WO2017054525A1 - Procédé et dispositif de chiffrement d'appel - Google Patents

Procédé et dispositif de chiffrement d'appel Download PDF

Info

Publication number
WO2017054525A1
WO2017054525A1 PCT/CN2016/086444 CN2016086444W WO2017054525A1 WO 2017054525 A1 WO2017054525 A1 WO 2017054525A1 CN 2016086444 W CN2016086444 W CN 2016086444W WO 2017054525 A1 WO2017054525 A1 WO 2017054525A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
call
media
channel
switching center
Prior art date
Application number
PCT/CN2016/086444
Other languages
English (en)
Chinese (zh)
Inventor
高扬
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017054525A1 publication Critical patent/WO2017054525A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0022Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies
    • H04W36/00224Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies between packet switched [PS] and circuit switched [CS] network technologies, e.g. circuit switched fallback [CSFB]
    • H04W36/00226Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies between packet switched [PS] and circuit switched [CS] network technologies, e.g. circuit switched fallback [CSFB] wherein the core network technologies comprise IP multimedia system [IMS], e.g. single radio voice call continuity [SRVCC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface
    • H04W36/144Reselecting a network or an air interface over a different radio air interface technology
    • H04W36/1443Reselecting a network or an air interface over a different radio air interface technology between licensed networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/16Performing reselection for specific purposes
    • H04W36/18Performing reselection for specific purposes for allowing seamless reselection, e.g. soft reselection

Definitions

  • the present application relates to, but is not limited to, the field of communication technologies, and in particular, to a voice continuous VoLTE call encryption method and system.
  • LTE Long Term Evolution
  • users of LTE wireless routing devices can use wireless routing devices to upload and download using faster network speeds.
  • the network architecture of LTE no longer distinguishes between circuit domain and packet domain, and adopts a unified packet domain architecture.
  • traditional circuit domain voice solutions are no longer supported.
  • VoLTE Voice over LTE
  • the voice continuous function means that the VoLTE user initiates or answers the call in the 4G coverage area.
  • the call is switched to 2G/3G (CS (Circuit Switching)) when the VoLTE call cannot be continued.
  • CS Circuit Switching
  • VoLTE call encryption specification there is no requirement for voice continuity of encrypted calls. That is to say, the VoLTE user initiates or receives an encrypted telephone in the 4G coverage area, and the call will be interrupted as the user moves to the non-4G coverage area.
  • the present application provides a VoLTE call encryption method and apparatus for supporting voice continuity.
  • a method for encrypting a call including: receiving a request for creating a circuit switched channel sent by a first terminal that accesses an LTE network to access a 2G/3G network, where the A terminal maintains an encrypted call with a second terminal accessing the LTE network before accessing the 2G/3G network; creating a circuit switched channel with the first terminal according to the request for creating a circuit switched channel, and a media channel between the second terminal; receiving a key sent by the second terminal by using the media channel, where the key is a secret negotiated by the first terminal and the second terminal when talking in an LTE network a key; establishing an encrypted call between the first terminal and the second terminal according to the key.
  • the step of creating a circuit switched channel between the first terminal and a media channel between the second terminal and the second terminal according to the creating a circuit switched channel request comprises: creating a circuit switched channel request according to the Transmitting, by the service continuity application server, a media switching request to the second terminal, and receiving, by the service continuity application server, a media switching response that is sent by the second terminal according to the media switching request; to the first terminal Sending the response message requesting the circuit switched channel request.
  • the media channel configured to receive the key sent by the second terminal is a voice channel, or a dedicated media channel established for transferring a key.
  • the media description portion of the media switch request includes a dedicated media stream description.
  • the step of establishing an encrypted call between the first terminal and the second terminal according to the key comprises: sending the key to a media gateway, where the media gateway is configured according to the secret
  • the key decrypts, formats, and encrypts the encrypted media stream sent by the received first terminal or the second terminal, and sends the encrypted media stream to the destination terminal.
  • the method further includes: when receiving the key sent by the second terminal fails, sending, by the mobility management entity, the call release information initiated by the second terminal to the first terminal.
  • a call encryption method is further provided in the embodiment of the present invention, including: when switching from accessing an LTE network to accessing a 2G/3G network, sending a request for creating a circuit switched channel to the enhanced mobile switching center, Created by the enhanced mobile switching center and the enhanced mobile Circuit switching channels between the centers; wherein, before accessing the 2G/3G network, maintaining an encrypted call with the second terminal accessing the LTE network; receiving the feedback from the enhanced mobile switching center After the response message of the circuit switched channel request is created, an encrypted conversation is performed with the second terminal through the circuit switched channel.
  • the step of performing an encrypted call with the second terminal by using the media channel includes: transmitting, by using a circuit switched channel, a circuit switched media stream to be sent to a second terminal accessing the LTE network to the media gateway; and / or receive a circuit switched media stream that is converted and encrypted by the media gateway.
  • the call encryption method further includes: when the received circuit switched media stream is not encrypted, sending call release information to the enhanced mobile switching center by the mobility management entity, and receiving the enhanced mobile switching center by moving When the call release response message sent by the sex management entity is released, the call channel is released.
  • a call encryption method is further provided in the embodiment of the present invention, including: receiving, by the service continuity application server, a media switch request, and creating the enhanced mobile switching center, in the enhanced mobile switching center. And the media switching request response message is returned to the enhanced mobile switching center by the service continuity application server when the media channel is connected to the first terminal; wherein the enhanced mobile switching center receives the continuous service through the service Before the media application server sends the media switch request, the encrypted call is maintained with the first terminal via the LTE network; the key for talking to the first terminal is sent to the enhanced mobile switching center; and the media created by the mobile switching center The channel performs an encrypted conversation with the first terminal.
  • the step of performing an encrypted call with the first terminal by using the media channel created by the mobile switching center comprises: receiving an RTP (Real-time Transport Protocol) converted and encrypted by the media gateway The media stream; and/or the RTP media stream is sent to the media gateway through the media channel.
  • RTP Real-time Transport Protocol
  • the call encryption method further includes: when the received RTP media stream is not encrypted, sending call release information to the enhanced mobile switching center through the service continuity application server, and receiving the enhanced mobile switching center through the service When the call release response information sent by the continuity application server is released, the call channel is released.
  • the application further provides a computer readable storage medium storing computer executable instructions that are implemented when the computer executable instructions are executed.
  • the present invention provides a call encryption apparatus, including: a first receiving module, configured to receive a circuit switched channel request sent by a first terminal that accesses an LTE network to access a 2G/3G network.
  • the first terminal maintains an encrypted call with the second terminal accessing the LTE network before accessing the 2G/3G network
  • the second receiving module is configured to receive the second terminal to send through the media channel.
  • a key wherein the key is a key negotiated between the first terminal and the second terminal during a call in the LTE network
  • the channel creation module is configured to create the first according to the request to create a circuit switched channel a media channel between the terminal and the second terminal
  • an execution module configured to establish an encrypted call between the first terminal and the second terminal according to the key.
  • the channel creation module includes: a media switching requesting unit, configured to send a media switching request to the second terminal by using a service continuity application server according to the request for creating a circuit switched channel; and media switching response unit, setting Receiving, by the service continuity application server, a media handover response that is sent by the second terminal according to the media handover request; the response message unit is configured to send the creation to the first terminal according to the media handover response The response message requested by the circuit switched channel.
  • the executing module is configured to send the key to the media gateway, and the media gateway decrypts the received encrypted media stream sent by the first terminal or the second terminal according to the key, Format conversion and encryption, and send to the destination terminal.
  • the call encryption device further includes: a call release sending module, configured to send, by the mobility management entity, the call initiated by the second terminal to the first terminal when the key sent by the second terminal fails to be received Release the information.
  • a call release sending module configured to send, by the mobility management entity, the call initiated by the second terminal to the first terminal when the key sent by the second terminal fails to be received Release the information.
  • an embodiment of the present invention further provides a call encryption apparatus, including: a circuit switched channel creation module, configured to move to an enhanced mobile when the LTE network is switched to access the 2G/3G network.
  • the switching center sends a request to create a circuit switched channel, and the enhanced mobile switching center creates a circuit switched channel with the enhanced mobile switching center; wherein, before accessing the 2G/3G network, accessing the LTE
  • the second terminal of the network maintains an encrypted call;
  • the circuit switched channel response module is configured to, after receiving the response message to the request for creating the circuit switched channel fed back by the enhanced mobile switching center, through the circuit switched channel The second terminal performs an encrypted call.
  • the call encryption device further includes a first call release module configured to receive When the circuit switched media stream is not encrypted, the call release information is sent to the enhanced mobile switching center through the service continuity application server, and the call channel is released when the enhanced mobile switching center receives the call release response information sent by the mobility management entity. .
  • a call encryption apparatus including: a media channel response module, configured to send a media switch request by using a service continuity application server after receiving the enhanced mobile switching center, and When the enhanced mobile switching center creates a media channel with the first terminal, the media switching request response message is returned to the enhanced mobile switching center through the service continuity application server, and the media channel is used to The first terminal performs an encrypted call; wherein, before receiving the enhanced mobile switching center to send the media switching request by the service continuity application server, the first terminal maintains an encrypted call with the first terminal; the key sending module sets Sending a key to the first mobile terminal to the enhanced mobile switching center.
  • the call encryption apparatus further includes a second call release module configured to send call release information to the enhanced mobile switching center through the service continuity application server when the received RTP media stream is not encrypted, and to enhance the reception When the type mobile switching center releases the response information through the call sent by the service continuity application server, the call channel is released.
  • a second call release module configured to send call release information to the enhanced mobile switching center through the service continuity application server when the received RTP media stream is not encrypted, and to enhance the reception
  • the type mobile switching center releases the response information through the call sent by the service continuity application server, the call channel is released.
  • the method and device of the present application can enable a mobile terminal to continue to hold a call when it enters an area covered by only a 2G/3G network from a 4G network coverage area, and can also maintain the encrypted state of the call, using VoLTE end-to-end encryption.
  • the method solves the problem that the VoLTE call is easily monitored, and improves the security of the VoLTE call.
  • FIG. 1 is a flowchart of a call encryption method according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a call encryption method according to an embodiment of the present invention when a key transmission fails and a call channel is triggered to be released;
  • FIG. 3 is a flowchart of a call encryption method according to an embodiment of the present invention when an unencrypted voice stream is received on a CS side, and a call channel is triggered to be released;
  • FIG. 4 is a flowchart of a call encryption method according to an embodiment of the present invention when an IMS side receives an unencrypted voice stream and triggers release of a call channel;
  • FIG. 5 is a block diagram of a call encryption apparatus provided in an embodiment of the present invention.
  • FIG. 6 is a block diagram of another call encryption apparatus provided in an embodiment of the present invention.
  • FIG. 7 is a block diagram of still another call encryption apparatus provided in an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for encrypting a call according to an embodiment of the present invention. As shown in the figure, an embodiment of the present invention provides a method for encrypting a call, which is implemented by E-MSC (Enhanced).
  • E-MSC Enhanced
  • the mobile switching center includes: when the first terminal UE1 is switched from accessing the LTE network to accessing the 2G/3G network, receiving the first terminal by using an MME (Mobility Management Entity, mobility) a CS (system switching) channel request sent by the management entity, wherein the first terminal maintains an encrypted call with a second terminal accessing the LTE network before accessing the 2G/3G network;
  • the mobile switching center creates a CS channel request, creates a circuit switched channel between the first terminal and the second terminal, and includes: according to the request to create a CS channel, through the SCC_AS (Service Centralization and Continuity Application Server) sends a Re-INVITE media switching request to the second terminal; Terminal based on the handover request by the media service handover response 200OK feedback continuity application server; E-MSC then the UE1 to transmit the created message CS circuit switched channel in response to a request 200OK.
  • MME Mobility Management Entity, mobility
  • CS system switching
  • the E-MSC receives a key that is sent by the second terminal through the media channel, where the key is a key negotiated by the first terminal and the second terminal when talking in the LTE network; according to the key, the first terminal and the second terminal are established. Encrypted calls between terminals.
  • the second terminal when receiving the key sent by the second terminal, transmits the media used by the key A channel is a voice channel or a dedicated media channel established to pass a key.
  • the media description part in the Re-INVITE message sent by the service continuity application server to the second terminal includes a dedicated media stream description.
  • the encrypted call between the first terminal and the second terminal is performed by an MGW (Media GateWay) in which the enhanced mobile switching center sends the key to the media gateway, and the media gateway receives the key pair according to the key pair.
  • the encrypted media stream sent by the first terminal or the second terminal is decrypted, format converted, and encrypted, and sent to the destination terminal.
  • the media gateway receives the key sent by the enhanced mobile switching center; the first terminal sends the key to the second terminal, and the first terminal sends the second terminal to the IP multimedia side to access the second terminal in the LTE network.
  • the CS media stream is used to decrypt the CS media stream and convert it into an RTP media stream; use the key to encrypt the RTP media stream and send it to the IP multimedia side to access the LTE network through the media channel.
  • the destination terminal ie the second terminal. Transmitted by the second terminal to the first terminal: receiving an RTP media stream that is sent by the second terminal in the LTE network through the media channel; decrypting the RTP media stream by using the key, and converting the circuit into a circuit
  • the CS media stream is exchanged; the circuit-switched CS media stream is encrypted using the key and sent to the destination terminal (ie, the first terminal) through the circuit-switched CS channel.
  • FIG. 2 is a flowchart of a call encryption method according to an embodiment of the present invention, when a key transmission fails, and a call channel is triggered to be released.
  • the enhanced mobile switching center receives the key negotiation failure sent by the second terminal, receiving the call release information sent by the second terminal through the service continuity application server; and then sending the call release information to the first terminal by using the mobility management entity. , release the call channel.
  • FIG. 1 is a flowchart of a method for encrypting a call according to an embodiment of the present invention.
  • an embodiment of the present invention provides a method for encrypting a call, which is performed by a first terminal in the figure, including: The terminal performs an encrypted call with the second terminal via the LTE network; when the first terminal is switched to access the 2G/3G network by the access LTE network, the CS-channel message is sent to the enhanced mobile switching center by the mobility management entity, and is enhanced by The mobile switching center creates a CS channel with the second terminal; after that, the first terminal receives the enhanced mobile switching center feedback for the created CS channel After the response message is requested, an encrypted conversation is performed with the second terminal through the CS channel.
  • the step of performing an encrypted call includes: transmitting, by the circuit switched CS channel, a CS media stream to be sent to the second terminal in the LTE network to the media gateway; or receiving the CS media stream converted and encrypted by the media gateway.
  • FIG. 3 is a flowchart of a call encryption method according to an embodiment of the present invention, when an unencrypted voice stream is received on the CS side, and a call channel is triggered to be released.
  • the call release information is sent to the enhanced mobile switching center by the mobility management entity, and the call release response information 200OK sent by the enhanced mobile switching center through the mobility management entity is released. Call channel.
  • FIG. 1 is a flowchart of a method for encrypting a call according to an embodiment of the present invention.
  • an embodiment of the present invention provides a method for encrypting a call, which is performed by a second terminal in the figure.
  • the method includes: the second terminal performs an encrypted call with the first terminal in the LTE network; when the first terminal is switched to access the 2G/3G network by the access LTE network, the receiving enhanced mobile switching center sends the INVITE message to the service continuity application server.
  • the media continuity request initiated by the Re-INVITE message is sent by the service continuity application server to create a media channel with the first terminal, and then the 200NT message is sent back to the enhanced mobile switching center by the service continuity application server.
  • the second terminal sends a key when talking to the first terminal to the enhanced mobile switching center, and then performs an encrypted call with the first terminal through the media channel, and the process is divided into receiving the RTP media stream converted and encrypted by the media gateway. Or send the RTP media stream to the media gateway through the media channel.
  • FIG. 4 is a flowchart of a call encryption method according to an embodiment of the present invention when an IMS side receives an unencrypted voice stream and triggers release of a call channel.
  • the call release information is sent to the enhanced mobile switching center by the service continuity application server, and the call sent by the enhanced mobile switching center E-MSC through the service continuity application server SCC_AS is received.
  • the response message 200OK is released, and the call channel is released.
  • the first terminal and the second terminal that have established a VoLTE call in the LTE network perform an encrypted call, and when the first terminal moves out of the area covered by the LTE network, the second terminal enters the 2G/3G network.
  • the key used by the second terminal sent by the second terminal is sent to the enhanced mobile switching center, and sent to the media gateway, and then the first terminal is received.
  • the CS channel is sent to the CS media stream of the second terminal of the IP multimedia side.
  • the CS media stream is already encrypted by the first terminal using the original key, and the media gateway decrypts the circuit-switched CS media stream and converts it into an RTP media stream.
  • Embodiments of the present invention further provide a computer readable storage medium storing computer executable instructions that are implemented when the computer executable instructions are executed.
  • FIG. 5 is a block diagram of a call encryption apparatus provided in an embodiment of the present invention.
  • the call encryption apparatus 500 includes: a first receiving module 510 configured to receive handover to access by an access LTE network. Creating a circuit switched channel request sent by the first terminal of the 2G/3G network, wherein the first terminal performs an encrypted call with the second terminal accessing the LTE network before accessing the 2G/3G network; and the second receiving The module 520 is configured to receive a key that is sent by the second terminal by using a media channel, where the key is a key negotiated when the first terminal and the second terminal talk in the LTE network; the channel creation module 530 And setting a media channel between the first terminal and the second terminal according to the creating a circuit switched channel request; the media gateway 540 is configured to establish the first terminal and the second terminal according to the key Encrypted calls between.
  • the channel creation module 530 includes: a media switching requesting unit 531, configured to send a media switching request to the second terminal by using a service continuity application server according to the creating a circuit switched channel request; and a media switching response unit 532, And configured to receive, by the service continuity application server, a media handover response that is sent by the second terminal according to the media handover request; the response message unit 533 is configured to send, according to the media handover response, to the first terminal A response message that creates a circuit switched channel request.
  • the media gateway 540 includes: a decryption unit 541, a format conversion unit 542, and an encryption unit 543, which are respectively configured to be used by the media gateway 540 according to the key pair after transmitting the key to the media gateway 540.
  • the received encrypted media stream sent by the first terminal or the second terminal is decrypted, format converted, and encrypted, and sent to the destination terminal.
  • the call encryption device 500 further includes: a call release sending module 550, which is configured When the receiving of the key sent by the second terminal fails, the call release information initiated by the second terminal is sent to the first terminal by the mobility management entity.
  • a call release sending module 550 which is configured When the receiving of the key sent by the second terminal fails, the call release information initiated by the second terminal is sent to the first terminal by the mobility management entity.
  • FIG. 6 is a block diagram of another call encryption apparatus provided in an embodiment of the present invention.
  • the call encryption apparatus 600 includes a circuit switched channel creation module 610 configured to be switched when being accessed by an LTE network.
  • a circuit switched channel creation module 610 configured to be switched when being accessed by an LTE network.
  • the circuit switched channel response module 620 is configured to receive the feedback of the enhanced mobile switching center to the created circuit switched channel After the response message is requested, an encrypted conversation is made with the second terminal through the circuit switched channel.
  • the call encryption device 600 further includes a first call release module 630 configured to send call release information to the enhanced mobile switching center through the service continuity application server when the received circuit switched media stream is not encrypted, and receive When the enhanced mobile switching center releases the response information through the call sent by the mobility management entity, the call channel is released.
  • a first call release module 630 configured to send call release information to the enhanced mobile switching center through the service continuity application server when the received circuit switched media stream is not encrypted, and receive When the enhanced mobile switching center releases the response information through the call sent by the mobility management entity, the call channel is released.
  • FIG. 7 is a block diagram of still another call encryption apparatus provided in the embodiment of the present invention.
  • the call encryption apparatus 700 includes: a media channel response module 720, configured to receive an enhanced mobile switching center.
  • the service continuity application server sends a media switching request, and when the enhanced mobile switching center creates a media channel with the first terminal, the media switching request response message is returned to the office through the service continuity application server.
  • An enhanced mobile switching center that performs an encrypted call with the first terminal through the media channel; wherein, before receiving the enhanced mobile switching center to send a media switching request by using the service continuity application server,
  • the first terminal maintains an encrypted call;
  • the key sending module 730 is configured to send a key for talking to the first terminal to the enhanced mobile switching center.
  • the call encryption apparatus 700 further includes a second call release module 740 configured to send call release information to the enhanced mobile switching center through the service continuity application server when the received RTP media stream is not encrypted, and enhance the reception.
  • a second call release module 740 configured to send call release information to the enhanced mobile switching center through the service continuity application server when the received RTP media stream is not encrypted, and enhance the reception.
  • the type mobile switching center releases the response information through the call sent by the service continuity application server, the call channel is released.
  • the call encryption method and device provided by the present application can enable the mobile terminal to continue to hold the call when the mobile terminal accesses the area covered by the 4G network only in the area covered by the 2G/3G network, and can also maintain the encrypted state of the call, using VoLTE.
  • the end-to-end encryption method solves the problem that the VoLTE call is easily monitored, and improves the security of the VoLTE call.
  • each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. / instruction to achieve its corresponding function.
  • Embodiments of the invention are not limited to any specific form of combination of hardware and software.
  • the mobile terminal when the mobile terminal can enter the area covered by the 4G network from the area covered by the 4G network, the call can be kept in the encrypted state, and the voice can be kept encrypted, and the VoLTE end-to-end encryption is used.
  • the method solves the problem that the VoLTE call is easily monitored, and improves the security of the VoLTE call.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé et un dispositif de chiffrement d'appel. Le procédé de chiffrement d'appel consiste à : recevoir une demande en provenance d'un premier terminal destiné à être commuté d'un réseau d'accès LTE à un réseau d'accès 2G/3G et pour établir un canal à commutation de circuit; établir, en fonction de la demande d'établir le canal à commutation de circuit, un canal multimédia entre le premier terminal et un second terminal; recevoir une clé transmise par le second terminal par l'intermédiaire du canal multimédia, la clé servant de clé adoptée dans une procédure de négociation pour que le premier terminal et le second terminal communiquent l'un avec l'autre dans un réseau LTE; et établir, sur la base de la clé, une communication chiffrée entre le premier terminal et le second terminal. Le schéma ci-dessus peut permettre à un terminal mobile se déplaçant d'une zone possédant une couverture de réseau 4G vers une autre zone n'ayant qu'une couverture de réseau 2G/3G de poursuivre un appel tout en maintenant l'appel destiné à être dans un état chiffré. Le mode de réalisation utilise un procédé de chiffrement de bout en bout VoLTE pour résoudre un problème selon lequel un branchement clandestin d'un appel VoLTE est simple et facile, en augmentant la sécurité d'un appel VoLTE.
PCT/CN2016/086444 2015-09-28 2016-06-20 Procédé et dispositif de chiffrement d'appel WO2017054525A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510626123.0A CN106559781A (zh) 2015-09-28 2015-09-28 一种通话加密方法及装置
CN201510626123.0 2015-09-28

Publications (1)

Publication Number Publication Date
WO2017054525A1 true WO2017054525A1 (fr) 2017-04-06

Family

ID=58415316

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/086444 WO2017054525A1 (fr) 2015-09-28 2016-06-20 Procédé et dispositif de chiffrement d'appel

Country Status (2)

Country Link
CN (1) CN106559781A (fr)
WO (1) WO2017054525A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109788473B (zh) * 2017-11-13 2022-01-25 中国移动通信有限公司研究院 一种VoLTE通话加密方法、网络设备及终端
CN109672692B (zh) * 2019-01-31 2021-05-11 兴唐通信科技有限公司 一种VoIP通信网络中基于RTP的媒体数据加密方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204301A (zh) * 2008-11-03 2011-09-28 诺基亚公司 用于在分组交换网络和电路交换网络之间切换期间提供安全性的方法、装置和计算机程序产品
CN102223351A (zh) * 2010-04-15 2011-10-19 中兴通讯股份有限公司 一种实现单接入系统语音连续性安全的方法及系统
CN102694778A (zh) * 2011-03-24 2012-09-26 中兴通讯股份有限公司 一种实现单接入系统语音连续性的方法及系统
CN102711100A (zh) * 2012-04-24 2012-10-03 中国联合网络通信集团有限公司 语音加解密处理方法、基站及网络系统
CN102948211A (zh) * 2010-05-07 2013-02-27 诺基亚公司 用于单一无线电语音呼叫连续性操作的信令无线电承载安全处理

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204301A (zh) * 2008-11-03 2011-09-28 诺基亚公司 用于在分组交换网络和电路交换网络之间切换期间提供安全性的方法、装置和计算机程序产品
CN102223351A (zh) * 2010-04-15 2011-10-19 中兴通讯股份有限公司 一种实现单接入系统语音连续性安全的方法及系统
CN102948211A (zh) * 2010-05-07 2013-02-27 诺基亚公司 用于单一无线电语音呼叫连续性操作的信令无线电承载安全处理
CN102694778A (zh) * 2011-03-24 2012-09-26 中兴通讯股份有限公司 一种实现单接入系统语音连续性的方法及系统
CN102711100A (zh) * 2012-04-24 2012-10-03 中国联合网络通信集团有限公司 语音加解密处理方法、基站及网络系统

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
3GPP TSGSSA: "Security Architecture", 3GPPTS33.401 V13.0.0, 25 September 2015 (2015-09-25), pages 61 - 65 *
3GPP TSGSSA: "Single Radio Voice Call Continuity (SRVCC", 3GPPTS23.216 V13.0.0, 21 June 2015 (2015-06-21) *

Also Published As

Publication number Publication date
CN106559781A (zh) 2017-04-05

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
JP5763267B2 (ja) エンドツーエンド暗号化を用いる通信システムにおけるポリシールーティングに基づく合法的傍受
US8804961B2 (en) Method and system for mobile terminals handing over between clear session and encrypted session communications
KR102161715B1 (ko) 도킹 구조에서의 프록시 기반 통신 기법
EP2124379B1 (fr) Procédé et système permettant de distribuer des clés secrètes du flux multimédia
CN106850399B (zh) 一种基于WebRTC技术即时消息的通信方法
JP5450444B2 (ja) マルチメディア通話を処理するための方法及び装置
WO2009021441A1 (fr) Procédé d'émission et de réception, appareil et système pour la politique de sécurité de la session en multidiffusion
US9848022B2 (en) Method and apparatus for inter-device transfer (handoff) between IMS and generic IP clients
KR20140011969A (ko) 디스플레이 세션에서 오프라인 참여를 위한 무선 통신 시스템 및 방법
WO2006134505A1 (fr) Procede, systeme et elements de reseau pour l'etablissement d'une protection multimedia a travers des reseaux
US20110116473A1 (en) METHOD AND APPARATUS FOR INTER-DEVICE HANDOVER (HO) BETWEEN INTERNET PROTOCOL (IP) MULTIMEDIA SUBSYSTEM (IMS) AND CIRCUIT SWITCHED (CS) WIRELESS TRANSMIT/RECEIVE UNITS (WTRUs)
WO2015062454A1 (fr) Procédé, dispositif, et système d'appel audio et vidéo
WO2012126321A1 (fr) Procédé et système pour réaliser une continuité d'appel vocal radio unique
WO2007048301A1 (fr) Procede de cryptage pour service mgn
WO2017054525A1 (fr) Procédé et dispositif de chiffrement d'appel
JP5002830B2 (ja) 通信モジュール、通信方法、通信プログラム、通信端末、および通信制御装置
US10848471B2 (en) Communication apparatus, communication method, and program
US20100303233A1 (en) Packet transmitting and receiving apparatus and packet transmitting and receiving method
EP2502397A1 (fr) Duplication de session inter-dispositifs
US20200204595A1 (en) Media protection within the core network of an ims network
WO2015127756A1 (fr) Procédé et dispositif d'ancrage de médias dans un service de continuité d'appel vocal
WO2018072202A1 (fr) Procédé de commutation d'un service d'appel de terminal et appareil
EP2560435B1 (fr) Procédé et système pour mettre en oeuvre la sécurité de continuité d'un appel radiotéléphonique unique
CN108616494B (zh) 基于多pdn连接的安全通话方法、装置及终端

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16850150

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16850150

Country of ref document: EP

Kind code of ref document: A1