WO2014180390A2 - Trunking group communication public security implementation method and device - Google Patents

Trunking group communication public security implementation method and device Download PDF

Info

Publication number
WO2014180390A2
WO2014180390A2 PCT/CN2014/078185 CN2014078185W WO2014180390A2 WO 2014180390 A2 WO2014180390 A2 WO 2014180390A2 CN 2014078185 W CN2014078185 W CN 2014078185W WO 2014180390 A2 WO2014180390 A2 WO 2014180390A2
Authority
WO
WIPO (PCT)
Prior art keywords
key
random number
network side
group
decryption
Prior art date
Application number
PCT/CN2014/078185
Other languages
French (fr)
Chinese (zh)
Other versions
WO2014180390A3 (en
Inventor
潘磊
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014180390A2 publication Critical patent/WO2014180390A2/en
Publication of WO2014180390A3 publication Critical patent/WO2014180390A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1813Arrangements for providing special services to substations for broadcast or conference, e.g. multicast for computer conferences, e.g. chat rooms
    • H04L12/1818Conference organisation arrangements, e.g. handling schedules, setting up parameters needed by nodes to attend a conference, booking network resources, notifying involved parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/15Aspects of automatic or semi-automatic exchanges related to dial plan and call routing
    • H04M2203/152Temporary dial plan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/609Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/50Centralised arrangements for answering calls; Centralised arrangements for recording messages for absent or busy subscribers ; Centralised arrangements for recording messages
    • H04M3/51Centralised call answering arrangements requiring operator intervention, e.g. call or contact centers for telemarketing
    • H04M3/5116Centralised call answering arrangements requiring operator intervention, e.g. call or contact centers for telemarketing for emergency applications

Definitions

  • the present invention relates to the field of communications, and more particularly to a method and apparatus for implementing public security of trunking communications.
  • BACKGROUND In an existing LTE system, a downlink public broadcast channel is not secured, and a dedicated channel has its own unique security parameters. However, due to the special needs of the cluster, multiple users in the same group need to listen to a common channel together, so multiple security parameters are required to be synchronized. At present, the related technologies do not support the problem that the terminal is on the downlink common channel and implements the multi-user security for the point-to-multiple cluster service. Currently, no effective solution has been proposed.
  • the present invention provides a method and an apparatus for public communication of a cluster communication, so as to at least solve the problem in the related art that the terminal does not support the multi-user security for the point-to-multiple cluster service on the downlink common channel.
  • a method for implementing public security of a trunking communication including: when a terminal in a group initiates a group call, receiving a random number from a network side; And a root key generated in advance from the network side to generate an intermediate parameter, and a first key for non-access stratum (Non-Access Stratum, NAS) decryption and integrity protection; generating a second according to the intermediate parameter Keys: Decrypt and integrity protect data from a trunk control group control channel (TCCCH) and a trunking group traffic channel (TGTCH) according to the second key.
  • TCCH trunk control group control channel
  • TGTCH trunking group traffic channel
  • generating the second key according to the intermediate parameter comprises: generating the second key according to the intermediate parameter by using a Key Distribution Algorithm (KDF) algorithm.
  • KDF Key Distribution Algorithm
  • receiving the random number from the network side comprising: receiving a paging message on the network side; and acquiring the random number from the paging message.
  • the first key includes: a first subkey for NAS decryption, a second subkey for NAS integrity protection; and/or the second key, including: A third subkey of signaling decryption and integrity protection of TGCCH, a fourth subkey for data decryption of TGTCH.
  • the method further includes: after the group call ends, retaining the root key, and deleting the random number, the first key, and the second key.
  • the method further includes: in decrypting the data, decrypting data received by the terminal in the group by using the same Count value.
  • the method further includes: receiving, before the terminal initiates the group call, the root key sent by the network side.
  • a device for implementing public security of a trunking communication including: a receiving module, configured to receive a random time from a network side when a terminal in a group initiates a group call a first generation module, configured to generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key set to non-access stratum NAS decryption and integrity protection; second generation a module, configured to generate a second key according to the intermediate parameter; and a processing module configured to decrypt and integrity protect data from the cluster control channel TGCCH and the cluster traffic channel TGTCH according to the second key.
  • the second generating module is further configured to generate the second key by using a KDF algorithm according to the intermediate parameter.
  • the receiving module includes: a receiving unit, configured to receive a paging message on the network side; and an acquiring unit, configured to acquire the random number from the paging message.
  • the first key and the technical solution for generating the intermediate parameter of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel solve the related art, and do not support the terminal in the downlink On the common channel, the problem of multi-user security is achieved for point-to-multiple cluster services. Therefore, the security mechanism of the downlink common channel of the user equipment (User Equipment, UE for short) is implemented.
  • User Equipment User Equipment
  • FIG. 1 is a flowchart of a method for implementing public communication of trunking communication according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention
  • 3 is a schematic flowchart of generating Kgnasint according to a root key Kg according to an embodiment of the present invention
  • FIG. 1 is a flowchart of a method for implementing public communication of trunking communication according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention
  • 3 is a schematic flowchart of generating Kgnasint according to a root key Kg according to an embodiment of the present invention
  • FIG. 1 is a flowchart of a method for implementing public communication of trunking communication according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of generating Kgnasenc
  • FIG. 4 is a schematic flowchart of generating Kgenb according to a root key Kg according to an embodiment of the present invention
  • FIG. FIG. 6 is a flow chart of generating Kgrrcenc according to Kgenb according to an embodiment of the present invention
  • FIG. 7 is a schematic flowchart of generating Kgrrcint according to Kgenb according to an embodiment of the present invention
  • FIG. 8 is a schematic diagram of generating Kgrrcint according to Kgenb according to an embodiment of the present invention
  • FIG. 9 is a structural diagram of a cluster system according to a preferred embodiment of the present invention.
  • FIG. 10 is a structural diagram of a cluster communication public security implementation apparatus according to an embodiment of the present invention.
  • BEST MODE FOR CARRYING OUT THE INVENTION the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
  • FIG. 1 is a flowchart of a method for implementing cluster communication public security according to an embodiment of the present invention. As shown in FIG. 1, the method includes: Steps S102 to S108.
  • the method may further include the following steps: the terminal starts the registration, and the network side initiates the group information update and receives.
  • the root key provided by the embodiment of the present invention is different from the existing LTE system.
  • the root key Kg is solidified in the SIM card.
  • the root key provided by the embodiment of the present invention has the same root key Kg for the users of the same group, and therefore cannot be solidified in the SIM card. Instead, it is carried to each terminal through NAS signaling.
  • the NAS signaling is LTE security protected, so it is secure.
  • receiving the random number from the network side may include: receiving the paging message on the network side; and acquiring the random number from the paging message.
  • S104 Generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key used for NAS decryption and integrity protection.
  • the first key may include: a first subkey for NAS decryption, and a second subkey for NAS integrity protection.
  • the first subkey and the second subkey in the first key determined according to the random number and the root key may be specifically: K value Kgnasenc used for NAS layer encryption and decryption and The K value Kgnasint for the integrity protection of the NAS layer; the above intermediate parameter may be specifically: a K value Kgenb for further generating an air interface key. As shown in FIG. 2, FIG.
  • FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention.
  • the input parameters used are the NAS encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1)
  • the KDF function input key is Kg; (2) Constructing a byte string
  • p2 GID, group identification, 64bit;
  • L2 0x00 0x08;
  • FIG. 3 is a schematic flowchart of generating Kgnasint according to the root key Kg according to an embodiment of the present invention.
  • the input parameters used are the NAS integrity protection algorithm Alg, the group ID, and the random number Rand, where the parameters used are as follows: (1)
  • the KDF function input key is Kg; (2) Construct word
  • FIG. 4 is a root key Kg according to an embodiment of the present invention. A schematic diagram of the process of generating Kgenb.
  • S106 Generate a second key according to the foregoing intermediate parameter.
  • the second key is generated according to the intermediate parameter, and the second key includes: a third subkey used for signaling decryption and integrity protection of the TGCCH, and a data decryption for TGTCH.
  • the third subkey may be specifically: Kgrrcint, Kgrrcenc
  • the fourth subkey may be specifically: Kgupenc.
  • FIG. 5 is a schematic flowchart of generating Kgupenc according to Kgenb according to an embodiment of the present invention.
  • the input parameters used are the UP encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1)
  • the KDF function input key is Kgenb; (2) Constructing a byte string
  • FIG. 6 is a schematic flowchart of generating Kgrrcenc according to Kgenb according to an embodiment of the present invention.
  • the input parameters used are the RRC encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kgenb; (2) Constructing a byte string
  • Parameter pi RRC-enc-alg, 0x03;
  • Parameter LI 0x00 0x01;
  • p2 GID, group identification, 64bit;
  • L2 0x00, 0x08;
  • FIG. 7 is a schematic flowchart of generating Kgrrcint according to Kgenb according to an embodiment of the present invention.
  • the input parameters used are the RRC integrity protection algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kgenb; (2) Construct word
  • S108 Decrypt and integrity protect data from the TGCCH and the TGTCH according to the second key.
  • the signaling and data of the TGCCH and TGTCH channels are started to be received, and normal cluster services are performed.
  • the signaling of the TGCCH channel is decrypted and integrity protected by the public security keys Kgrrcenc, Kgrrcint, and the user plane data of the TGTCH is decrypted by the key Kgupenc, and after the group call ends, the root key is retained, and the above is deleted. a random number, the first key described above, and the second key.
  • the decryption process involved in this embodiment that is, in the process of decrypting the above data, the data received by the terminal in the group is decrypted by using the same count Count value.
  • the design is to cure hfn, and when the sn is flipped, the hfn is not incremented. Therefore, the user who accesses first and later access can correctly decrypt the user plane data.
  • Step 2 Obtain a key stream block by using an encryption algorithm.
  • Step 3 Encrypt the data stream to be encrypted and the generated key stream block.
  • the non-access layer NAS decryption and integrity protection are generated according to the random number received from the network side and the root key acquired from the network side in advance.
  • the first key and the technical solution for generating the intermediate parameters of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel are solved, and the related art does not support the terminal in On the downlink common channel, the problem of multi-user security is achieved for point-to-multiple cluster services. Thereby, the security mechanism of the downlink common channel of the cluster UE is realized.
  • FIG. 9 is an architectural diagram of a cluster system according to a preferred embodiment of the present invention. As shown in FIG. 9, the following steps 1 to 3 are mainly included. Step 1: The core network sends the Kg corresponding to each group to the terminal through the group information update process. Step 2: A group initiates a group call, and the network side generates a random number, which is sent to the terminal of the group through paging.
  • Step 3 The terminal calculates corresponding key values for the integrity protection and decryption by using the random numbers GroupCallRand and Kg and the solidified security algorithm.
  • the design of the random number GroupCallRand: Kg is unchanged for multiple group calls of the same group. In order not to be easily cracked, it is required to have different keys every time the group call is initiated, and the present invention is implemented.
  • the random number provided by the example is carried in the paging, and the purpose is to enable each group call to generate a different key. It should be noted that, in FIG.
  • the PDS is an abbreviation of Personal Digital System, which can be translated into a personal digital system
  • PHS is an abbreviation of Personal Handy phone System, and can be translated into a handheld telephone system
  • e B is an abbreviation of E-UTRAN NodeB.
  • a device for implementing the public communication of the cluster communication is also provided, which is used to implement the above-mentioned embodiments and preferred embodiments. The descriptions of the modules involved in the device are described below. .
  • the term "module" may implement a combination of software and/or hardware of a predetermined function.
  • FIG. 10 is a structural diagram of an apparatus for implementing cluster communication public security according to an embodiment of the present invention.
  • the apparatus includes: a receiving module 102, a first generating module 104, a second generating module 106, and a processing module 108.
  • the respective modules are described below.
  • the receiving module 102 is configured to receive a random number from the network side when the terminal in the group initiates the group call.
  • a further improvement of the foregoing technical solution in the embodiment of the present invention is that the receiving module 102 is further configured to generate the second key by using a KDF algorithm according to the intermediate parameter.
  • the first generation module 104 is connected to the receiving module 102, and is configured to generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key set as a non-access stratum NAS decryption and integrity protection. .
  • the second generation module 106 is connected to the first generation module 104 and configured to generate a second key according to the intermediate parameter.
  • the processing module 108 is coupled to the second generation module 106 and configured to decrypt and integrity protect data from the TGCCH and the TGTCH according to the second key. In this embodiment, as shown in FIG.
  • the receiving module 102 may further include: a receiving unit 1022, configured to receive a paging message on the network side; an obtaining unit 1024, connected to the receiving unit 1022, configured to be from the paging Obtain the above random number in the message.
  • the first generation module 104 When the group call is initiated by the terminal in the group, the first generation module 104 generates a non-connection according to the random number received by the receiving module 102 from the network side and the root key acquired in advance from the network side.
  • the first key of the inbound NAS decryption and integrity protection and the processing module 108 generate a second key according to the second generation module 106 to decrypt and secure the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel.
  • the technical solution of the parameter solves the problem in the related art that the terminal is not supported on the downlink common channel, and the multi-user security is realized for the point-to-multiple cluster service.
  • the security mechanism of the downlink common channel of the cluster UE is realized.
  • the random number provided by the embodiment of the present invention is carried in the paging, and the purpose is to enable each group call to generate a different key.
  • the foregoing technical solutions provided by the embodiments of the present invention achieve the following effects:
  • the related art does not support the problem that the terminal does not support the cluster service on the downlink common channel and achieves multi-user security. .
  • the security mechanism of the downlink common channel of the cluster UE is realized.
  • the random number provided by the embodiment of the present invention is carried in the paging, and the purpose is to enable each group call to generate a different key.
  • the above-mentioned devices or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. Perform the steps shown or described, or separate them into individual integrated circuit modules, or Multiple of these modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
  • the first key of the integrity protection and the technical solution for generating the intermediate parameters of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel are solved in the related art, Supporting the terminal to achieve multi-user security for point-to-multiple cluster services on the downlink common channel. Thereby, the security mechanism of the downlink common channel of the cluster UE is realized. Therefore, it has industrial applicability.

Abstract

The present invention provides a trunking group communication public security implementation method and device, wherein said method comprises: when a terminal within a group initiates a group call, receiving a random number from a network side; in accordance with said random number and with a root key obtained in advance from the network side, generating an intermediate parameter, and also a first key used for non-access stratum (NAS) decryption and integrity protection; generating a second key in accordance with said intermediate parameter; in accordance with the second key, engaging in the decryption and integrity protection of data coming from a trunking group control channel (TGCCH) and from a trunking group traffic channel (TGTCH). The above technical solution provided in the present invention solves the problem of the related art whereby a terminal is not supported on a downlink shared channel in regard to a point-to-multipoint type of trunking group traffic, thus achieving multi-user security. A security mechanism for trunking group UE terminal trunking group communication public channels is thus implemented.

Description

集群通信公共安全的实现方法及装置 技术领域 本发明通信领域, 更具体地说, 涉及一种集群通信公共安全的实现方法及装置。 背景技术 在现有的 LTE系统中, 下行公共广播信道是不做安全保护的, 而专用信道则每个 用户有其独自的安全参数。 但是由于集群的特殊需求, 需要同组多个用户共同监听一 个公共信道, 那么就需要多个用的安全参数要同步。 目前针对相关技术中, 不支持终端在下行公共信道上,针对点对多这种集群业务, 实现多用户的安全的问题, 目前尚未提出有效的解决方案。 发明内容 本发明提供了一种集群通信公共安全的方法及装置, 以至少解决相关技术中, 不 支持终端在下行公共信道上, 针对点对多这种集群业务, 实现多用户的安全的问题。 为了达到上述目的, 根据本发明的一个方面, 提供了一种集群通信公共安全的实 现方法, 包括: 当群组内的终端发起组呼时, 接收来自网络侧的随机数; 根据所述随 机数以及预先从网络侧获取的根密钥生成中间参数, 以及用于非接入层 (Non-Access Stratum, 简称为 NAS)解密和完整性保护的第一密钥; 根据所述中间参数生成第二密 钥; 根据所述第二密钥对来自集群控制信道(Trunking Group Control Channel, 简称为 TGCCH) 和集群业务信道 (Trunking Group Traffic Channel, 简称为 TGTCH) 的数据 进行解密和完整性保护。 优选地, 根据所述中间参数生成第二密钥, 包括: 根据所述中间参数利用密钥分 割算法 (Key Distribution Algorithm, 简称为 KDF) 算法生成所述第二密钥。 优选地, 接收来自网络侧的随机数, 包括: 接收所述网络侧的寻呼消息; 从所述 寻呼消息中获取所述随机数。 优选地, 所述第一密钥, 包括: 用于 NAS解密的第一子密钥、 用于 NAS完整性 保护的第二子密钥; 和 /或所述第二密钥, 包括: 用于 TGCCH的信令解密和完整性保 护的第三子密钥、 用于 TGTCH的数据解密的第四子密钥。 优选地, 所述还包括: 在所述组呼结束后, 保留所述根密钥, 并删除所述随机数、 所述第一密钥和所述第二密钥。 优选地, 所述方法还包括: 在对所述数据进行解密过程中, 对所述群组内的终端 所接收的数据采用相同的计数 Count值进行解密。 优选地, 所述方法还包括: 在所述终端发起组呼之前, 接收网络侧发送的所述根 密钥。 为了达到上述目的, 根据本发明的再一个方面, 还提供了一种集群通信公共安全 的实现装置, 包括: 接收模块, 设置为在群组内的终端发起组呼时, 接收来自网络侧 的随机数; 第一生成模块, 设置为根据所述随机数以及预先从网络侧获取的根密钥生 成中间参数,以及设置为非接入层 NAS解密和完整性保护的第一密钥;第二生成模块, 设置为根据所述中间参数生成第二密钥; 处理模块, 设置为根据所述第二密钥对来自 集群控制信道 TGCCH和集群业务信道 TGTCH的数据进行解密和完整性保护。 优选地,所述第二生成模块还设置为根据所述中间参数利用 KDF算法生成所述第 二密钥。 优选地, 所述接收模块, 包括: 接收单元, 设置为接收所述网络侧的寻呼消息; 获取单元, 设置为从所述寻呼消息中获取所述随机数。 通过本发明, 采用当群组内的终端发起组呼时, 根据从网络侧接收到的随机数以 及预先从网络侧获取的根密钥,生成用于非接入层 NAS解密和完整性保护的第一密钥 以及用于生成来自集群控制信道 TGCCH和集群业务信道 TGTCH信道的数据进行解 密和完整性保护的第二密钥的中间参数的技术方案, 解决了相关技术中, 不支持终端 在下行公共信道上, 针对点对多这种集群业务, 实现多用户的安全的问题。 从而实现 了集群用户设备 (User Equipment, 简称为 UE) 端下行公共信道的安全机制。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部分, 本发 明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不当限定。 在附图 中: 图 1为根据本发明实施例的集群通信公共安全的实现方法的流程图; 图 2为根据本发明实施例的根据根密钥 Kg生成 Kgnasenc的流程示意图; 图 3为根据本发明实施例的根据根密钥 Kg生成 Kgnasint的流程示意图; 图 4为根据本发明实施例的根据根密钥 Kg生成 Kgenb的流程示意图; 图 5为根据本发明实施例的根据 Kgenb生成 Kgupenc的流程示意图; 图 6为根据本发明实施例的根据 Kgenb生成 Kgrrcenc的流程示意图; 图 7为根据本发明实施例的根据 Kgenb生成 Kgrrcint的流程示意图; 图 8为根据本发明实施例的稳态数据的解密原理图; 图 9为根据本发明优选实施例的集群系统的架构图; 图 10为根据本发明实施例的集群通信公共安全的实现装置的结构图; 图 11为根据本发明实施例的集群通信公共安全的实现装置的再一结构图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不冲突的 情况下, 本申请中的实施例及实施例中的特征可以相互组合。 图 1为根据本发明实施例的集群通信公共安全的实现方法的流程图。如图 1所示, 该方法包括: 步骤 S102至步骤 S108。 S102: 当群组内的终端发起组呼时, 接收来自网络侧的随机数; 在群组内的终端 发起组呼之前, 还可以包括如下步骤: 终端开机注册完成, 网络侧发起组信息更新接 收网络侧发送的根密钥。 本发明实施例提供的根密钥不同于现有的 LTE系统。 例如, 在现有的 LTE系统中, 根密钥 Kg的固化在 SIM卡里面的。 而本发明实施例提供的根 密钥是同一个群组的用户拥有同样的根密钥 Kg, 所以不能固化在 SIM卡里。 而是通 过 NAS信令携带给各个终端。 而该 NAS信令是 LTE安全保护的, 所以是安全的。 在该步骤 S102中,接收来自网络侧的随机数可以包括:接收上述网络侧的寻呼消 息; 从上述寻呼消息中获取上述随机数。 The present invention relates to the field of communications, and more particularly to a method and apparatus for implementing public security of trunking communications. BACKGROUND In an existing LTE system, a downlink public broadcast channel is not secured, and a dedicated channel has its own unique security parameters. However, due to the special needs of the cluster, multiple users in the same group need to listen to a common channel together, so multiple security parameters are required to be synchronized. At present, the related technologies do not support the problem that the terminal is on the downlink common channel and implements the multi-user security for the point-to-multiple cluster service. Currently, no effective solution has been proposed. SUMMARY OF THE INVENTION The present invention provides a method and an apparatus for public communication of a cluster communication, so as to at least solve the problem in the related art that the terminal does not support the multi-user security for the point-to-multiple cluster service on the downlink common channel. In order to achieve the above object, according to an aspect of the present invention, a method for implementing public security of a trunking communication is provided, including: when a terminal in a group initiates a group call, receiving a random number from a network side; And a root key generated in advance from the network side to generate an intermediate parameter, and a first key for non-access stratum (Non-Access Stratum, NAS) decryption and integrity protection; generating a second according to the intermediate parameter Keys: Decrypt and integrity protect data from a trunk control group control channel (TCCCH) and a trunking group traffic channel (TGTCH) according to the second key. Preferably, generating the second key according to the intermediate parameter comprises: generating the second key according to the intermediate parameter by using a Key Distribution Algorithm (KDF) algorithm. Preferably, receiving the random number from the network side, comprising: receiving a paging message on the network side; and acquiring the random number from the paging message. Preferably, the first key includes: a first subkey for NAS decryption, a second subkey for NAS integrity protection; and/or the second key, including: A third subkey of signaling decryption and integrity protection of TGCCH, a fourth subkey for data decryption of TGTCH. Preferably, the method further includes: after the group call ends, retaining the root key, and deleting the random number, the first key, and the second key. Preferably, the method further includes: in decrypting the data, decrypting data received by the terminal in the group by using the same Count value. Preferably, the method further includes: receiving, before the terminal initiates the group call, the root key sent by the network side. In order to achieve the above object, according to still another aspect of the present invention, a device for implementing public security of a trunking communication is provided, including: a receiving module, configured to receive a random time from a network side when a terminal in a group initiates a group call a first generation module, configured to generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key set to non-access stratum NAS decryption and integrity protection; second generation a module, configured to generate a second key according to the intermediate parameter; and a processing module configured to decrypt and integrity protect data from the cluster control channel TGCCH and the cluster traffic channel TGTCH according to the second key. Preferably, the second generating module is further configured to generate the second key by using a KDF algorithm according to the intermediate parameter. Preferably, the receiving module includes: a receiving unit, configured to receive a paging message on the network side; and an acquiring unit, configured to acquire the random number from the paging message. According to the present invention, when a terminal in a group initiates a group call, according to a random number received from the network side and a root key acquired from the network side in advance, a non-access layer NAS decryption and integrity protection is generated. The first key and the technical solution for generating the intermediate parameter of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel solve the related art, and do not support the terminal in the downlink On the common channel, the problem of multi-user security is achieved for point-to-multiple cluster services. Therefore, the security mechanism of the downlink common channel of the user equipment (User Equipment, UE for short) is implemented. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1 is a flowchart of a method for implementing public communication of trunking communication according to an embodiment of the present invention; FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention; 3 is a schematic flowchart of generating Kgnasint according to a root key Kg according to an embodiment of the present invention; FIG. 4 is a schematic flowchart of generating Kgenb according to a root key Kg according to an embodiment of the present invention; FIG. FIG. 6 is a flow chart of generating Kgrrcenc according to Kgenb according to an embodiment of the present invention; FIG. 7 is a schematic flowchart of generating Kgrrcint according to Kgenb according to an embodiment of the present invention; FIG. 8 is a schematic diagram of generating Kgrrcint according to Kgenb according to an embodiment of the present invention; FIG. 9 is a structural diagram of a cluster system according to a preferred embodiment of the present invention; FIG. 10 is a structural diagram of a cluster communication public security implementation apparatus according to an embodiment of the present invention; A further block diagram of the cluster communication public security implementation apparatus of the embodiment. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. FIG. 1 is a flowchart of a method for implementing cluster communication public security according to an embodiment of the present invention. As shown in FIG. 1, the method includes: Steps S102 to S108. S102: When a terminal in the group initiates a group call, receiving a random number from the network side; before the terminal in the group initiates the group call, the method may further include the following steps: the terminal starts the registration, and the network side initiates the group information update and receives. The root key sent by the network side. The root key provided by the embodiment of the present invention is different from the existing LTE system. For example, in the existing LTE system, the root key Kg is solidified in the SIM card. However, the root key provided by the embodiment of the present invention has the same root key Kg for the users of the same group, and therefore cannot be solidified in the SIM card. Instead, it is carried to each terminal through NAS signaling. The NAS signaling is LTE security protected, so it is secure. In the step S102, receiving the random number from the network side may include: receiving the paging message on the network side; and acquiring the random number from the paging message.
S104: 根据上述随机数以及预先从网络侧获取的根密钥生成中间参数, 以及用于 NAS解密和完整性保护的第一密钥。 在本实施例中,上述第一密钥可以包括:用于 NAS解密的第一子密钥、用于 NAS 完整性保护的第二子密钥。 在本实施例中, 根据随机数以及上述根密钥确定的第一密 钥中的第一子密钥和第二子密钥可以具体分别为:用于 NAS层加解密的 K值 Kgnasenc 和用于 NAS层完整性保护的 K值 Kgnasint;上述中间参数可以具体为:用于进一步生 成空口密钥的 K值 Kgenb。 如图 2所示, 图 2为根据本发明实施例的根据根密钥 Kg生成 Kgnasenc的流程示 意图。 在图 2中, 其中用到的入参是 NAS加密算法 Alg, 组 id, 以及随机数 Rand, 其中使用的各参数如下: (1 ) KDF函数输入密钥为 Kg; (2) 构造字节串 s的各参数 分别为: FC=0xl5 参数 pO=Alg-ID, 加密算法标识, 使用 EEA0算法时为 0x00,使用 128-EEA1算法时为 0x01, 使用 128-EEA2算法时为 0x02; 参数 L0 = 0x00 0x01; 参数 pi = NAS-enc-alg, 0x01;参数 L1 = 0x00 0x01; p2 = GID, 组标识, 64bit; L2 = 0x00 0x08; p3 = Rand; L3 = 0x00 0x04 (3 ) KDF函数输出 256bit的密钥, 由于 NAS加密算法需 要使用 128位输入密钥, 因此截取 KDF输出的 256bit的低 128bit为 Kgnasenc。 如图 3所示, 图 3为根据本发明实施例的根据根密钥 Kg生成 Kgnasint的流程示 意图。 在图 3中, 其中用到的入参是 NAS完整性保护算法 Alg, 组 ID, 以及随机数 Rand, 其中使用的各参数如下: (1 ) KDF函数输入密钥为 Kg; (2) 构造字节串 s的 各参数分别为: FC = 0x15;参数 p0 = Alg-ID,加密算法标识,使用 EIA0算法时为 0x00, 使用 128-EIA1算法时为 0x01, 使用 128-EIA2算法时为 0x02 ; 参数 L0 = 0x00 0x01; 参数 pi = NAS-int-alg, 0x02; 参数 LI = 0x00 0x01; p2 = GID,组标识, 64bit; L2 = 0x00,0x08; p3 = Rand; L3 = 0x00 0x04 (3 ) KDF函数输出 256bit的密钥, 由于 NAS 完整性保护算法需要使用 128位密钥, 因此截取 KDF输出的 256bit的低 128bit为 Kgnasint 如图 4所示, 图 4为根据本发明实施例的根据根密钥 Kg生成 Kgenb的流程示意 图。 在图 4中, 其中入参是 SN和随机数 Rand, 其中使用的各参数如下: (l ) KDF函 数输入密钥为 Kg ; (2) 构造字节串 s的各参数分别为: FC = 0xl l参数 pO = SN id, SN id由移动台国家码 (Mobile Country Code, 简称为 MCC)与移动网络代码 (Mobile Network Code, 简称为 MNC)按照如下表 1 (具体可以查询 LTE标准)所示的规则构 成: 表 1 S104: Generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key used for NAS decryption and integrity protection. In this embodiment, the first key may include: a first subkey for NAS decryption, and a second subkey for NAS integrity protection. In this embodiment, the first subkey and the second subkey in the first key determined according to the random number and the root key may be specifically: K value Kgnasenc used for NAS layer encryption and decryption and The K value Kgnasint for the integrity protection of the NAS layer; the above intermediate parameter may be specifically: a K value Kgenb for further generating an air interface key. As shown in FIG. 2, FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention. In Figure 2, the input parameters used are the NAS encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kg; (2) Constructing a byte string The parameters of s are: FC=0xl5 Parameter pO=Alg-ID, encryption algorithm identification, 0x00 when using EEA0 algorithm, 0x01 when using 128-EEA1 algorithm, 0x02 when using 128-EEA2 algorithm; parameter L0 = 0x00 0x01; Parameter pi = NAS-enc-alg, 0x01; parameter L1 = 0x00 0x01; p2 = GID, group identification, 64bit; L2 = 0x00 0x08; p3 = Rand; L3 = 0x00 0x04 (3) KDF function outputs 256bit dense Key, since the NAS encryption algorithm needs to use a 128-bit input key, the 256-bit low 128-bit that intercepts the KDF output is Kgnasenc. As shown in FIG. 3, FIG. 3 is a schematic flowchart of generating Kgnasint according to the root key Kg according to an embodiment of the present invention. In Figure 3, the input parameters used are the NAS integrity protection algorithm Alg, the group ID, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kg; (2) Construct word The parameters of the section string s are: FC = 0x15; parameter p0 = Alg-ID, encryption algorithm identifier, 0x00 when using EIA0 algorithm, 0x01 when using 128-EIA1 algorithm, 0x02 when using 128-EIA2 algorithm; L0 = 0x00 0x01; Parameter pi = NAS-int-alg, 0x02; Parameter LI = 0x00 0x01; p2 = GID, group identification, 64bit; L2 = 0x00, 0x08; p3 = Rand; L3 = 0x00 0x04 (3) KDF function The 256-bit key is output. Since the NAS integrity protection algorithm needs to use a 128-bit key, the 256-bit low 128-bit of the KDF output is Kgnasint. As shown in FIG. 4, FIG. 4 is a root key Kg according to an embodiment of the present invention. A schematic diagram of the process of generating Kgenb. In Figure 4, where the input parameter is SN and the random number Rand, the parameters used are as follows: (1) The input key of the KDF function is Kg; (2) The parameters of constructing the byte string s are: FC = 0xl l The parameter pO = SN id, SN id is shown by the mobile country code (Mobile Country Code, MCC for short) and the mobile network code (Mobile Network Code, MNC for short) as shown in the following Table 1 (specifically, the LTE standard can be queried). Rule composition: Table 1
MCC digi t 2― ___ I CC tfiflit ί MCC digi t 2― ___ I CC tfiflit ί
MNC digit 3 MCC Jiiii : 3 MNC digit 3 MCC Jiiii : 3
C diflit 2 I MNC翻 it 1 其中, 参数 LO = ρθ的长度, 为 0x00 0x03参数 pi = Rand, 32bit, Rand是每次组 呼建立时由 PHR生成的一个随机数参数 LI = pi的长度, 为 0x00 0x04。 其中, 数字 1-8表示 byte中的 8个比特。  C diflit 2 I MNC turns it 1 where the length of the parameter LO = ρθ is 0x00 0x03 parameter pi = Rand, 32bit, Rand is the length of a random number parameter LI = pi generated by PHR each time the group call is established, 0x00 0x04. Among them, the numbers 1-8 represent 8 bits in the byte.
S106: 根据上述中间参数生成第二密钥。 其中, 根据中间参数生成二密钥利用的是 KDF, 此外, 上述第二密钥, 包括: 用 于 TGCCH的信令解密和完整性保护的第三子密钥、 用于 TGTCH的数据解密的第四 子密钥。 在本实施例中, 上述第三子密钥可以具体为: Kgrrcint, Kgrrcenc, 以及第四 子密钥可以具体为: Kgupenc。 如图 5所示,图 5为根据本发明实施例的根据 Kgenb生成 Kgupenc的流程示意图。 在图 5中, 其中用到的入参是 UP加密算法 Alg, 组 id, 以及随机数 Rand, 其中使用 的各参数如下: (1 ) KDF函数输入密钥为 Kgenb; (2)构造字节串 s的各参数分别为: FC = 0x15参数 p0 = Alg-ID,加密算法标识,使用 EEA0算法时为 0x00,使用 128-EEA1 算法时为 0x01, 使用 128-EEA2算法时为 0x02 ; 参数 L0 = 0x00 0x01; 参数 pi = UP-enc-alg, 0x05; 参数 LI = 0x00 0x01; p2 = GID, 组标识, 64bit; L2 = 0x00,0x08; p3 = Rand; L3 = 0x00 0x04 (3 ) KDF函数输出 256bit的密钥, 由于 UP加密算法需要 使用 128位密钥, 因此截取 KDF输出的 256bit的低 128bit为 Kgupenc。 如图 6所示,图 6为根据本发明实施例的根据 Kgenb生成 Kgrrcenc的流程示意图。 在图 6中, 其中用到的入参是 RRC加密算法 Alg, 组 id, 以及随机数 Rand, 其中使 用的各参数如下: (l ) KDF函数输入密钥为 Kgenb ; (2)构造字节串 s的各参数分别 为: FC = 0x15 参数 p0 = Alg-ID, 加密算法标识, 使用 EEA0算法时为 0x00,使用 128-EEA1算法时为 0x01, 使用 128-EEA2算法时为 0x02 ; 参数 L0 = 0x00 0x01; 参 数 pi = RRC-enc-alg, 0x03; 参数 LI = 0x00 0x01; p2 = GID, 组标识 ,64bit; L2 = 0x00,0x08; p3 = Rand,; L3 = 0x00 0x04 (3 ) KDF函数输出 256bit的密钥, 由于 UP 加密算法需要使用 128位密钥, 因此截取 KDF输出的 256bit的低 128bit为 Kgrrcenc。 如图 7所示,图 7为根据本发明实施例的根据 Kgenb生成 Kgrrcint的流程示意图。 在图 7中, 其中用到的入参是 RRC完整性保护算法 Alg, 组 id, 以及随机数 Rand, 其中使用的各参数如下: (1 ) KDF函数输入密钥为 Kgenb ; (2)构造字节串 s的各参 数分别为: FC = 0xl5参数 pO = Alg-ID, 加密算法标识, 使用 EEA0算法时为 0x00,使 用 128-EEA1算法时为 0x01, 使用 128-EEA2算法时为 0x02 ; 参数 L0 = 0x00 0x01; 参数 pi = RRC-int-alg, 0x04; 参数 LI = 0x00 0x01; p2 = GID, 组标识 ,64bit; L2 = 0x00,0x08; p3 = Rand; L3 = 0x00 0x04 (3 ) KDF函数输出 256bit的密钥, 由于 UP加 密算法需要使用 128位密钥, 因此截取 KDF输出的 256bit的低 128bit为 Kgrrcint。 S106: Generate a second key according to the foregoing intermediate parameter. The second key is generated according to the intermediate parameter, and the second key includes: a third subkey used for signaling decryption and integrity protection of the TGCCH, and a data decryption for TGTCH. Four subkeys. In this embodiment, the third subkey may be specifically: Kgrrcint, Kgrrcenc, and the fourth subkey may be specifically: Kgupenc. As shown in FIG. 5, FIG. 5 is a schematic flowchart of generating Kgupenc according to Kgenb according to an embodiment of the present invention. In Figure 5, the input parameters used are the UP encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kgenb; (2) Constructing a byte string The parameters of s are: FC = 0x15 parameter p0 = Alg-ID, encryption algorithm identification, 0x00 when using EEA0 algorithm, 0x01 when using 128-EEA1 algorithm, 0x02 when using 128-EEA2 algorithm; parameter L0 = 0x00 0x01; Parameter pi = UP-enc-alg, 0x05; Parameter LI = 0x00 0x01; p2 = GID, group identification, 64bit; L2 = 0x00, 0x08; p3 = Rand; L3 = 0x00 0x04 (3) KDF function output 256bit Key, since the UP encryption algorithm needs to use a 128-bit key, the 256-bit low 128-bit that intercepts the KDF output is Kgupenc. As shown in FIG. 6, FIG. 6 is a schematic flowchart of generating Kgrrcenc according to Kgenb according to an embodiment of the present invention. In Figure 6, the input parameters used are the RRC encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kgenb; (2) Constructing a byte string The parameters of s are: FC = 0x15 Parameter p0 = Alg-ID, encryption algorithm identification, 0x00 when using EEA0 algorithm, 0x01 when using 128-EEA1 algorithm, 0x02 when using 128-EEA2 algorithm; parameter L0 = 0x00 0x01; Parameter pi = RRC-enc-alg, 0x03; Parameter LI = 0x00 0x01; p2 = GID, group identification, 64bit; L2 = 0x00, 0x08; p3 = Rand,; L3 = 0x00 0x04 (3) KDF function output 256bit The key, because the UP encryption algorithm needs to use a 128-bit key, so the 256-bit low 128-bit of the KDF output is Kgrrcenc. As shown in FIG. 7, FIG. 7 is a schematic flowchart of generating Kgrrcint according to Kgenb according to an embodiment of the present invention. In Figure 7, the input parameters used are the RRC integrity protection algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kgenb; (2) Construct word The parameters of the section string s are: FC = 0xl5 parameter pO = Alg-ID, encryption algorithm identifier, 0x00 when using EEA0 algorithm, 0x01 when using 128-EEA1 algorithm, 0x02 when using 128-EEA2 algorithm; parameter L0 = 0x00 0x01; Parameter pi = RRC-int-alg, 0x04; Parameter LI = 0x00 0x01; p2 = GID, group identification, 64bit; L2 = 0x00, 0x08; p3 = Rand; L3 = 0x00 0x04 (3) KDF function output The 256-bit key, because the UP encryption algorithm needs to use a 128-bit key, so the 256-bit low 128-bit of the KDF output is Kgrrcint.
S108: 根据上述第二密钥对来自 TGCCH和 TGTCH的数据进行解密和完整性保 护。 在上述步骤 S102至步骤 S108执行完毕之后, 开始接收 TGCCH和 TGTCH信道 的信令和数据, 进行正常的集群业务。 其中 TGCCH 信道的信令用公共安全密钥 Kgrrcenc, Kgrrcint进行解密和完整性保护, TGTCH的用户面数据由密钥 Kgupenc进 行解密, 并在上述组呼结束后, 保留上述根密钥, 并删除上述随机数、 上述第一密钥 和上述第二密钥。 在本实施例中涉及到的解密过程: 即在对上述数据进行解密过程中, 是对上述群 组内的终端所接收的数据采用相同的计数 Count值进行解密。 在现有的 LTE系统中, 用户解密需要用到一个 count值, count=hfn+sn, 每当 sn 翻转的时候 hfn递增 1。而在本申请实施例中,为了使得不同时间接入的用户都能成功 解密, 设计成固化 hfn, sn翻转的时候, 不递增 hfn的方式。 从而使得先接入和迟后接 入的用户都可以正确解密用户面数据。 为了更好的理解上述解密过程, 图 8为根据本发明实施例的稳态数据的解密原理 图。如图 8所示, 基于图 8所示的原理, 可以采用以下处理步骤对稳态数据进行解密。 步骤一:获取相应的 key值, BRARER值,数据长度 length,加解密方向 direction, 以及 count值(其中 count值 =hfn + sn, 由于 sn翻转不递增 hfn, 所以各个终端都能通 过接收 e B的数据包而计算出同样的 count值)。 步骤二: 通过加密算法得到密钥流块。 步骤三: 将待加密的数据码流和生成的密钥流块进行加密处理。 通过上述各个步骤, 通过在群组内的终端发起组呼时, 根据从网络侧接收到的随 机数以及预先从网络侧获取的根密钥,生成用于非接入层 NAS解密和完整性保护的第 一密钥以及用于生成来自集群控制信道 TGCCH和集群业务信道 TGTCH信道的数据 进行解密和完整性保护的第二密钥的中间参数的技术方案, 解决了相关技术中, 不支 持终端在下行公共信道上, 针对点对多这种集群业务, 实现多用户的安全的问题。 从 而实现了集群 UE端下行公共信道的安全机制。 本发明实施例提供的随机数在寻呼中 携带, 用途是为了使每次组呼都能生成不同的密钥。 为了更好的理解上述集群通信公共安全的实现过程, 图 9为根据本发明优选实施 例的集群系统的架构图。 如图 9所示, 主要包括以下步骤一至三。 步骤一: 核心网通过组信息更新过程将各个组对应的 Kg发给终端。 步骤二: 某个组发起组呼, 网侧将生成一个随机数, 通过寻呼下发给该组的终端S108: Decrypt and integrity protect data from the TGCCH and the TGTCH according to the second key. After the execution of the above steps S102 to S108 is completed, the signaling and data of the TGCCH and TGTCH channels are started to be received, and normal cluster services are performed. The signaling of the TGCCH channel is decrypted and integrity protected by the public security keys Kgrrcenc, Kgrrcint, and the user plane data of the TGTCH is decrypted by the key Kgupenc, and after the group call ends, the root key is retained, and the above is deleted. a random number, the first key described above, and the second key. The decryption process involved in this embodiment: that is, in the process of decrypting the above data, the data received by the terminal in the group is decrypted by using the same count Count value. In the existing LTE system, the user decryption needs to use a count value, count=hfn+sn, and hfn is incremented by 1 each time the sn is flipped. In the embodiment of the present application, in order to enable users who access at different times to successfully decrypt, the design is to cure hfn, and when the sn is flipped, the hfn is not incremented. Therefore, the user who accesses first and later access can correctly decrypt the user plane data. In order to better understand the above decryption process, FIG. 8 is a schematic diagram of decryption of steady state data according to an embodiment of the present invention. As shown in FIG. 8, based on the principle shown in FIG. 8, the following processing steps can be used to decrypt the steady state data. Step 1: Obtain the corresponding key value, BRARER value, data length length, encryption and decryption direction direction, and count value (where count value = hfn + sn, since the sn flip does not increment hfn, each terminal can receive e B by receiving The same count value is calculated for the data packet). Step 2: Obtain a key stream block by using an encryption algorithm. Step 3: Encrypt the data stream to be encrypted and the generated key stream block. Through the above steps, when the group call is initiated by the terminal in the group, the non-access layer NAS decryption and integrity protection are generated according to the random number received from the network side and the root key acquired from the network side in advance. The first key and the technical solution for generating the intermediate parameters of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel are solved, and the related art does not support the terminal in On the downlink common channel, the problem of multi-user security is achieved for point-to-multiple cluster services. Thereby, the security mechanism of the downlink common channel of the cluster UE is realized. The random number provided by the embodiment of the present invention is carried in the paging, and the purpose is to enable each group call to generate a different key. In order to better understand the implementation process of the above-mentioned cluster communication public security, FIG. 9 is an architectural diagram of a cluster system according to a preferred embodiment of the present invention. As shown in FIG. 9, the following steps 1 to 3 are mainly included. Step 1: The core network sends the Kg corresponding to each group to the terminal through the group information update process. Step 2: A group initiates a group call, and the network side generates a random number, which is sent to the terminal of the group through paging.
( UE, User Equipment )。 步骤三:终端通过随机数 GroupCallRand和 Kg以及固化的安全算法计算出相应的 各个 key值, 用于完整性保护和解密。 其中, 随机数 GroupCallRand的设计: 对同一个组的多次组呼, Kg是不变的, 为 了不被轻易破解, 需要使得每次发起该组组呼, 能有不同的密钥, 本发明实施例提供 的随机数在寻呼中携带,用途是为了使每次组呼都能生成不同的密钥。需要说明的是, 在图 9中 PDS为 Personal Digital System的简称,可译为个人数字系统, PHS为 Personal Handy phone System的简称, 可译为手持电话系统, e B为 E-UTRAN NodeB的简称, 可译为演进型基站。 在本实施例中还提供了一种集群通信公共安全的实现装置, 用于实现上述实施例 及优选实施方式, 已经进行过说明的不再赘述, 下面对该装置中涉及到的模块进行说 明。 如以下所使用的, 术语"模块"可以实现预定功能的软件和 /或硬件的组合。 尽管以 下实施例所描述的装置较佳地以软件来实现, 但是硬件, 或者软件和硬件的组合的实 现也是可能并被构想的。图 10为根据本发明实施例的集群通信公共安全的实现装置的 结构图。 如图 10所示, 该装置包括: 接收模块 102、 第一生成模块 104、 第二生成模 块 106和处理模块 108。 下面分别对各个模块进行描述。 接收模块 102, 设置为在群组内的终端发起组呼时, 接收来自网络侧的随机数。 本发明实施例对上述技术方案的进一步改进在于, 接收模块 102还设置为根据上 述中间参数利用 KDF算法生成上述第二密钥。 第一生成模块 104, 与接收模块 102连接, 设置为根据上述随机数以及预先从网 络侧获取的根密钥生成中间参数,以及设置为非接入层 NAS解密和完整性保护的第一 密钥。 第二生成模块 106, 与第一生成模块 104连接, 设置为根据所述中间参数生成第 二密钥。 处理模块 108,与第二生成模块 106连接,设置为根据上述第二密钥对来自 TGCCH 和 TGTCH的数据进行解密和完整性保护。 在本实施例中, 如图 11所示, 接收模块 102还可以包括: 接收单元 1022, 设置 为接收上述网络侧的寻呼消息; 获取单元 1024, 与接收单元 1022连接, 设置为从上 述寻呼消息中获取上述随机数。 通过上述各个步骤, 通过在群组内的终端发起组呼时, 第一生成模块 104根据接 收模块 102从网络侧接收到的随机数以及预先从网络侧获取的根密钥, 生成用于非接 入层 NAS解密和完整性保护的第一密钥以及处理模块 108根据第二生成模块 106生成 第二密钥对来自集群控制信道 TGCCH和集群业务信道 TGTCH信道的数据进行解密 和完整性保护的中间参数的技术方案, 解决了相关技术中, 不支持终端在下行公共信 道上, 针对点对多这种集群业务, 实现多用户的安全的问题。 从而实现了集群 UE端 下行公共信道的安全机制。 本发明实施例提供的随机数在寻呼中携带, 用途是为了使 每次组呼都能生成不同的密钥。 综上所述, 本发明实施例提供的上述技术方案达到了以下效果: 解决了相关技术 中, 不支持终端在下行公共信道上, 针对点对多这种集群业务, 实现多用户的安全的 问题。 从而实现了集群 UE端下行公共信道的安全机制。 本发明实施例提供的随机数 在寻呼中携带, 用途是为了使每次组呼都能生成不同的密钥。 显然, 本领域的技术人员应该明白, 上述的本发明的各装置或各步骤可以用通用 的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多个计算装置所 组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码来实现, 从而, 可以 将它们存储在存储装置中由计算装置来执行, 并且在某些情况下, 可以以不同于此处 的顺序执行所示出或描述的步骤, 或者将它们分别制作成各个集成电路模块, 或者将 它们中的多个模块或步骤制作成单个集成电路模块来实现。 这样, 本发明不限制于任 何特定的硬件和软件结合。 以上仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域的技术人 员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的任何 修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 工业实用性 本发明实施例中, 当群组内的终端发起组呼时, 根据从网络侧接收到的随机数以 及预先从网络侧获取的根密钥,生成用于非接入层 NAS解密和完整性保护的第一密钥 以及用于生成来自集群控制信道 TGCCH和集群业务信道 TGTCH信道的数据进行解 密和完整性保护的第二密钥的中间参数的技术方案, 解决了相关技术中, 不支持终端 在下行公共信道上, 针对点对多这种集群业务, 实现多用户的安全的问题。 从而实现 了集群 UE端下行公共信道的安全机制。 因此, 具有工业实用性。 (UE, User Equipment). Step 3: The terminal calculates corresponding key values for the integrity protection and decryption by using the random numbers GroupCallRand and Kg and the solidified security algorithm. The design of the random number GroupCallRand: Kg is unchanged for multiple group calls of the same group. In order not to be easily cracked, it is required to have different keys every time the group call is initiated, and the present invention is implemented. The random number provided by the example is carried in the paging, and the purpose is to enable each group call to generate a different key. It should be noted that, in FIG. 9, the PDS is an abbreviation of Personal Digital System, which can be translated into a personal digital system, PHS is an abbreviation of Personal Handy phone System, and can be translated into a handheld telephone system, and e B is an abbreviation of E-UTRAN NodeB. Can be translated into an evolved base station. In this embodiment, a device for implementing the public communication of the cluster communication is also provided, which is used to implement the above-mentioned embodiments and preferred embodiments. The descriptions of the modules involved in the device are described below. . As used hereinafter, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and conceivable. FIG. 10 is a structural diagram of an apparatus for implementing cluster communication public security according to an embodiment of the present invention. As shown in FIG. 10, the apparatus includes: a receiving module 102, a first generating module 104, a second generating module 106, and a processing module 108. The respective modules are described below. The receiving module 102 is configured to receive a random number from the network side when the terminal in the group initiates the group call. A further improvement of the foregoing technical solution in the embodiment of the present invention is that the receiving module 102 is further configured to generate the second key by using a KDF algorithm according to the intermediate parameter. The first generation module 104 is connected to the receiving module 102, and is configured to generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key set as a non-access stratum NAS decryption and integrity protection. . The second generation module 106 is connected to the first generation module 104 and configured to generate a second key according to the intermediate parameter. The processing module 108 is coupled to the second generation module 106 and configured to decrypt and integrity protect data from the TGCCH and the TGTCH according to the second key. In this embodiment, as shown in FIG. 11, the receiving module 102 may further include: a receiving unit 1022, configured to receive a paging message on the network side; an obtaining unit 1024, connected to the receiving unit 1022, configured to be from the paging Obtain the above random number in the message. When the group call is initiated by the terminal in the group, the first generation module 104 generates a non-connection according to the random number received by the receiving module 102 from the network side and the root key acquired in advance from the network side. The first key of the inbound NAS decryption and integrity protection and the processing module 108 generate a second key according to the second generation module 106 to decrypt and secure the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel. The technical solution of the parameter solves the problem in the related art that the terminal is not supported on the downlink common channel, and the multi-user security is realized for the point-to-multiple cluster service. Thereby, the security mechanism of the downlink common channel of the cluster UE is realized. The random number provided by the embodiment of the present invention is carried in the paging, and the purpose is to enable each group call to generate a different key. In summary, the foregoing technical solutions provided by the embodiments of the present invention achieve the following effects: The related art does not support the problem that the terminal does not support the cluster service on the downlink common channel and achieves multi-user security. . Thereby, the security mechanism of the downlink common channel of the cluster UE is realized. The random number provided by the embodiment of the present invention is carried in the paging, and the purpose is to enable each group call to generate a different key. Obviously, those skilled in the art should understand that the above-mentioned devices or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. Perform the steps shown or described, or separate them into individual integrated circuit modules, or Multiple of these modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention. Industrial Applicability In the embodiment of the present invention, when a terminal in a group initiates a group call, according to a random number received from the network side and a root key acquired in advance from the network side, the NAS decryption and the non-access layer are generated. The first key of the integrity protection and the technical solution for generating the intermediate parameters of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel are solved in the related art, Supporting the terminal to achieve multi-user security for point-to-multiple cluster services on the downlink common channel. Thereby, the security mechanism of the downlink common channel of the cluster UE is realized. Therefore, it has industrial applicability.

Claims

权 利 要 求 书 Claim
1. 一种集群通信公共安全的实现方法, 包括: 1. A method for implementing public communication of cluster communication, comprising:
当群组内的终端发起组呼时, 接收来自网络侧的随机数;  When a terminal in the group initiates a group call, receiving a random number from the network side;
根据所述随机数以及预先从网络侧获取的根密钥生成中间参数, 以及用于 非接入层 NAS解密和完整性保护的第一密钥;  Generating an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key for non-access stratum NAS decryption and integrity protection;
根据所述中间参数生成第二密钥;  Generating a second key according to the intermediate parameter;
根据所述第二密钥对来自集群控制信道 TGCCH和集群业务信道 TGTCH 的数据进行解密和完整性保护。  The data from the cluster control channel TGCCH and the trunked traffic channel TGTCH is decrypted and integrity protected according to the second key.
2. 根据权利要求 1所述的方法, 其中, 根据所述中间参数生成第二密钥, 包括: 根据所述中间参数利用密钥分割算法 KDF算法生成所述第二密钥。 2. The method according to claim 1, wherein generating the second key according to the intermediate parameter comprises: generating the second key by using a key segmentation algorithm KDF algorithm according to the intermediate parameter.
3. 根据权利要求 1所述的方法, 其中, 接收来自网络侧的随机数, 包括: 3. The method according to claim 1, wherein receiving a random number from the network side comprises:
接收所述网络侧的寻呼消息;  Receiving a paging message on the network side;
从所述寻呼消息中获取所述随机数。  Obtaining the random number from the paging message.
4. 根据权利要求 1所述的方法, 其中, 4. The method according to claim 1, wherein
所述第一密钥, 包括: 用于 NAS解密的第一子密钥、 用于 NAS完整性保 护的第二子密钥; 和 /或  The first key includes: a first subkey for NAS decryption, a second subkey for NAS integrity protection; and/or
所述第二密钥, 包括: 用于 TGCCH的信令解密和完整性保护的第三子密 钥、 用于 TGTCH的数据解密的第四子密钥。  The second key includes: a third sub-key for signaling decryption and integrity protection of TGCCH, and a fourth sub-key for data decryption of TGTCH.
5. 根据权利要求 1所述的方法, 其中, 还包括: 5. The method according to claim 1, further comprising:
在所述组呼结束后, 保留所述根密钥, 并删除所述随机数、 所述第一密钥 和所述第二密钥。  After the group call ends, the root key is retained, and the random number, the first key, and the second key are deleted.
6. 根据权利要求 1至 5任一项所述的方法, 其中, 所述方法还包括: 在对所述数据进行解密过程中, 对所述群组内的终端所接收的数据采用相 同的计数 Count值进行解密。 The method according to any one of claims 1 to 5, wherein the method further comprises: using the same count for data received by terminals in the group during decryption of the data The Count value is decrypted.
7. 根据权利要求 1至 5任一项所述的方法, 其中, 还包括: 在所述终端发起组呼之前, 接收网络侧发送的所述根密钥。 一种集群通信公共安全的实现装置, 包括: The method according to any one of claims 1 to 5, further comprising: Before the terminal initiates the group call, receiving the root key sent by the network side. A device for implementing public communication of cluster communication, comprising:
接收模块,设置为在群组内的终端发起组呼时,接收来自网络侧的随机数; 第一生成模块, 设置为根据所述随机数以及预先从网络侧获取的根密钥生 成中间参数, 以及设置为非接入层 NAS解密和完整性保护的第一密钥;  The receiving module is configured to receive a random number from the network side when the terminal in the group initiates the group call, and the first generating module is configured to generate an intermediate parameter according to the random number and the root key acquired in advance from the network side, And a first key set to non-access stratum NAS decryption and integrity protection;
第二生成模块, 设置为根据所述中间参数生成第二密钥;  a second generating module, configured to generate a second key according to the intermediate parameter;
处理模块, 设置为根据所述第二密钥对来自集群控制信道 TGCCH和集群 业务信道 TGTCH的数据进行解密和完整性保护。 根据权利要求 8所述的装置, 其中, 所述第二生成模块还设置为根据所述中间 参数利用 KDF算法生成所述第二密钥。 根据权利要求 8所述的装置, 其中, 所述接收模块, 包括:  The processing module is configured to decrypt and integrity protect data from the cluster control channel TGCCH and the cluster traffic channel TGTCH according to the second key. The apparatus according to claim 8, wherein the second generation module is further configured to generate the second key using a KDF algorithm according to the intermediate parameter. The device according to claim 8, wherein the receiving module comprises:
接收单元, 设置为接收所述网络侧的寻呼消息;  a receiving unit, configured to receive a paging message on the network side;
获取单元, 设置为从所述寻呼消息中获取所述随机数。  And an obtaining unit, configured to obtain the random number from the paging message.
PCT/CN2014/078185 2013-12-20 2014-05-22 Trunking group communication public security implementation method and device WO2014180390A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310714496.4 2013-12-20
CN201310714496.4A CN104735626A (en) 2013-12-20 2013-12-20 Achieving method and device for trunking group communication public security

Publications (2)

Publication Number Publication Date
WO2014180390A2 true WO2014180390A2 (en) 2014-11-13
WO2014180390A3 WO2014180390A3 (en) 2014-12-24

Family

ID=51867811

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/078185 WO2014180390A2 (en) 2013-12-20 2014-05-22 Trunking group communication public security implementation method and device

Country Status (2)

Country Link
CN (1) CN104735626A (en)
WO (1) WO2014180390A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112954610A (en) * 2019-11-22 2021-06-11 成都鼎桥通信技术有限公司 Group signaling transmission method and device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107529159B (en) * 2016-06-22 2020-10-02 南京中兴软件有限责任公司 Access layer encryption, decryption and integrity protection method and device for broadband cluster downlink shared channel and security implementation method
CN107820221B (en) * 2016-09-12 2020-02-11 大唐移动通信设备有限公司 Cluster group call service encryption method and cluster core network
CN109729522A (en) * 2017-10-27 2019-05-07 普天信息技术有限公司 Eat dishes without rice or wine encryption method and device under fail soft mode

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300167A (en) * 2010-06-23 2011-12-28 中兴通讯股份有限公司 Method and system for realizing fail soft
CN102625300A (en) * 2011-01-28 2012-08-01 华为技术有限公司 Generation method and device for key
CN103369523A (en) * 2013-07-18 2013-10-23 成都鼎桥通信技术有限公司 Method for improving cluster downlink safety

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100466501C (en) * 2003-09-04 2009-03-04 华为技术有限公司 Method for producing long code mask for cluster service
CN100456669C (en) * 2003-09-22 2009-01-28 华为技术有限公司 Method of distributing group secret keys
CN102291680B (en) * 2010-06-18 2013-12-25 普天信息技术研究院有限公司 Encrypted group calling method based on long term evolution (TD-LTE) trunking communication system
CN102572819B (en) * 2010-12-22 2015-05-13 华为技术有限公司 Method, device and system for generating secret key
CN103297958B (en) * 2012-02-22 2017-04-12 华为技术有限公司 Security context establishing method, device and system
CN103179558B (en) * 2012-09-20 2016-06-22 中兴通讯股份有限公司 Group system group exhales encryption implementation method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300167A (en) * 2010-06-23 2011-12-28 中兴通讯股份有限公司 Method and system for realizing fail soft
CN102625300A (en) * 2011-01-28 2012-08-01 华为技术有限公司 Generation method and device for key
CN103369523A (en) * 2013-07-18 2013-10-23 成都鼎桥通信技术有限公司 Method for improving cluster downlink safety

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112954610A (en) * 2019-11-22 2021-06-11 成都鼎桥通信技术有限公司 Group signaling transmission method and device
CN112954610B (en) * 2019-11-22 2022-07-26 成都鼎桥通信技术有限公司 Group signaling transmission method and device

Also Published As

Publication number Publication date
CN104735626A (en) 2015-06-24
WO2014180390A3 (en) 2014-12-24

Similar Documents

Publication Publication Date Title
CN106936570B (en) Key configuration method, key management center and network element
US10397775B2 (en) Key exchange method and apparatus
US11856402B2 (en) Identity-based message integrity protection and verification for wireless communication
US10455414B2 (en) User-plane security for next generation cellular networks
US20190141524A1 (en) Transmission Data Protection System, Method, and Apparatus
CN109874139B (en) Anchor key generation method, device and system
AU2007292553B2 (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
CN108012264B (en) Encrypted IMSI based scheme for 802.1x carrier hotspot and Wi-Fi call authentication
US20100054472A1 (en) Integrity protection and/or ciphering for ue registration with a wireless network
JP5855127B2 (en) Method and apparatus for encrypting short text data in a wireless communication system
WO2011163073A1 (en) Secure node admission in a communication network
WO2020248624A1 (en) Communication method, network device, user equipment and access network device
JP2012217207A (en) Exchange of key material
WO2013185735A2 (en) Encryption realization method and system
WO2012024906A1 (en) Mobile communication system and voice call encryption method thereof
US20200275268A1 (en) Communication method and communications apparatus
WO2014131356A1 (en) Method, system, and terminal for hierarchical management of group keys of broadband cluster system
WO2012071846A1 (en) Method and system for encrypting short message
WO2014180390A2 (en) Trunking group communication public security implementation method and device
US20190149326A1 (en) Key obtaining method and apparatus
WO2022027476A1 (en) Key management method and communication apparatus
WO2022134089A1 (en) Method and apparatus for generating security context, and computer-readable storage medium
CN117546441A (en) Secure communication method and device, terminal equipment and network equipment
WO2022237561A1 (en) Communication method and apparatus
WO2017174467A1 (en) A method for updating a long-term key used to protect communications between a network and a remote device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14794804

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14794804

Country of ref document: EP

Kind code of ref document: A2