协商方法
CN1801698A (zh) * 2005-01-07 2006-07-12 华为技术有限公司 在ip多媒体业务子系统网络中保障媒体流安全性的方法
CN1801697A (zh) * 2005-01-07 2006-07-12 华为技术有限公司 一种在ip多媒体业务子系统网络中协商密钥的方法
CN1889767A (zh) * 2005-06-30 2007-01-03 华为技术有限公司 实现媒体流安全的方法及通信系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618903A (zh) * 2013-11-04 2015-05-13 华为技术有限公司 密钥协商处理方法和装置

Also Published As

Publication number Publication date
CN101227272A (zh) 2008-07-23

Similar Documents

Publication Publication Date Title
WO2008089694A1 (fr) Procédé, système et équipement d'obtention de clé de protection de flux multimédia dans un réseau ims
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
KR100976635B1 (ko) Ims 네트워크에서 미디어 보안을 제공하는 방법 및 미디어 보안을 제공하는 ims 네트워크
JP5043392B2 (ja) Sip通信セッションをセットアップする方法、並びに、そのシステム及びコンピュータ・プログラム
WO2015180654A1 (fr) Procédé et appareil permettant les communications secrètes
WO2008089698A1 (fr) Procédé et système permettant de distribuer des clés secrètes du flux multimédia
US8301570B2 (en) Method and system for data security in an IMS network
WO2011022999A1 (fr) Procédé et système de cryptage de données de vidéoconférence par un terminal
JP4856723B2 (ja) メディアサーバと加入者機器との間においてメディアデータを暗号化して伝送するための方法、装置および/またはコンピュータプログラム製品
US8990563B2 (en) Sending protected data in a communication network
WO2007098660A1 (fr) Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia
WO2005112338A1 (fr) Procede de distribution de cles
WO2006072209A1 (fr) Procede de negociation d'une cle dans un sous-systeme multimedia ip
WO2008040213A1 (fr) Procédé, système et dispositif de chiffrement et de signature de messages dans un système de communication
CN108833943A (zh) 码流的加密协商方法、装置及会议终端
JP2010505313A (ja) 鍵管理プロトコルを保護するための対称鍵を設ける方法
WO2008083607A1 (fr) Procédé et système pour transférer de manière sûre un flux multimédia
WO2009132551A1 (fr) Procédé d’obtention de clé de flux multimédia, équipement de session et entité à fonction de gestion de clé
Chen et al. An efficient end-to-end security mechanism for IP multimedia subsystem
US11218515B2 (en) Media protection within the core network of an IMS network
WO2009094813A1 (fr) Procédé et appareil de négociation de paramètres de sécurité pour sécuriser le flux multimédia
CN113055398A (zh) 一种基于sip架构的多级跨域设备证书管理系统
WO2009030171A1 (fr) Procédé d'implémentation de service média, système de communication et dispositifs associés
WO2007082435A1 (fr) Système, procédé et équipement réseau d'écoute légale dans un réseau de nouvelle génération
Kuntze et al. Non-repudiation in internet telephony

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08700795

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08700795

Country of ref document: EP

Kind code of ref document: A1