WO2014180390A2 - Procédé et dispositif de mise en oeuvre de sécurité publique dans la communication de groupe - Google Patents

Procédé et dispositif de mise en oeuvre de sécurité publique dans la communication de groupe Download PDF

Info

Publication number
WO2014180390A2
WO2014180390A2 PCT/CN2014/078185 CN2014078185W WO2014180390A2 WO 2014180390 A2 WO2014180390 A2 WO 2014180390A2 CN 2014078185 W CN2014078185 W CN 2014078185W WO 2014180390 A2 WO2014180390 A2 WO 2014180390A2
Authority
WO
WIPO (PCT)
Prior art keywords
key
random number
network side
group
decryption
Prior art date
Application number
PCT/CN2014/078185
Other languages
English (en)
Chinese (zh)
Other versions
WO2014180390A3 (fr
Inventor
潘磊
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014180390A2 publication Critical patent/WO2014180390A2/fr
Publication of WO2014180390A3 publication Critical patent/WO2014180390A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1813Arrangements for providing special services to substations for broadcast or conference, e.g. multicast for computer conferences, e.g. chat rooms
    • H04L12/1818Conference organisation arrangements, e.g. handling schedules, setting up parameters needed by nodes to attend a conference, booking network resources, notifying involved parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/15Aspects of automatic or semi-automatic exchanges related to dial plan and call routing
    • H04M2203/152Temporary dial plan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/609Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/50Centralised arrangements for answering calls; Centralised arrangements for recording messages for absent or busy subscribers ; Centralised arrangements for recording messages
    • H04M3/51Centralised call answering arrangements requiring operator intervention, e.g. call or contact centers for telemarketing
    • H04M3/5116Centralised call answering arrangements requiring operator intervention, e.g. call or contact centers for telemarketing for emergency applications

Definitions

  • the present invention relates to the field of communications, and more particularly to a method and apparatus for implementing public security of trunking communications.
  • BACKGROUND In an existing LTE system, a downlink public broadcast channel is not secured, and a dedicated channel has its own unique security parameters. However, due to the special needs of the cluster, multiple users in the same group need to listen to a common channel together, so multiple security parameters are required to be synchronized. At present, the related technologies do not support the problem that the terminal is on the downlink common channel and implements the multi-user security for the point-to-multiple cluster service. Currently, no effective solution has been proposed.
  • the present invention provides a method and an apparatus for public communication of a cluster communication, so as to at least solve the problem in the related art that the terminal does not support the multi-user security for the point-to-multiple cluster service on the downlink common channel.
  • a method for implementing public security of a trunking communication including: when a terminal in a group initiates a group call, receiving a random number from a network side; And a root key generated in advance from the network side to generate an intermediate parameter, and a first key for non-access stratum (Non-Access Stratum, NAS) decryption and integrity protection; generating a second according to the intermediate parameter Keys: Decrypt and integrity protect data from a trunk control group control channel (TCCCH) and a trunking group traffic channel (TGTCH) according to the second key.
  • TCCH trunk control group control channel
  • TGTCH trunking group traffic channel
  • generating the second key according to the intermediate parameter comprises: generating the second key according to the intermediate parameter by using a Key Distribution Algorithm (KDF) algorithm.
  • KDF Key Distribution Algorithm
  • receiving the random number from the network side comprising: receiving a paging message on the network side; and acquiring the random number from the paging message.
  • the first key includes: a first subkey for NAS decryption, a second subkey for NAS integrity protection; and/or the second key, including: A third subkey of signaling decryption and integrity protection of TGCCH, a fourth subkey for data decryption of TGTCH.
  • the method further includes: after the group call ends, retaining the root key, and deleting the random number, the first key, and the second key.
  • the method further includes: in decrypting the data, decrypting data received by the terminal in the group by using the same Count value.
  • the method further includes: receiving, before the terminal initiates the group call, the root key sent by the network side.
  • a device for implementing public security of a trunking communication including: a receiving module, configured to receive a random time from a network side when a terminal in a group initiates a group call a first generation module, configured to generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key set to non-access stratum NAS decryption and integrity protection; second generation a module, configured to generate a second key according to the intermediate parameter; and a processing module configured to decrypt and integrity protect data from the cluster control channel TGCCH and the cluster traffic channel TGTCH according to the second key.
  • the second generating module is further configured to generate the second key by using a KDF algorithm according to the intermediate parameter.
  • the receiving module includes: a receiving unit, configured to receive a paging message on the network side; and an acquiring unit, configured to acquire the random number from the paging message.
  • the first key and the technical solution for generating the intermediate parameter of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel solve the related art, and do not support the terminal in the downlink On the common channel, the problem of multi-user security is achieved for point-to-multiple cluster services. Therefore, the security mechanism of the downlink common channel of the user equipment (User Equipment, UE for short) is implemented.
  • User Equipment User Equipment
  • FIG. 1 is a flowchart of a method for implementing public communication of trunking communication according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention
  • 3 is a schematic flowchart of generating Kgnasint according to a root key Kg according to an embodiment of the present invention
  • FIG. 1 is a flowchart of a method for implementing public communication of trunking communication according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention
  • 3 is a schematic flowchart of generating Kgnasint according to a root key Kg according to an embodiment of the present invention
  • FIG. 1 is a flowchart of a method for implementing public communication of trunking communication according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of generating Kgnasenc
  • FIG. 4 is a schematic flowchart of generating Kgenb according to a root key Kg according to an embodiment of the present invention
  • FIG. FIG. 6 is a flow chart of generating Kgrrcenc according to Kgenb according to an embodiment of the present invention
  • FIG. 7 is a schematic flowchart of generating Kgrrcint according to Kgenb according to an embodiment of the present invention
  • FIG. 8 is a schematic diagram of generating Kgrrcint according to Kgenb according to an embodiment of the present invention
  • FIG. 9 is a structural diagram of a cluster system according to a preferred embodiment of the present invention.
  • FIG. 10 is a structural diagram of a cluster communication public security implementation apparatus according to an embodiment of the present invention.
  • BEST MODE FOR CARRYING OUT THE INVENTION the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
  • FIG. 1 is a flowchart of a method for implementing cluster communication public security according to an embodiment of the present invention. As shown in FIG. 1, the method includes: Steps S102 to S108.
  • the method may further include the following steps: the terminal starts the registration, and the network side initiates the group information update and receives.
  • the root key provided by the embodiment of the present invention is different from the existing LTE system.
  • the root key Kg is solidified in the SIM card.
  • the root key provided by the embodiment of the present invention has the same root key Kg for the users of the same group, and therefore cannot be solidified in the SIM card. Instead, it is carried to each terminal through NAS signaling.
  • the NAS signaling is LTE security protected, so it is secure.
  • receiving the random number from the network side may include: receiving the paging message on the network side; and acquiring the random number from the paging message.
  • S104 Generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key used for NAS decryption and integrity protection.
  • the first key may include: a first subkey for NAS decryption, and a second subkey for NAS integrity protection.
  • the first subkey and the second subkey in the first key determined according to the random number and the root key may be specifically: K value Kgnasenc used for NAS layer encryption and decryption and The K value Kgnasint for the integrity protection of the NAS layer; the above intermediate parameter may be specifically: a K value Kgenb for further generating an air interface key. As shown in FIG. 2, FIG.
  • FIG. 2 is a schematic flowchart of generating Kgnasenc according to a root key Kg according to an embodiment of the present invention.
  • the input parameters used are the NAS encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1)
  • the KDF function input key is Kg; (2) Constructing a byte string
  • p2 GID, group identification, 64bit;
  • L2 0x00 0x08;
  • FIG. 3 is a schematic flowchart of generating Kgnasint according to the root key Kg according to an embodiment of the present invention.
  • the input parameters used are the NAS integrity protection algorithm Alg, the group ID, and the random number Rand, where the parameters used are as follows: (1)
  • the KDF function input key is Kg; (2) Construct word
  • FIG. 4 is a root key Kg according to an embodiment of the present invention. A schematic diagram of the process of generating Kgenb.
  • S106 Generate a second key according to the foregoing intermediate parameter.
  • the second key is generated according to the intermediate parameter, and the second key includes: a third subkey used for signaling decryption and integrity protection of the TGCCH, and a data decryption for TGTCH.
  • the third subkey may be specifically: Kgrrcint, Kgrrcenc
  • the fourth subkey may be specifically: Kgupenc.
  • FIG. 5 is a schematic flowchart of generating Kgupenc according to Kgenb according to an embodiment of the present invention.
  • the input parameters used are the UP encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1)
  • the KDF function input key is Kgenb; (2) Constructing a byte string
  • FIG. 6 is a schematic flowchart of generating Kgrrcenc according to Kgenb according to an embodiment of the present invention.
  • the input parameters used are the RRC encryption algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kgenb; (2) Constructing a byte string
  • Parameter pi RRC-enc-alg, 0x03;
  • Parameter LI 0x00 0x01;
  • p2 GID, group identification, 64bit;
  • L2 0x00, 0x08;
  • FIG. 7 is a schematic flowchart of generating Kgrrcint according to Kgenb according to an embodiment of the present invention.
  • the input parameters used are the RRC integrity protection algorithm Alg, the group id, and the random number Rand, where the parameters used are as follows: (1) The KDF function input key is Kgenb; (2) Construct word
  • S108 Decrypt and integrity protect data from the TGCCH and the TGTCH according to the second key.
  • the signaling and data of the TGCCH and TGTCH channels are started to be received, and normal cluster services are performed.
  • the signaling of the TGCCH channel is decrypted and integrity protected by the public security keys Kgrrcenc, Kgrrcint, and the user plane data of the TGTCH is decrypted by the key Kgupenc, and after the group call ends, the root key is retained, and the above is deleted. a random number, the first key described above, and the second key.
  • the decryption process involved in this embodiment that is, in the process of decrypting the above data, the data received by the terminal in the group is decrypted by using the same count Count value.
  • the design is to cure hfn, and when the sn is flipped, the hfn is not incremented. Therefore, the user who accesses first and later access can correctly decrypt the user plane data.
  • Step 2 Obtain a key stream block by using an encryption algorithm.
  • Step 3 Encrypt the data stream to be encrypted and the generated key stream block.
  • the non-access layer NAS decryption and integrity protection are generated according to the random number received from the network side and the root key acquired from the network side in advance.
  • the first key and the technical solution for generating the intermediate parameters of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel are solved, and the related art does not support the terminal in On the downlink common channel, the problem of multi-user security is achieved for point-to-multiple cluster services. Thereby, the security mechanism of the downlink common channel of the cluster UE is realized.
  • FIG. 9 is an architectural diagram of a cluster system according to a preferred embodiment of the present invention. As shown in FIG. 9, the following steps 1 to 3 are mainly included. Step 1: The core network sends the Kg corresponding to each group to the terminal through the group information update process. Step 2: A group initiates a group call, and the network side generates a random number, which is sent to the terminal of the group through paging.
  • Step 3 The terminal calculates corresponding key values for the integrity protection and decryption by using the random numbers GroupCallRand and Kg and the solidified security algorithm.
  • the design of the random number GroupCallRand: Kg is unchanged for multiple group calls of the same group. In order not to be easily cracked, it is required to have different keys every time the group call is initiated, and the present invention is implemented.
  • the random number provided by the example is carried in the paging, and the purpose is to enable each group call to generate a different key. It should be noted that, in FIG.
  • the PDS is an abbreviation of Personal Digital System, which can be translated into a personal digital system
  • PHS is an abbreviation of Personal Handy phone System, and can be translated into a handheld telephone system
  • e B is an abbreviation of E-UTRAN NodeB.
  • a device for implementing the public communication of the cluster communication is also provided, which is used to implement the above-mentioned embodiments and preferred embodiments. The descriptions of the modules involved in the device are described below. .
  • the term "module" may implement a combination of software and/or hardware of a predetermined function.
  • FIG. 10 is a structural diagram of an apparatus for implementing cluster communication public security according to an embodiment of the present invention.
  • the apparatus includes: a receiving module 102, a first generating module 104, a second generating module 106, and a processing module 108.
  • the respective modules are described below.
  • the receiving module 102 is configured to receive a random number from the network side when the terminal in the group initiates the group call.
  • a further improvement of the foregoing technical solution in the embodiment of the present invention is that the receiving module 102 is further configured to generate the second key by using a KDF algorithm according to the intermediate parameter.
  • the first generation module 104 is connected to the receiving module 102, and is configured to generate an intermediate parameter according to the random number and a root key acquired in advance from the network side, and a first key set as a non-access stratum NAS decryption and integrity protection. .
  • the second generation module 106 is connected to the first generation module 104 and configured to generate a second key according to the intermediate parameter.
  • the processing module 108 is coupled to the second generation module 106 and configured to decrypt and integrity protect data from the TGCCH and the TGTCH according to the second key. In this embodiment, as shown in FIG.
  • the receiving module 102 may further include: a receiving unit 1022, configured to receive a paging message on the network side; an obtaining unit 1024, connected to the receiving unit 1022, configured to be from the paging Obtain the above random number in the message.
  • the first generation module 104 When the group call is initiated by the terminal in the group, the first generation module 104 generates a non-connection according to the random number received by the receiving module 102 from the network side and the root key acquired in advance from the network side.
  • the first key of the inbound NAS decryption and integrity protection and the processing module 108 generate a second key according to the second generation module 106 to decrypt and secure the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel.
  • the technical solution of the parameter solves the problem in the related art that the terminal is not supported on the downlink common channel, and the multi-user security is realized for the point-to-multiple cluster service.
  • the security mechanism of the downlink common channel of the cluster UE is realized.
  • the random number provided by the embodiment of the present invention is carried in the paging, and the purpose is to enable each group call to generate a different key.
  • the foregoing technical solutions provided by the embodiments of the present invention achieve the following effects:
  • the related art does not support the problem that the terminal does not support the cluster service on the downlink common channel and achieves multi-user security. .
  • the security mechanism of the downlink common channel of the cluster UE is realized.
  • the random number provided by the embodiment of the present invention is carried in the paging, and the purpose is to enable each group call to generate a different key.
  • the above-mentioned devices or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. Perform the steps shown or described, or separate them into individual integrated circuit modules, or Multiple of these modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
  • the first key of the integrity protection and the technical solution for generating the intermediate parameters of the second key for decrypting and integrity protection of the data from the cluster control channel TGCCH and the trunk traffic channel TGTCH channel are solved in the related art, Supporting the terminal to achieve multi-user security for point-to-multiple cluster services on the downlink common channel. Thereby, the security mechanism of the downlink common channel of the cluster UE is realized. Therefore, it has industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et dispositif de mise en oeuvre de sécurité publique dans la communication de groupe, ledit procédé comprenant les étapes suivantes : lorsqu'un terminal au sein d'un groupe initie un appel de groupe, la réception d'un nombre aléatoire à partir d'un côté réseau; en conformité avec ledit nombre aléatoire et avec une clé racine obtenue à l'avance à partir du côté réseau, la génération d'un paramètre intermédiaire, et également d'une première clé utilisée pour un décryptage de strate de non-accès (NAS) et une protection de l'intégrité; la génération d'une seconde clé en fonction dudit paramètre intermédiaire; en fonction de la seconde clé, le lancement du décryptage et de la protection de l'intégrité des données venant d'un canal de commande de groupe (TGCCH) et d'un canal de trafic de groupe (TGTCH). La solution technique susmentionnée selon la présente invention résout le problème de l'art antérieur, selon lequel un terminal n'est pas supporté sur un canal partagé de liaison descendante en ce qui concerne un type point à multipoint de trafic de groupe, ce qui permet d'obtenir une sécurité du trafic multi-utilisateur. La présente invention permet de réaliser un mécanisme de sécurité sur des canaux publics liés à la communication de groupe du côté utilisateur.
PCT/CN2014/078185 2013-12-20 2014-05-22 Procédé et dispositif de mise en oeuvre de sécurité publique dans la communication de groupe WO2014180390A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310714496.4 2013-12-20
CN201310714496.4A CN104735626A (zh) 2013-12-20 2013-12-20 集群通信公共安全的实现方法及装置

Publications (2)

Publication Number Publication Date
WO2014180390A2 true WO2014180390A2 (fr) 2014-11-13
WO2014180390A3 WO2014180390A3 (fr) 2014-12-24

Family

ID=51867811

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/078185 WO2014180390A2 (fr) 2013-12-20 2014-05-22 Procédé et dispositif de mise en oeuvre de sécurité publique dans la communication de groupe

Country Status (2)

Country Link
CN (1) CN104735626A (fr)
WO (1) WO2014180390A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112954610A (zh) * 2019-11-22 2021-06-11 成都鼎桥通信技术有限公司 一种群组信令的传输方法和装置

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107529159B (zh) * 2016-06-22 2020-10-02 南京中兴软件有限责任公司 宽带集群下行共享信道的接入层加密、解密、完整性保护方法和装置、安全实现方法
CN107820221B (zh) * 2016-09-12 2020-02-11 大唐移动通信设备有限公司 集群组呼业务加密方法及集群核心网
CN109729522A (zh) * 2017-10-27 2019-05-07 普天信息技术有限公司 故障弱化模式下的空口加密方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300167A (zh) * 2010-06-23 2011-12-28 中兴通讯股份有限公司 一种实现故障弱化的方法和系统
CN102625300A (zh) * 2011-01-28 2012-08-01 华为技术有限公司 密钥生成方法和设备
CN103369523A (zh) * 2013-07-18 2013-10-23 成都鼎桥通信技术有限公司 一种提高群组下行安全性的方法

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100466501C (zh) * 2003-09-04 2009-03-04 华为技术有限公司 一种用于集群业务的长码掩码的生成方法
CN100456669C (zh) * 2003-09-22 2009-01-28 华为技术有限公司 一种进行组密钥分发的方法
CN102291680B (zh) * 2010-06-18 2013-12-25 普天信息技术研究院有限公司 一种基于td-lte集群通信系统的加密组呼方法
CN102572819B (zh) * 2010-12-22 2015-05-13 华为技术有限公司 一种密钥生成方法、装置及系统
CN103297958B (zh) * 2012-02-22 2017-04-12 华为技术有限公司 建立安全上下文的方法、装置及系统
CN103179558B (zh) * 2012-09-20 2016-06-22 中兴通讯股份有限公司 集群系统组呼加密实现方法及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300167A (zh) * 2010-06-23 2011-12-28 中兴通讯股份有限公司 一种实现故障弱化的方法和系统
CN102625300A (zh) * 2011-01-28 2012-08-01 华为技术有限公司 密钥生成方法和设备
CN103369523A (zh) * 2013-07-18 2013-10-23 成都鼎桥通信技术有限公司 一种提高群组下行安全性的方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112954610A (zh) * 2019-11-22 2021-06-11 成都鼎桥通信技术有限公司 一种群组信令的传输方法和装置
CN112954610B (zh) * 2019-11-22 2022-07-26 成都鼎桥通信技术有限公司 一种群组信令的传输方法和装置

Also Published As

Publication number Publication date
WO2014180390A3 (fr) 2014-12-24
CN104735626A (zh) 2015-06-24

Similar Documents

Publication Publication Date Title
CN106936570B (zh) 一种密钥配置方法及密钥管理中心、网元
US11122428B2 (en) Transmission data protection system, method, and apparatus
US10397775B2 (en) Key exchange method and apparatus
US11856402B2 (en) Identity-based message integrity protection and verification for wireless communication
US10455414B2 (en) User-plane security for next generation cellular networks
AU2007292553B2 (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
CN108012264B (zh) 用于802.1x载体热点和Wi-Fi呼叫认证的基于经加密的IMSI的方案
CN110612729B (zh) 锚密钥生成方法、设备以及系统
US20100054472A1 (en) Integrity protection and/or ciphering for ue registration with a wireless network
JP5855127B2 (ja) 無線通信システムにおける短文データの暗号化方法及び装置
WO2020248624A1 (fr) Procédé de communication, dispositif de réseau, équipement utilisateur et dispositif de réseau d'accès
WO2011163073A1 (fr) Admission de nœud sécurisée dans un réseau de communication
JP2012217207A (ja) 鍵マテリアルの交換
WO2013185735A2 (fr) Procédé et système de cryptage
WO2012024906A1 (fr) Système de communication mobile et procédé de chiffrement d'appels vocaux associé
US20200275268A1 (en) Communication method and communications apparatus
WO2014131356A1 (fr) Procédé, système et terminal de gestion hiérarchique de clés de groupes de système de grappes à large bande
WO2012071846A1 (fr) Procédé et système pour chiffrement de message court
WO2014180390A2 (fr) Procédé et dispositif de mise en oeuvre de sécurité publique dans la communication de groupe
CN117546441A (zh) 一种安全通信方法及装置、终端设备、网络设备
US20190149326A1 (en) Key obtaining method and apparatus
WO2022027476A1 (fr) Procédé de gestion de clés et appareil de communication
WO2022134089A1 (fr) Procédé et appareil de génération de contexte de sécurite, et support de stockage lisible par ordinateur
WO2022237561A1 (fr) Procédé et appareil de communication
WO2017174467A1 (fr) Procédé permettant de mettre à jour une clé à long terme utilisée pour protéger des communications entre un réseau et un dispositif distant

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14794804

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14794804

Country of ref document: EP

Kind code of ref document: A2