WO2010012148A1 - Procédé et dispositif pour communications sécurisées par diffusion ou multidiffusion - Google Patents

Procédé et dispositif pour communications sécurisées par diffusion ou multidiffusion Download PDF

Info

Publication number
WO2010012148A1
WO2010012148A1 PCT/CN2009/000521 CN2009000521W WO2010012148A1 WO 2010012148 A1 WO2010012148 A1 WO 2010012148A1 CN 2009000521 W CN2009000521 W CN 2009000521W WO 2010012148 A1 WO2010012148 A1 WO 2010012148A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
encrypted
broadcast
multicast
information
Prior art date
Application number
PCT/CN2009/000521
Other languages
English (en)
Chinese (zh)
Inventor
胡志远
王楠
万志坤
骆志刚
金晓蓉
Original Assignee
阿尔卡特朗讯
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿尔卡特朗讯 filed Critical 阿尔卡特朗讯
Publication of WO2010012148A1 publication Critical patent/WO2010012148A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/414Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
    • H04N21/41407Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance embedded in a portable device, e.g. video client on a mobile phone, PDA, laptop
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the present invention relates to a method and apparatus for communicating in a communication network, and more particularly to a method and apparatus for secure communication based on broadcast or multicast in a communication network. Background technique
  • CBS Cell Broadcast Services
  • CBCH Cell Broadcast CHannel
  • the CBS may be a short message service (hereinafter referred to as SMS) based on a Cell Broadcast CHannel (CBCH) in a cell radio channel.
  • SMS Short message service
  • CBCH Cell Broadcast CHannel
  • the existing short messages sent in the CBCH are transmitted in plaintext, that is, in an unencrypted form. Therefore, the CBS currently broadcasting based on the cell broadcast channel through the short message cannot distinguish between the subscribed user and the unsigned user. In other words, the secure communication with the subscribed user cannot be performed.
  • GBA Generic Bootstrapping Architecture
  • the invention provides that the broadcast or multicast server encrypts the content to be sent to generate the encrypted processed content, and then sends the encrypted processed content to one or more user devices based on broadcast or multicast; each user device The encrypted processed content based on the broadcast or multicast transmission from the broadcast or multicast server is received, and the received encrypted processed content is decrypted to restore the original unencrypted content.
  • a broadcast or multicast server in a communication network for performing one or more corresponding user equipments for use with one or more users based on broadcast or multicast.
  • a method for secure communication comprising the steps of: a. encrypting content to be sent to generate encrypted processed content; b. transmitting the encrypted processed content to a broadcast or multicast based on broadcast or multicast Describe one or more user devices.
  • a method for secure communication based on a broadcast or multicast with a broadcast or multicast server in a user equipment used by a user of a communication network comprising the following steps: A. Receiving Encrypted processed content based on broadcast or multicast transmission from the broadcast or multicast server; B. Decrypting the received encrypted processed content to restore the original unencrypted processed content.
  • a broadcast or multicast server in a communication network for securely communicating with one or more respective user devices used by one or more users based on broadcast or multicast.
  • the device comprising: an encryption processing device, configured to perform encryption processing on the content to be sent to generate encrypted processed content; and an encrypted content transmitting device, configured to broadcast the encrypted content based on broadcast or more Broadcast to the one or more user devices.
  • an apparatus for secure communication based on a broadcast or multicast with a broadcast or multicast server in a user equipment used by a user of a communication network comprising: an encrypted content receiving apparatus, And an encryption processing device for receiving the encrypted or processed content received from the broadcast or multicast server; and performing decryption processing on the received encrypted processed content to restore the original Unencrypted content.
  • the method or apparatus provided by the present invention makes up for the current communication network based on broadcast or The technical gap between multicast and contracted users for secure communication, which saves a large amount of communication resources in the communication network by adopting point-to-multipoint communication, and can ensure secure communication between the operator and the contracted user, and ensure correct billing.
  • the method and apparatus provided by the present invention do not require major changes to existing secure communication standards, security modules, and secure communication devices, so that the present invention is low in cost, easy to deploy, and has good commercial prospects.
  • FIG. 1 is a schematic diagram of a network topology of a broadcast-based secure communication between a broadcast server 1 and a plurality of mobile terminals 2a and 2b, in accordance with an embodiment of the present invention
  • FIG. 2 is a flow chart of a method for broadcast-based secure communication between a broadcast server 1 and a mobile terminal 2a, in accordance with an embodiment of the present invention
  • FIG. 3 is a schematic diagram showing a network topology of a broadcast-based secure communication between a broadcast server 1 and a plurality of mobile terminals 2a and 2b according to another embodiment of the present invention
  • FIG. 4 is a flow chart of a method for broadcast-based secure communication between a broadcast server 1 and a mobile terminal 2a, in accordance with another embodiment of the present invention
  • FIG. 5 is a block diagram showing an apparatus for performing broadcast-based secure communication between a broadcast server 1 and a mobile terminal 2a, and a working process thereof, according to still another embodiment of the present invention
  • Fig. 6 is a block diagram showing an apparatus for performing broadcast-based secure communication between the broadcast server 1 and the mobile terminal 2a and a working process thereof according to still another embodiment of the present invention. detailed description
  • the communication network is a wireless communication network, such as a 3G wireless communication network.
  • the network includes a broadcast server 1 for secure communication using a short message service based on CBS, mobile terminals 2a and 2b, and a content providing server (Content Provider, CP for short) 3 connected to the broadcast server 1, and an unoperated operation
  • the merchant signs a mobile terminal 2c for secure communication.
  • the Short Message Gateway (SMG) or Short Message Service Center (SMSC), and the base station, relay station, etc., through which the broadcast server 1 and the mobile terminal communicate securely through short messages are omitted. And other communication devices.
  • SMG Short Message Gateway
  • SMSC Short Message Service Center
  • the present invention is not limited to the 3G wireless communication network shown in FIG. 1 and the network topology, such as other 2G 2.5G wireless communication networks and other network topologies, and other supporting broadcasts or The present invention is equally applicable to a multicast communication network, and the applicant will also present in the specification an embodiment in which the present invention is applied to other scenarios.
  • 2 is a flow chart of a method for broadcast-based secure communication between the broadcast server 1 and the mobile terminal 2a, in accordance with an embodiment of the present invention.
  • the broadcast server 1 may be composed of a Cell Broadcast Center and a Cell Broadcast Equipment, and is used to broadcast the encrypted content to each mobile terminal through a cell broadcast channel.
  • the broadcast server 1 broadcasts the content encrypted by the content key to the mobile terminal, and the mobile terminal has previously possessed content decryption information working in cooperation with the content key, which can be directly
  • the process of decrypting the content encrypted by the content key is detailed.
  • the content providing server 3 supplies the content that needs to be provided to the subscriber to the broadcast server 1, the content may be weather forecast, business news, traffic information, etc. as described above, and the content provided to each subscriber is the same.
  • the broadcast server 1 acquires the content to be sent to the subscriber.
  • step S10 the broadcast server 1 encrypts the content to be sent to the subscriber to generate the encrypted processed content.
  • the broadcast server 1 acquires a content key for encrypting the content, wherein the content key K sms may be based on a symmetric key (ie, the encryption key is the same as the decryption key, or is encrypted by encryption)
  • the key can be derived from the decryption key), or it can be based on an asymmetric key (ie, the encryption key is different from the decryption key, and cannot be pushed according to the encryption key) Export the decryption key).
  • asymmetric key ie, the encryption key is the same as the decryption key, or is encrypted by encryption
  • the key can be derived from the decryption key), or it can be based on an asymmetric key (ie, the encryption key is different from the decryption key, and cannot be pushed according to the encryption key) Export the decryption key).
  • the broadcast server 1 does not currently need to provide the content key K sms to the mobile terminal:
  • the symmetric content key K sms is generated by the broadcast server 1 in advance and has been provided to the mobile terminal, for example, has been solidified in the SIM (Subscriber Identity Model) card or the mobile terminal of the user, and the key is pre- If there is a broadcast server 1, the broadcast server 1 acquires the pre-stored content key K sms ;
  • the symmetric content key K sms is supplied to the broadcast server 1 by the content providing server 3. And also the content providing server 3 K sms key by the content provided to the mobile terminal.
  • the broadcast server 1 has a weak management and control function for the key;
  • step S102 the broadcast server 1 encrypts the content to be transmitted using the acquired content key K sms to generate the content encrypted by the content key K sms .
  • a specific technique for encrypting a plaintext using a key to obtain a ciphertext is well known to those skilled in the art, and the present invention does not describe it.
  • step S11 the broadcast server 1 transmits the content encrypted by the content key K sms to the mobile terminal 2a based on the broadcast.
  • step S20 the mobile terminal 2a receives the encrypted processed content based on the broadcast transmission from the broadcast server 1.
  • the broadcast server 1 puts the content encrypted by the content key K into a short message, and provides the cell base station to which the mobile terminal 2a belongs through the short message gateway or the short message service center, and the cell of the cell base station in the cell Broadcasting the short message on the broadcast channel (CBCH); the mobile terminal 2a receives a short message containing the content encrypted by the content key K on the cell broadcast channel, and proposes to encrypt the content key K sms content.
  • the mobile terminal 2b of the subscriber of the same cell subscribed to the same content, and the mobile terminal 2c of the non-subscriber may also receive a short message containing the content encrypted by the content key K sms on the cell broadcast channel.
  • the broadcast mode of the broadcast server 1 to broadcast the encrypted content to the mobile terminal is not limited to the embodiment, and those skilled in the art can make appropriate adjustments according to the actual wireless network under the teaching of the present invention. These modifications are intended to be within the scope of the appended claims.
  • step S22 the mobile terminal 2a performs the encrypted processing on the received The content is decrypted to restore the original unencrypted content
  • step S21 the mobile terminal 2a acquires content decryption information corresponding to the content key Ksms .
  • the content key K sms is a symmetric key
  • the content key K sms is equivalent to its corresponding content decryption information
  • the content key K sms is an asymmetric key
  • the key corresponding to the work should be obtained. Therefore, corresponding to the two cases A and B listed above:
  • the previously generated symmetric content key K sms has been provided by the broadcast server 1 to the mobile terminal 2a before the secure communication, for example, in the user's SIM card or mobile terminal, and the mobile terminal 2a obtains the pre-stored content secret.
  • Key K sms has been provided by the broadcast server 1 to the mobile terminal 2a before the secure communication, for example, in the user's SIM card or mobile terminal, and the mobile terminal 2a obtains the pre-stored content secret.
  • step S22 the mobile terminal 2a receives the content encrypted by the content key K sms based on the broadcast transmission from the broadcast server 1 based on the content decryption information corresponding to the content key K sms acquired in step S21. Decrypt to restore the original unencrypted content.
  • the mobile terminal 2b of the subscriber who subscribes to the same content also obtains the content decryption information corresponding to the content key K sms in the step similar to step S21, which performs the above similar step S22, so that it can also obtain the original The content processed by the encryption; further, the user of the mobile terminal 2c cannot decrypt the received K sms- encrypted content because it is not the subscriber of the content, and does not obtain the content decryption information corresponding to the content key K sms The security of communication between the broadcast server 1 and the mobile terminals 2a and 2b is ensured.
  • the mobile terminals 2a and 2b may belong to the same base station cell or may belong to different cells.
  • the above first embodiment broadcasts the content encrypted by the content key to the mobile terminal by the broadcast server 1, and the mobile terminal has previously possessed content decryption information working in cooperation with the content key, and can directly encrypt the content encrypted by the content key.
  • decryption is described in detail.
  • the broadcast server further adopts an encryption technology for the content key, which acquires the encrypted auxiliary information corresponding to each user, and encrypts the content key according to the encrypted auxiliary information, and then Encrypted auxiliary information encrypted content
  • an encryption technology for the content key which acquires the encrypted auxiliary information corresponding to each user, and encrypts the content key according to the encrypted auxiliary information, and then Encrypted auxiliary information encrypted content
  • FIG. 3 is a schematic diagram showing a network topology of a broadcast-based secure communication between a broadcast server 1 and a plurality of mobile terminals 2a and 2b according to another embodiment of the present invention.
  • the communication network further includes a Bootstrapping Server Function-Push (BSF Push) 4 connected to the broadcast server 1 and the bootstrapping service, based on the topology shown in FIG.
  • the Home Location Register (HLR/Home Subscriber Server, referred to as HSS) 5 is connected to the push function 4.
  • the broadcast server 1 may include two parts, and a part is a cell broadcast service system (CBS System) composed of a cell broadcast center and a cell broadcast equipment, which is used to encrypt the content key.
  • CBS System cell broadcast service system
  • the content is broadcast to each mobile terminal through a cell broadcast channel; and a part is a cell broadcast service subscriber manager (CBS Subscriber Management), which encrypts the content key according to the encrypted auxiliary information, and encrypts the encrypted content key.
  • CBS Subscriber Management cell broadcast service subscriber manager
  • Subscribed users who provide SMS broadcast services via SMS or other means via the Upa interface.
  • FIG. 4 is a flow chart of a method for broadcast-based secure communication between the broadcast server 1 and the mobile terminal 2a, in accordance with another embodiment of the present invention.
  • the broadcast server 1 acquires a content key for encrypting the content.
  • the broadcast server 1 can be based on a random number generated at the time and the identification information of the content providing server 3, based on the symmetry.
  • a key algorithm such as DES (Data Encryption Standard), AES (Advanced Encryption), etc. generates a content key K sms based on symmetric encryption.
  • the broadcast server 1 performs a similar procedure to the first embodiment described above, in S 102 ', encrypts the content provided by the content providing server 3 according to K sms , and then in step sir, passes the content key K sms
  • the encrypted content is sent to the mobile terminal 2a based on the broadcast.
  • the broadcast server 1 puts the content encrypted by the content key K sms into the short message and provides it to the short message gateway or the short message service center.
  • the cell base station broadcasts the short message on a cell broadcast channel (CBCH) in the cell;
  • the mobile terminal 2a receives the content-containing key on the cell broadcast channel K sms , a short message of the encrypted content, and from which the content is encrypted by the content key K sms .
  • the mobile terminal 2b of the subscriber of the same cell subscribed to the same content, and the mobile terminal 2c of the non-subscriber may also receive the short message containing the content encrypted by the content key K sms on the cell broadcast channel. .
  • step S20 the mobile terminal 2a receives the encrypted content based on the broadcast transmission based on the content key K sms from the broadcast server 1.
  • step S20" the mobile terminal 2b receives the encrypted content transmitted by the broadcast server based on the content key K sms .
  • the non-subscriber mobile terminal 2c can also The encrypted content is received.
  • step S12 the broadcast server 1 acquires the encrypted auxiliary information corresponding to the user a to which the mobile terminal 2a belongs and the user b to which the mobile terminal 2b belongs, and the encrypted auxiliary information is used to encrypt the content.
  • the key K sms is encrypted.
  • the encryption assistance information is based on an asymmetric key technology.
  • the encryption assistance information corresponding to the user a is the public key of the user a, and at the same time, the user a owns the mobile terminal 2a.
  • the broadcast server 1 acquires the respective public keys of the users a and b.
  • the broadcast server 1 locally stores the public key, it directly reads the public key; in another case, the public key is provided to the broadcast by the content providing server 3 or by another security management server. Server 1.
  • the encrypted auxiliary information is a symmetric encryption key associated with the identity of users a and b, and users a and b can generate the same encryption secret based on their user identity on their mobile terminal. Key or corresponding decryption assistance information.
  • the broadcast server 1 requests the push information of the universal bootstrapping architecture of the user a and the user b through the Zpn interface to the bootstrap service push function (BSF) 4 based on the GBA push technology.
  • BSF bootstrap service push function
  • the push information includes identity related information for generating an encryption key Ks NAF/Ks ext NAF, Ks int NAF, AUTN and RAND in the user's quintuple authentication vector, and is used to identify U/M which is GBA_U or GBA_ME. , the life cycle of the key, the ID of the broadcast server, the private identity ID of the user, the MAC, and so on.
  • the bootstrap service push function 4 does not have the identity information of the user a and/or b locally, then it is also Pentad authentication vector over Z h interfaces to the home location register users a and / or b belongs / home subscriber server 5 requests and obtains user CK (Cipher Key), IK ( Integrity Key), RAND, RES, AUTN information And generating push information of the general bootstrapping architecture of the user a and/or b according to the CK and IK information, and then providing the push information of the users a and b to the broadcast server 1.
  • CK Cipher Key
  • IK Integrity Key
  • step S122' the broadcast server 1 generates the respective encryption keys K cbs of the users a and b based on the acquired Ks_NAF/Ks_ext_NAF and Ks int NAF information of the users a and b.
  • step S13 the broadcast server 1 encrypts the content key K sms according to the acquired encryption auxiliary information of the users a and b, for example, its public key or its encryption key K ebs , respectively.
  • the content key K sms ' encrypted with the corresponding encrypted auxiliary information of each of the users a and b is generated.
  • step S14 the broadcast server 1 transmits the content key K sms encrypted with the corresponding encrypted auxiliary information of the users a and b to the mobile terminals 2a and 2b of the users a and b, respectively.
  • the broadcast server 1 transmits the content key K sms ' encrypted by the encrypted auxiliary information corresponding to the users a and b to the user & b respectively by the short message gateway or the short message service center.
  • step S21 and in step S21" (not shown), the mobile terminals 2a and 2b each acquire content decryption information that works in cooperation with the content key Ksms .
  • the mobile terminal 2b performs similar steps.
  • the mobile terminal 2a receives the content key K sms encrypted by the encrypted auxiliary information corresponding to the user a from the broadcast server 1, and acquires the decryption auxiliary information working in cooperation with the encrypted auxiliary information. .
  • the encrypted auxiliary information is based on an asymmetric key technology, for example, is the public key of the user a, and the mobile terminal 2a obtains the private key corresponding to the public key. as a decryption auxiliary information to a public key encryption of content key by K sms, decrypt.
  • the encrypted auxiliary information is a symmetric encryption key K cbs related to the identity of the user a, and the user a can generate the same on the mobile terminal 2a thereof.
  • Encryption key or corresponding decryption assistance information is obtained in step S2111, the mobile terminal 2a generates the quintuple authentication vector CK in the same manner as the HLR/HSS according to the GBA Push information obtained from the bootstrap service push function (BSF) 4 based on the GBA psuh technology. (Cipher Key), IK (Integrity Key), RAND, RES, AUTN information, and then generate Ks NAF/Ks ext NAF, Ks int NAF information in the same way as BSF Push.
  • BSF bootstrap service push function
  • step S2112' the mobile terminal 2a generates a symmetric encryption key K ebs or a decryption key working therewith based on the identity related information Ks NAF/Ks ext NAF . Ks int NAF .
  • the method of generating the encryption key K ebs should correspond to the method in which the broadcast server 1 generates the encryption key K ebs ; or it generates a decryption key method that cooperates with K cbs , Corresponding to the method in which the broadcast server 1 generates the encryption key K cbs , to ensure that the generated encryption key K ebs , or the decryption key working therewith , coincides with the encryption key K ebs used by the broadcast server 1.
  • the consistency can be determined in advance by the user and its operator and the broadcast server, for example, being solidified in the user's SIM card or negotiated before each communication.
  • the process of the above mobile terminal 2a performing authentication and interaction with the bootstrap service push function 4 to obtain the push information of the general bootstrap architecture is similar to the process in the general bootstrap architecture for one-to-one secure communication in the prior art. See 3GPP TS 33.223 V800.
  • the present invention utilizes the existing universal use by the above-mentioned interaction between the broadcast server 1 and the mobile terminal and the bootstrap service push function 4.
  • Bootstrap architecture (GBA) push technology which does not make major modifications to existing standards, methods and devices, can save a lot of cost. Then, the solution can be accepted by the market and has good business prospects.
  • step S212' the mobile terminal 2a decrypts the content key K sms encrypted by the encrypted auxiliary information corresponding to the user a according to the acquired decryption auxiliary information, and acquires the content key K sms ' as a corresponding Content decryption information.
  • step S22 ' the mobile terminal 2a based on the content key K sms', based on the content of the key K sms, encrypted content is decrypted to restore the original unencrypted content processing.
  • the mobile terminal 2b of the subscriber b of the content performs a similar procedure. Since the broadcast server 1 also transmits the content key K sms encrypted by the encrypted auxiliary information corresponding to the user b to the mobile terminal 2b, The mobile terminal 2b can acquire the decryption auxiliary information that works in conjunction with the encrypted auxiliary information corresponding to the user b, and solve the content key K sms , and then decrypt the encrypted content according to the content key K sms to restore the original Encrypted content.
  • the mobile terminal 2c of the user c who does not subscribe to the content cannot receive the content key K sms encrypted by the encryption auxiliary information corresponding thereto , so that the content key K encrypted by the encrypted auxiliary information corresponding to other users cannot be obtained. Sms , if decrypted, it cannot obtain the content key K sms , and then the content encrypted according to the content key K sms cannot be decrypted, and the original unencrypted content cannot be obtained. In this way, the security of the content communication between the broadcast server 1 and the mobile terminals 2a and 2b of the content subscription users a and b is ensured.
  • the key (Key) used for encryption such as the content key and the encryption auxiliary information, in the present invention includes all algorithms for encrypting plaintext into ciphertext, or algorithms and their parameters, etc.
  • the key (Key) used for decryption such as the content decryption information and the decryption auxiliary information, also includes all algorithms for decrypting the ciphertext encrypted by the corresponding encryption key into plaintext, or an algorithm and its parameters, etc. Wait.
  • the specific encryption principles and methods are well known to those skilled in the art, and should fall within the scope of protection of the present invention.
  • the content to be transmitted by the broadcast server 1 is completely encrypted.
  • the broadcast server 1 hashes the content to be sent based on a predetermined hash algorithm (heap algorithm), obtains a content digest of the content to be sent, and encrypts the content digest according to the content key K sms ; and then, the broadcast server 1 Broadcasting the content to be transmitted to each mobile terminal in clear text, and broadcasting the content summary encrypted by the content key K sms to each mobile terminal.
  • a predetermined hash algorithm herein, the broadcast server 1 Broadcasting the content to be transmitted to each mobile terminal in clear text, and broadcasting the content summary encrypted by the content key K sms to each mobile terminal.
  • the mobile terminal receives the content information broadcasted in clear text, and generates a digest of the received content information according to the same hash algorithm; the mobile terminal further receives the content digest encrypted by the content key K sms , and according to the above A similar process in one or the second embodiment acquires content decryption information that works in conjunction with the content key K sms of the broadcast server 1 to decrypt the content digest; finally, the mobile terminal compares the decrypted content digest with the self-foundation Whether the content digest generated by the received content information is the same, to determine that the content information it receives is transmitted by the broadcast server 1, and is not changed during the transmission.
  • the present invention is equally applicable to secure communication based on multicast (multicast) of a wireless communication network.
  • multicast multicast
  • the multicast server before the multicast server sends the encrypted content to multiple user equipments based on multicast, it should first establish a multicast channel with the multiple user equipments, and then the encrypted processing will be performed in the multicast channel.
  • the content is sent to the plurality of user equipments; correspondingly, the user equipment should also first establish a multicast channel with the multicast server, and then receive the encrypted processed content from the multicast server in the multicast channel.
  • Other encryption/decryption processes are similar to those described in the previous section and will not be described here.
  • the broadcast server 1 includes means 10 for securely communicating with a plurality of users or a plurality of corresponding mobile terminals based on the broadcast, the device 10 comprising an encryption processing device 101 and an encrypted content transmitting device 102, the encryption processing device 101 further comprising Content key acquisition means 1011.
  • the mobile terminal 2a includes means 20 for secure communication with the broadcast server 1 based on the broadcast, the device 20 comprising an encrypted content receiving device 201, a second obtaining device 202 and a decryption processing device 203.
  • the broadcast server 1 may be composed of a Cell Broadcast Center and a Cell Broadcast Equipment, which are used to broadcast the encrypted content to each mobile terminal through a cell broadcast channel.
  • the broadcast server 1 broadcasts the content encrypted by the content key to the mobile terminal, and the mobile terminal has previously possessed content decryption information working in cooperation with the content key, which can be directly
  • the apparatus for decrypting the content encrypted by the content key and its working process are described in detail.
  • the content providing server 3 supplies the content that needs to be provided to the subscriber to the broadcast server 1, the content may be a weather forecast or the like as described above, and the contents provided to the respective subscribers are the same.
  • the broadcast server 1 acquires the content to be sent to the subscriber.
  • the encryption processing means 101 performs encryption processing on the content to be transmitted to the subscriber to generate the encrypted processed content.
  • the content key acquisition means 1011 acquires the content key K sms for encrypting the content.
  • the content key K sms may be based on a symmetric key (ie, the encryption key is the same as the decryption key, or the decryption key may be derived by using the encryption key), or may be based on an asymmetric key (ie, encryption key and decryption)
  • the key is different, and the decryption key cannot be derived based on the encryption key).
  • the symmetric content key K sms is generated by the broadcast server 1 in advance and has been provided to the mobile terminal, for example, has been solidified in the SIM (Subscriber Identity Model) card or the mobile terminal of the user, and the key is pre- On the broadcast server 1,
  • the content key obtaining means 1011 obtains the pre-stored content key K sms ;
  • the symmetric content key K sms is supplied from the content providing server 3 to the content key obtaining means 1011. And, the content key K sms is also supplied to the mobile terminal by the content providing server 3.
  • the broadcast server 1 has a weak management and control function for the key;
  • the encryption processing device 101 After acquiring the content key K sms , the encryption processing device 101 encrypts the content to be transmitted with the acquired content key to generate the content after the content key encryption K sms .
  • a specific technique for encrypting a plaintext using a key to obtain a ciphertext is well known to those skilled in the art, and the present invention does not describe it.
  • the encrypted content transmitting device 102 transmits the content encrypted by the content key K sms to the mobile terminal 2a based on the broadcast.
  • the encrypted content receiving device 201 of the device 20 of the mobile terminal 2a receives the encrypted processed content based on the broadcast transmission from the broadcast server 1.
  • the encrypted content transmitting apparatus 102 puts the content encrypted by the content key K sms into the short message, and provides the cell base station to which the mobile terminal 2 a belongs through the short message gateway or the short message service center, where the cell base station is located in the cell.
  • the short message is broadcasted on the cell broadcast channel (CBCH);
  • the encrypted content receiving device 201 receives the short message containing the content encrypted by the content key K sms on the cell broadcast channel, and proposes the content key therefrom K sms encrypted content.
  • the mobile terminal 2b of the subscriber of the same cell subscribed to the same content, and the mobile terminal 2c of the non-subscriber may also receive a short message containing the content encrypted by the content key K sms on the cell broadcast channel.
  • the manner in which the encrypted content transmitting apparatus 102 broadcasts the encrypted content to the mobile terminal is not limited to the embodiment, and those skilled in the art can make appropriate according to the actual wireless network under the teaching of the present invention. The adjustments should be within the scope of the claims of the present invention.
  • the decryption processing means 203 decrypts the received encrypted processed content to restore the original unencrypted content.
  • the second obtaining means 202 acquires content decryption information corresponding to the content key K sms .
  • the content key K sms is a symmetric key
  • the content key K sms is equivalent to the same Corresponding content decryption information
  • the content key K sms is an asymmetric key
  • the key to work with it should be obtained, and thus, corresponding to the three cases A, B and C listed above:
  • the previously generated symmetric content key K sms has been provided by the broadcast server 1 to the mobile terminal 2a before the secure communication, for example, in the user's SIM card or mobile terminal, and the second obtaining means 202 obtains the pre-stored content key K sms;
  • the symmetric content key K sms has been provided to the second obtaining means 202 by the corresponding content providing server 3 before this secure communication.
  • the decryption processing means 203 decrypts the content of the content key K sms encrypted by the broadcast transmission received from the broadcast server 1 based on the content decryption information corresponding to the content key K sms acquired by the second acquisition means 202, To restore the original unencrypted content.
  • the similar encrypted content receiving device of the mobile terminal 2b of the subscriber who subscribes to the same content acquires the content decryption information corresponding to the content key K sms , which can also be obtained by the similar second acquiring device and the decryption processing device.
  • the encrypted processing content further, if the user of the mobile terminal 2c does not obtain the content decryption information corresponding to the content key K sms because the user of the content is not the subscriber of the content, the similar decryption processing device cannot The received K sms encrypted content is decrypted to ensure the security of communication between the broadcast server 1 and the mobile terminals 2a and 2b.
  • the mobile terminals 2a and 2b may belong to the same base station cell or may belong to different cells.
  • the above third embodiment broadcasts the content encrypted by the content key to the mobile terminal by the broadcast server 1, and the mobile terminal has previously possessed the content decryption information working in cooperation with the content key, and can directly encrypt the content encrypted by the content key.
  • decryption is described in detail.
  • the broadcast server further adopts an encryption technology for the content key, which acquires the encrypted auxiliary information corresponding to each user, and encrypts the content key according to the encrypted auxiliary information, and then The technical scheme of encrypting the content key encrypted by the auxiliary information is provided to the mobile terminal for detailed description.
  • FIG. 3 is a schematic diagram of a network topology structure in which a broadcast server 1 and a plurality of mobile terminals 2a and 2b perform broadcast-based secure communication according to another embodiment of the present invention.
  • Figure 6 is a block diagram showing the operation of the apparatus for performing broadcast-based secure communication between the broadcast server 1 and the mobile terminal 2a in accordance with another embodiment of the present invention.
  • the broadcast server 1 includes means 10 for securely communicating with a plurality of respective mobile terminals used by a plurality of users, including the encryption processing means 101, the encrypted content transmitting means 102, and the first obtaining means 103.
  • the encryption processing device 101 and the encrypted content transmitting device 102 may constitute a cell broadcast service system (CBS System) composed of a cell broadcast device (Cell Broadcast Equipment) and a cell broadcast center (CBS System), which is used to The content key encrypted content is broadcast to each mobile terminal through the cell broadcast channel; and the first obtaining means 103, the content key encrypting means 104, and the content key transmitting means 105 may constitute a cell broadcast service subscriber manager (CBS Subscriber) Management), which encrypts the content key according to the encryption auxiliary information, and provides the encrypted content key to the subscribing user of the cell broadcast service via the Upa interface by SMS or other means.
  • CBS System cell broadcast service system
  • CBS Subscriber cell broadcast service subscriber manager
  • the mobile terminal 2a includes means 20' for secure communication with the broadcast server 1 based on the broadcast, the device 20' comprising an encrypted content receiving device 201, a second obtaining device 202, and a decryption processing device 203, the second obtaining device 202, further comprising a processing device 2021, the processing device 2021, further comprising a second push information obtaining device 20211.
  • the content key obtaining means 1011 obtains a content key for encrypting the content.
  • the content key obtaining means 1011 can be based on a random number generated at the time and the identification information of the content providing server 3.
  • a symmetric key-based content key K sms is generated based on a symmetric key algorithm such as DES (Data Encryption Standard), AES (Advanced Encryption), or the like.
  • the broadcast server 1 performs an operation similar to that of the foregoing third embodiment, the encryption processing device 101 encrypts the content provided by the content providing server 3 according to K sms , and then encrypts the content transmitting device 102 to pass the content key K sms , the encrypted content is based on broadcast Sending to the mobile terminal 2a, preferably, the encrypted content transmitting device 102 puts the content encrypted by the content key K sms into a short message and provides it to the cell to which the mobile terminal 2a belongs through the short message gateway or the short message service center.
  • the cell base station broadcasts the short message on a cell broadcast channel (CBCH) in the cell;
  • the mobile terminal 2a receives a short message containing the content encrypted by the content key K sms on the cell broadcast channel, and
  • the content encrypted by the content key K sms is proposed.
  • the mobile terminal 2b of the subscriber of the same cell subscribed to the same content, and the mobile terminal 2c of the non-subscriber may also receive the short message containing the content encrypted by the content key K sms on the cell broadcast channel. .
  • the encrypted content receiving device 201 of the device 20 of the mobile terminal 2a receives the encrypted content from the broadcast server 1 via the content key K sms transmitted by the broadcast. Similar mobile terminal 2b encrypted content receiving apparatus receives the broadcast server based on the content of a broadcast transmission key K sms, encrypted content. At the same time, the non-subscriber mobile terminal 2c can also receive the encrypted processed content.
  • the first obtaining means 103 of the device 10 of the broadcast server 1 acquires the encrypted auxiliary information corresponding to the user a to which the mobile terminal 2a belongs and the user b to which the mobile terminal 2b belongs, which is used for the encrypted auxiliary information.
  • the content key K sms is encrypted.
  • the encryption assistance information is based on an asymmetric key technology.
  • the encryption assistance information corresponding to the user a is the public key of the user a, and at the same time, the user a owns the mobile terminal 2a.
  • the broadcast server 1 acquires the respective public keys of the users a and b.
  • the first obtaining means 103 directly reads the public key; in another case, the public key is provided by the content providing server 3, or by other security
  • the management server is provided to the first obtaining means 103.
  • the encrypted auxiliary information is a symmetric encryption key associated with the identity of users a and b, and users a and b can generate the same encryption secret based on their user identity on their mobile terminal. Key or corresponding decryption assistance information.
  • the first push information obtaining means 1031 of the first obtaining means 103 requests the user a and the user b from the bootstrap service push function (BSF) 4 via the Zpn interface based on the GBA push technique.
  • BSF bootstrap service push function
  • the push information includes identity related information Ks_NAF/Ks_ext_NAF, Ks int NAF for generating an encryption key, and AUTN and RAND in the user's quintuple authentication vector for identifying GBA_U Or U/M of GBA_ME, the lifetime of the key, the ID of the broadcast server, the private ID of the user, the MAC, and so on.
  • the bootstrap service no users push a local function 4 and / or identity information b, and Z h it through an interface to a user and / or the home location register belongs b / home subscriber server requests and obtains 5 User's quintuple authentication vector CK (Cipher Key), IK (Integrity Key), RAND, RES, AUTN information, and generate push information of the general bootstrap architecture of user a and/or b according to the CK, IK information, and then The push information of the users a and b is supplied to the first push information acquiring means 1031'.
  • the first obtaining means 103 generates the respective encryption keys K cbs of the users a and b based on the acquired Ks NAF/Ks ext NAF .
  • the first push information obtaining means 1031 of the above broadcast server 1 interacts with the bootstrap service push function 4 to acquire the push information of the general bootstrapping architecture, and the first obtaining means 103 generates an encryption key related to the identity information of the user.
  • the process of K ebs is similar to the process in the general bootstrap architecture for one-to-one secure communication in the prior art, and the detailed process can be referred to the standard 3GPP TS 33.223 V800, which is not described in this specification.
  • the content key encryption device 104 encrypts the content key K sms based on the acquired encryption auxiliary information of the users a and b, for example, its public key or its encryption key K ebs , respectively, to generate and The content key K sms ° of each of the users a and b encrypted by the corresponding encrypted auxiliary information
  • the content key transmitting device 105 transmits the content key K sms encrypted by the respective encrypted auxiliary information of the users a and b to the mobile terminals 2a and 2b of the users a and b, respectively.
  • the content key transmission unit 105, or the short message gateway by the short message service center by way of the short message to the user via the key K sms a and b auxiliary information corresponding to the encrypted content encryption 'are transmitted to the user & With b.
  • the processing device of the second acquisition device 202 of the device 20 of the mobile terminal 2a 202 ⁇ , and similar processing devices of the mobile terminal 2b each acquire content decryption information that works in conjunction with the content key K sms .
  • the following description will be made from the perspective of the mobile terminal 2a.
  • the processing device 2021 receives the content key K sms encrypted by the encrypted auxiliary information corresponding to the user a from the broadcast server 1, and acquires the decryption auxiliary information that works in cooperation with the encrypted auxiliary information.
  • the encryption auxiliary information is based on an asymmetric key technology, for example, is the public key of the user a, and the processing device 202 obtains the private key corresponding to the public key.
  • the decryption auxiliary information the content key K sms encrypted by the public key is decrypted.
  • the implementation of the asymmetric encryption technology such as the public and private keys is well known to those skilled in the art, and the present invention is not described herein. A person skilled in the art can appropriately modify the embodiment according to actual needs, and these modifications are all within the scope of the present invention.
  • the encrypted auxiliary information is a symmetric encryption key K cbs related to the identity of the user a, and the user a can generate the same on the mobile terminal 2a thereof.
  • Encryption key or corresponding decryption assistance information is a five-element in the same manner as the HLR/HSS according to the GBA Push information obtained from the bootstrap service push function (BSF) 4 based on the GBA psuh technology.
  • the group authentication vector CK (Cipher Key), IK (Integrity Key), RAND. RES, and AUTN information are then generated in the same manner as the BSF Push function to generate Ks_NAF/Ks_ext_NAF and Ks int NAF information.
  • the processing device 2021 generates a symmetric encryption key K ebs according to the identity related information Ks_NAF/Ks_ext_NAF, Ks int NAF , or a decryption key working in conjunction therewith.
  • the method that generates an encryption key K EBS should first acquire a broadcast server apparatus 103 generates an encryption key K EBS, the method corresponds to; or that generates K cbs, complex
  • the decryption key method of the work should correspond to the method of generating the encryption key K ebs by the first obtaining means 103 of the broadcast server 1 to ensure the generated encryption key K cbs or the decryption key working with it.
  • the encryption key K ebs used by the broadcast server 1 is identical.
  • the consistency can be determined in advance by the user and its operator and the broadcast server, for example, being solidified in the user's SIM card or negotiated before each communication.
  • the second push information obtaining means 20211, the process of authenticating and interacting with the bootstrap service push function 4 to obtain the push information of the general bootstrapping architecture, and the general bootstrapping architecture for one-to-one secure communication in the prior art The process in the process is similar, see 3GPP
  • the present invention utilizes the existing universal bootstrapping architecture (GBA) push technology by using the above-mentioned broadcast server 1 and the interaction between the mobile terminal and the bootstrap service push function 4, which is incorrect.
  • GSA universal bootstrapping architecture
  • the existing standards, methods and devices have been greatly modified, which can save a lot of costs. Then, the solution can be accepted by the market and has good commercial prospects.
  • the second obtaining means 202 decrypts the content key K sms encrypted by the encrypted auxiliary information corresponding to the user a according to the acquired decryption auxiliary information, and obtains the content key K sms ' as the corresponding content decryption information. .
  • the decryption processing apparatus 203 based on the content key K sms ,, K sms based on the content of the key, decrypts the encrypted content, in order to restore the original unencrypted content processing.
  • the similar device of the mobile terminal 2b of the subscriber b of the content performs a similar operation, since the broadcast server 1 also transmits the content key K sms encrypted by the encrypted auxiliary information corresponding to the user b to the mobile terminal 2b.
  • the processing device of the mobile terminal 2b can acquire the decryption auxiliary information that works in conjunction with the encrypted auxiliary information corresponding to the user b, and the second obtaining device can solve the content key K sms , and then the decryption processing device can The key K sms , the encrypted content is decrypted to restore the original unencrypted content.
  • the processing device of the mobile terminal 2c of the user c who does not subscribe to the content cannot receive the content key K sms encrypted by the encryption auxiliary information corresponding thereto , so that the second obtaining device cannot encrypt the encryption corresponding to other users. If the content key K sms encrypted by the information is decrypted, the content key K sms cannot be obtained, and then the decryption processing apparatus cannot decrypt the content encrypted according to the content key K sms , and the original original cannot be obtained. Encrypted content. In this way, the security of the content communication between the broadcast server 1 and the mobile terminals 2a and 2b of the content subscription users a and b is ensured.
  • Multicast for secure communication.
  • the apparatus for performing, by the multicast server, for performing secure communication with multiple corresponding user equipments used by multiple users based on the multicast further includes a first multicast channel establishing apparatus, where a multicast channel of the user equipment, the encrypted content sending device is further configured to send the encrypted processed content to the plurality of user equipments in the multicast channel; correspondingly, the user equipment is used for the multicast-based and multicast server
  • the apparatus for performing secure communication further includes a second multicast channel establishing apparatus for establishing a multicast channel with the multicast server, and the encrypted content receiving apparatus is configured to receive the multicast from the multicast channel. Encrypted content of the server.
  • Other encryption/decryption processes are similar to those described in the previous section and will not be described here.
  • the present invention is not limited to the field of wireless communications, and that the present invention is equally applicable in communication networks such as IPTV that support broadcast and/or multicast.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Procédé et dispostif pour communications sécurisées par diffusion ou multidiffusion. Ledit procédé consiste en: le cryptage du contenu à retransmettre par le serveur de diffusion ou multidiffusion de manière à obtenir un contenu encodé; l'envoi du contenu crypté par diffusion ou multidiffusion à chaque équipement utilisateur; la réception par chaque équipement utilisateur du contenu crypté envoyé par diffusion ou multidiffusion à partir du serveur de diffusion ou multidiffusion puis le décryptage du contenu crypté reçu en vue de l'obtention du contenu original.
PCT/CN2009/000521 2008-08-01 2009-05-14 Procédé et dispositif pour communications sécurisées par diffusion ou multidiffusion WO2010012148A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810041303.2 2008-08-01
CN200810041303.2A CN101640840B (zh) 2008-08-01 2008-08-01 用于基于广播或多播进行安全通信的方法及其装置

Publications (1)

Publication Number Publication Date
WO2010012148A1 true WO2010012148A1 (fr) 2010-02-04

Family

ID=41609922

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/000521 WO2010012148A1 (fr) 2008-08-01 2009-05-14 Procédé et dispositif pour communications sécurisées par diffusion ou multidiffusion

Country Status (2)

Country Link
CN (1) CN101640840B (fr)
WO (1) WO2010012148A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860406A (zh) * 2010-04-09 2010-10-13 北京创毅视讯科技有限公司 一种中央处理器、移动多媒体广播的装置、系统及方法

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645500B (zh) * 2017-09-15 2021-01-01 成都德芯数字科技股份有限公司 广播数据交互方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050021945A1 (en) * 2001-10-24 2005-01-27 Valtteri Niemi Ciphering as a part of the multicast concept
US20060104442A1 (en) * 2004-11-16 2006-05-18 Samsung Electronics Co., Ltd. Method and apparatus for receiving broadcast content
CN101119200A (zh) * 2007-08-03 2008-02-06 上海贝尔阿尔卡特股份有限公司 用于提供广播/多播业务的方法、网络单元、终端和系统
CN101171860A (zh) * 2005-04-07 2008-04-30 法国电信公司 管理接入多媒体内容的安全方法和设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1192649C (zh) * 2002-04-12 2005-03-09 华为技术有限公司 移动通信系统中向移动终端发送密码信息的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050021945A1 (en) * 2001-10-24 2005-01-27 Valtteri Niemi Ciphering as a part of the multicast concept
US20060104442A1 (en) * 2004-11-16 2006-05-18 Samsung Electronics Co., Ltd. Method and apparatus for receiving broadcast content
CN101171860A (zh) * 2005-04-07 2008-04-30 法国电信公司 管理接入多媒体内容的安全方法和设备
CN101119200A (zh) * 2007-08-03 2008-02-06 上海贝尔阿尔卡特股份有限公司 用于提供广播/多播业务的方法、网络单元、终端和系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects;Generie Bootstrapping Architecture (GBA) Push Function", 3GPP TS 33.223 V8.0.0, June 2008 (2008-06-01), pages 16 - 18, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Specs/html-info/33223.htm> *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860406A (zh) * 2010-04-09 2010-10-13 北京创毅视讯科技有限公司 一种中央处理器、移动多媒体广播的装置、系统及方法
CN101860406B (zh) * 2010-04-09 2014-05-21 北京创毅视讯科技有限公司 一种中央处理器、移动多媒体广播的装置、系统及方法

Also Published As

Publication number Publication date
CN101640840A (zh) 2010-02-03
CN101640840B (zh) 2013-03-13

Similar Documents

Publication Publication Date Title
US20190068591A1 (en) Key Distribution And Authentication Method And System, And Apparatus
CA2496677C (fr) Procede et dispositif assurant la securite des transmissions de donnees dans un systeme de communications sans fil
US8121296B2 (en) Method and apparatus for security in a data processing system
US9467285B2 (en) Security of a multimedia stream
KR101299837B1 (ko) 순방향 링크 전용 디바이스로부터 비순방향 링크 전용 디바이스로의 신뢰 확립
US9578041B2 (en) Verification of peer-to-peer multimedia content
US8954739B2 (en) Efficient terminal authentication in telecommunication networks
Mavridis et al. Real-life paradigms of wireless network security attacks
RU2530331C2 (ru) Способ согласования многоадресного ключа, подходящий для системы группового вызова, и соответствующая система
WO2006070256A1 (fr) Systeme, procede et progiciel de detection d&#39;element indesirable dans un groupe de multidiffusion
CN105656941A (zh) 身份认证装置和方法
WO2010020186A1 (fr) Procédé de distribution de clé de multidiffusion, procédé de mise à jour et station de base utilisant une clé de conversation d&#39;unidiffusion
WO2012083828A1 (fr) Procédé, station de base et système de mise en œuvre de trafic d&#39;acheminement local
CN108964886B (zh) 包含加密算法的通信方法、包含解密算法的通信方法及设备
KR101123598B1 (ko) 데이터 프로세싱 시스템에서의 보안용 방법 및 장치
US20090196424A1 (en) Method for security handling in a wireless access system supporting multicast broadcast services
EP2320691A1 (fr) Procédé d&#39;amélioration de la sécurité du système de diffusion/multidiffusion
EP4238273A1 (fr) Procédé et dispositif de distribution d&#39;une clé de chiffrement de multidiffusion
CN101808286A (zh) 一种适合集群系统的组播密钥协商方法及系统
WO2010012148A1 (fr) Procédé et dispositif pour communications sécurisées par diffusion ou multidiffusion
CN112822018B (zh) 一种基于双线性对的移动设备安全认证方法及系统
WO2022167239A1 (fr) Fourniture de wi-fi chiffrée
CN116830533A (zh) 用于分发多播加密密钥的方法和设备
CN116918300A (zh) 用于操作蜂窝网络的方法
EP2109314A1 (fr) Procédé de protection des clés échangées entre une carte intelligente et un terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09802341

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09802341

Country of ref document: EP

Kind code of ref document: A1