HK1066940B - Method of ciphering data and/or voice call to be transferred in mobile communication system and method of deactivating the ciphering - Google Patents
Method of ciphering data and/or voice call to be transferred in mobile communication system and method of deactivating the ciphering Download PDFInfo
- Publication number
- HK1066940B HK1066940B HK04109758.9A HK04109758A HK1066940B HK 1066940 B HK1066940 B HK 1066940B HK 04109758 A HK04109758 A HK 04109758A HK 1066940 B HK1066940 B HK 1066940B
- Authority
- HK
- Hong Kong
- Prior art keywords
- encryption
- network
- terminal
- message
- mobile communication
- Prior art date
Links
Description
Background
Technical Field
The present invention relates to data encryption and, more particularly, to a system and method for controlling encryption of voice, data and/or other types of call information in a mobile communication system.
Background of the related art
In a GSM (general mobile communication system) mobile communication system, which implements a second generation commercial service and a 2.5 generation GPRS (general packet radio service) commercial service in the united states and europe, a user authentication procedure and a ciphering activation procedure are implemented. These procedures require a registration procedure so that the user of the mobile terminal informs the network: the user will always use the mobile terminal whenever the mobile terminal is powered on. The registration procedure includes an additional registration procedure, a location area update registration procedure, and a routing area update registration procedure.
In the process of implementing the registration process, the user authentication process and the encryption activation process are implemented when needed by the network. More specifically, when a mobile communication terminal requests registration to a network, the network implements a user authentication procedure to determine whether the terminal is an authenticated terminal. The encryption activation process then determines whether data transmitted between the terminal and the network needs to be encrypted.
The user authentication and encryption activation process prevents wireless voice or data from being eavesdropped or abused by third parties. Once the encryption activation between the mobile communication terminal and the network is set through the encryption activation process, call information is encrypted and then transmitted between the two.
There are two methods that may be used to determine whether to perform encryption. In the first method, whether encryption is performed or not is determined when the mobile communication terminal is registered with the network after mobile power-on. In the second method, whether to perform encryption is determined when the mobile communication terminal wants to implement a specific service. The specific services include a voice call talking on a telephone, an SMS (short message service) transmitting a short message, an SS (supplementary service), a PDP (packet data protocol) environment activation service transmitting a GPRS packet, and the like.
Even if a data transmission procedure between the mobile communication terminal and the network is not guaranteed (even when the encryption activation procedure is not performed by the network when registering the mobile communication terminal to the network and data is transmitted without encryption), the encryption activation procedure can be performed by the network when performing a service. In this way, data is encrypted and transmitted from that point in time.
Fig. 1 shows a general configuration of a mobile communication system, which encrypts transmitted data using the GSM standard. The system includes a mobile communication switching center 150 connected to a Public Switched Telephone Network (PSTN) and/or an integrated digital services network (ISDN)160 to be connected to a computer 180 through a general telephone line 170 or directly to the computer, a plurality of base station controllers 130, 140 connected to the mobile communication switching center 150, a plurality of base stations 111, 121 connected to the base station controllers 130, 140, respectively, and a plurality of mobile communication terminals 110, 120 connected to the base stations 111, 121, respectively, through wireless links.
The base stations 111 and 121 convert signal formats for wireless and wired links between the mobile communication terminals 110 and 120 and the mobile communication switching center 150. The base station also measures the transmission/reception electric field strength (signal strength) of the terminal and transmits the information to the switching center 150.
The base station controllers 130, 140 serve as connection means between the respective functions of the elements of the plurality of base stations 111, 121 and the cell operator. The base station controller also implements functions such as base station operation management, hardware and software service condition management within the base station, resource allocation and construction related to call traffic, information establishment of operations on the base station, operation and monitoring of the base station, monitoring of sub-devices related to faults.
The switching center 150 provides a circuit-switched service to the base station controllers 130, 140 and the mobile communication terminals 110, 120 and implements channel switching as an additional function. In the above-described mobile communication system, when any user transmits or receives a call using the terminal 110, 120, the terminal is connected to a corresponding one of the base stations 111, 121.
Fig. 2 shows a message flow of a related art ciphering activation procedure between a mobile communication terminal and a network, which may be implemented in the GSM mobile communication system shown in fig. 1.
In the GSM and GPRS commercial services provided in europe, when the mobile communication terminal 10 is powered on, the terminal requests registration to the network 20. At this time, the terminal transmits a registration request message (attach request) 201 to the base station through a wireless link, and the base station transmits the registration request message 201 to the mobile communication switching center through the base station controller.
The network 20 receives a registration request message 201 from the terminal and determines whether to implement a ciphering activation procedure. When it is determined that the encryption activation process is to be implemented, the network transmits an encryption verification request message 202 to the terminal 10. The terminal then transmits to the network a cryptographic authentication response message 203 appropriate for the cryptographic authentication request message 202 from the network.
When the network receives the encryption verification response message 203 from the terminal, the network transmits a registration completion message 204 indicating completion of the registration procedure to the terminal, thereby completing the encryption activation procedure between the terminal and the network.
When it is determined that the encryption activation process is not implemented by the network, the network does not transmit the encryption authentication request message to the terminal. Thus, data is transmitted between the terminal and the network without encryption.
Fig. 3 shows a message flow for encrypting a voice call according to a related art procedure, which may be implemented within the GSM system shown in fig. 1. When the terminal 10 transmits a Connection Management (CM) service request message 301 to the network 20 to transmit a voice call, the network determines whether to implement an encryption activation procedure in response to the CM service request message 301. When it is determined that the encryption activation procedure is to be implemented, the network transmits an encryption authentication request message 302 to the terminal.
The terminal transmits an encrypted authentication response message 303 transmitted from the network 20 as appropriate to the encrypted authentication request message 302. Thus completing the encryption activation process between the terminal and the network.
When the network receives the encrypted authentication response message 303 from the terminal, the network transmits a CM service registration completion message 304 indicating that the registration procedure for the terminal is completed.
The related art process described above with reference to fig. 2 and 3 will be described again in fig. 4. When a GSM type mobile communication terminal is powered on and in a waiting state 401, the terminal transmits a registration request message related to data and a CM service request message related to a voice call to a network. The network receives the message at 402 and determines whether to perform a cryptographic activation process at 403.
When it is determined that the ciphering activation procedure is not to be performed, the network transmits a registration/CM service complete message indicating that the ciphering activation procedure is not to be performed for the mobile communication terminal at 404. Thus, processing is complete without encryption activation at 405. Then, all data to be transmitted after the process is transmitted without being encrypted.
When it is determined at 403 that the encryption activation process is to be implemented, at 406. The network generates a RAND (RANDom number) value to calculate/store a SRES (signed response) value. The network then transmits an encrypted authentication request message to the terminal 407.
The terminal receives a cryptographic authentication request message from the network and transmits a cryptographic authentication response message to the network. The network then receives 408 an encrypted authentication response message from the terminal and compares 409 the SRES value from the terminal with the SRES values stored in the network to determine if the two values are equal.
When the two values are not equal as determined at 409, the network transmits a registration/CM service unavailable message at 410 indicating that the registration/CM service is no longer in use by the terminal, and the process is completed at 411. After the above process is completed, the transmitted data is not entitled to the encryption service.
When it is determined that the two values are equal, the network transmits a registration/CM service available message at 412 indicating that the registration/CM service will be used for the terminal, and the process is completed at 413. When the above process is completed, the transmission data enjoys the encryption service. All ciphering activation process actions are completed during the voice call.
In the related art described with reference to fig. 2 to 4, only the network determines whether the encryption activation process should be performed. Therefore, when the encryption activation process is not initially implemented or the data is not specific data, there is a disadvantage in that the encryption activation process cannot be implemented even if the user wants to encrypt and transmit and/or receive important data through the network. As a result, the user's important data may be externally eavesdropped or abused. Therefore, since voice and data can be transmitted without being encrypted, there is a great disadvantage in that important information of the user may be revealed to a third party.
Summary of the invention
The present invention is directed to addressing one or more of the shortcomings of the related art approaches described above.
It is another object of the present invention to provide a system and method that allows a mobile communication terminal to directly perform an encryption activation procedure and an encryption removal procedure for call information transmitted between the terminal and a network within a mobile communication system.
According to one embodiment of the present invention, the encryption activation process is directly initiated and performed via the mobile communication terminal. However, the ciphering activation procedure between the mobile communication terminal and the network is not implemented at the start point of initial registration of the terminal to the network or service. But the user of the terminal wishes to encrypt a voice call or data from a certain point of time and thus requests to perform a predetermined encryption activation procedure to the network. The network then implements one of the two encryption activation methods in response to an encryption request transmitted from the mobile communication terminal at a specific point in time.
In the first method, when the mobile communication terminal requests the implementation of the ciphering activation process, the network implements the ciphering activation process using the above-described related art method.
In the second method, when the mobile communication terminal transmits a specific value while an encryption activation request is transmitted, the network calculates a key value required for an encryption activation process according to the specific value and then notifies the completion of the encryption activation process. From this time on, the mobile communication terminal and the network start encryption.
In addition, when the user starts transmitting data and no more data encryption is required, the user terminal transmits a message to the network indicating that encryption should be stopped. The network then transmits a response to the message and thus does not perform the encryption process between the mobile communication terminal and the network any more.
According to an embodiment of the present invention, a method of encrypting data transmitted between a mobile communication terminal and a network includes: a step in which the mobile communication terminal requests the network for data encryption; a step in which the network transmits an encryption authentication request message to the mobile communication terminal when receiving an encryption request message from the mobile communication terminal; a step in which the mobile communication terminal transmits an encryption authentication response message to the network in response to the encryption authentication request message; and a step in which the network transmits a cryptographic activation completion message to the mobile communication terminal according to the cryptographic authentication response message transmitted from the mobile communication terminal. The cryptographic authentication request message preferably includes the RAND value.
The mobile communication terminal can make an encryption request even when data is transmitted between the mobile communication terminal and the network.
The mobile communication terminal can still make encryption request when data is not transmitted between the mobile communication terminal and the network.
According to another embodiment of the present invention, a method of encrypting data transmitted between a mobile communication terminal and a network includes: a step in which the mobile terminal transmits a data encryption request message including a specific value to the network; a step in which the network calculates a key value required for the encryption activation process according to a specific value transmitted from the mobile communication terminal and transmits an encryption activation completion message indicating completion of the encryption activation process; and a step of encrypting data transmitted between the mobile communication terminal and the network after the encryption activation completion message is transmitted. Here the specific value uses the RAND value.
A method of encrypting data transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: a step that the mobile communication terminal requests the network to encrypt data; a step in which the network receives an encryption request message from the mobile communication terminal and determines whether or not the RAND value is included in the received encryption request message; a step in which the network generates a key value (Kc) required for encryption using the RAND value when it is determined that the RAND value is included in the received encryption request message and transmits a data encryption activation completion message to the mobile communication terminal; a step in which, when it is determined that the RAND value is not included in the received encryption request message, the network generates the RAND value, calculates/stores an SRES value, and transmits an encryption authentication request message to the mobile communication terminal depending on whether encryption activation is to be carried out; a step in which the mobile communication terminal transmits an encrypted authentication response message including an SRES value to the network in response to the encrypted authentication request message transmitted from the network; the network compares the SRES value transmitted from the mobile communication terminal with the SRES value stored in the network and determines whether encryption of data is available according to whether the two values are equal.
The cryptographic authentication request message transmitted from the network to the mobile communication terminal includes the RAND value, and the cryptographic authentication response message transmitted from the mobile communication terminal to the network includes the SRES value calculated by the mobile communication terminal.
The present invention further includes the step of the network transmitting an encryption verification unavailable message of data to the mobile communication terminal when it is determined that the received encryption request message does not include the RAND value and encryption activation is not performed.
In addition, a method for removing data encryption between a mobile communication terminal and a network according to an embodiment of the present invention includes: the mobile communication terminal requests the network to remove the data encryption; and the network performs the ciphering removal in response to the ciphering removal request message transmitted from the mobile communication terminal and transmits a ciphering removal completion message to the mobile communication terminal.
The mobile communication terminal can make an encryption removal request even when data is transmitted between the mobile communication terminal and the network.
The mobile communication terminal can still make encryption removal request when the mobile communication terminal and the network do not transmit data.
A method of encrypting a voice call transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: a step that the mobile communication terminal requests the network to encrypt the voice call; a step in which the network transmits an encryption authentication request message to the mobile communication terminal when receiving an encryption request message from the mobile communication terminal; a step in which the mobile communication terminal transmits an encrypted authentication response message to the network in response to the encrypted authentication request message; and a step in which the network transmits a ciphering activation completion message to the mobile communication terminal according to the ciphering authentication response message transmitted from the mobile communication terminal. The cryptographic authentication request message preferably includes the RAND value.
The mobile communication terminal can make an encryption request even when a voice call is transmitted between the mobile communication terminal and the network.
The mobile communication terminal can still make an encryption request when a voice call is not transmitted between the mobile communication terminal and the network.
A method of encrypting a voice call transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: a step in which the mobile communication terminal transmits an encryption request message for a voice call including a specific value to a network; a step in which the network calculates a key value required for the encryption activation process according to a specific value transmitted from the mobile communication terminal and transmits an encryption activation complete message indicating completion of the encryption activation process; and a step of encrypting the voice call transmitted between the mobile communication terminal and the network after transmitting the encryption activation completion message. Here, the specific value uses the RAND value.
A method of encrypting a voice call transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: a step that the mobile communication terminal requests the network to encrypt the voice call; a step in which the network receives an encryption request message from the mobile communication terminal and determines whether or not the RAND value is included in the received encryption request message; a step in which the network generates a key value (Kc) required for encryption using the RAND value and then transmits an encryption activation complete message for a voice call to the mobile communication terminal, when it is determined that the RAND value is included in the received encryption request message; a step in which the network generates a RAND value when it is determined that the RAND value is not included in the received encryption request message, calculates/stores an SRES value and transmits an encryption authentication request message to the mobile communication terminal depending on whether or not encryption activation is to be carried out; the mobile communication terminal transmitting an encrypted authentication response message including the SRES value to the network in response to the encrypted authentication request message transmitted from the network; and a step in which the network compares the SRES value transmitted from the mobile communication terminal with the SRES value stored in the network and determines whether encryption of the voice call is available according to whether the two values are equal.
The cryptographic authentication request message transmitted from the network to the mobile communication terminal includes the RAND value, and the cryptographic authentication response message transmitted from the mobile communication terminal to the network includes the SRES value calculated by the mobile communication terminal.
The present invention further includes the network transmitting an encryption authentication unavailable message for a voice call to the mobile communication terminal when it is determined that the received encryption request message does not include the RAND value and encryption activation should not be achieved.
A method of de-encrypting a voice call transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: a step that the mobile communication terminal sends an encryption removal request of a voice call to a network; the network carries out the steps of removing encryption and transmitting an encryption removal completion message to the mobile communication terminal in response to the encryption removal request message transmitted from the mobile communication terminal.
The mobile communication terminal can make an encryption request even when a voice call is transmitted between the mobile communication terminal and the network.
The mobile communication terminal can still make an encryption request when a voice call is not transmitted between the mobile communication terminal and the network.
A method of encrypting data and voice calls transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: the mobile communication terminal requests the network to encrypt the data and the voice call; a step in which the network transmits an encryption authentication request message to the mobile communication terminal when the encryption request message is received from the mobile communication terminal; a step in which the mobile communication terminal transmits an encrypted authentication response message to the network in response to the encrypted authentication request message; and a step in which the network transmits a cryptographic activation completion message to the mobile communication terminal according to the cryptographic authentication response message transmitted from the mobile communication terminal. The cryptographic authentication request message preferably includes the RAND value.
The mobile communication terminal can perform an encryption request removal request even when data and voice calls are transmitted between the mobile communication terminal and a network.
The mobile communication terminal can still make an encryption removal request when data and voice calls are not transmitted between the mobile communication terminal and the network.
A method of encrypting data and voice calls transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: a step in which the mobile communication terminal transmits an encryption request message including data of a specific value and a voice call to a network; a step in which the network calculates a key value required for the encryption activation process according to a specific value transmitted from the mobile communication terminal and transmits an encryption activation completion message indicating completion of the encryption activation process; and encrypting the data and voice call transmitted between the mobile communication terminal and the network after transmitting the encryption activation completion message. Here, the specific value uses the RAND value.
A method of encrypting data and voice calls transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: the mobile communication terminal requests the network to encrypt the data and the voice call; a step in which the network receives an encryption request message from the mobile communication terminal and determines whether or not the RAND value is included in the received encryption request message; a step in which the network generates a key value required for encryption using the RAND value and transmits an encryption activation completion message for data and voice calls to the mobile communication terminal when it is determined that the RAND (kc) value is included in the received encryption request message; a step in which the network generates a RAND value when it is determined that the RAND value is not included in the received encryption request message, calculates/stores an SRES value, and transmits an encryption authentication request message to the mobile communication terminal according to whether or not encryption activation is to be carried out; a step in which the mobile communication terminal transmits an encrypted authentication response message including the SRES value to the network in response to the encrypted authentication request message transmitted from the network. And the network compares the SRES value transmitted from the mobile communication terminal with the SRES value stored in the network and determines whether encryption of data and voice calls is available according to whether the two are equal.
The cryptographic authentication request message transmitted from the network to the mobile communication terminal includes the RAND value, and the cryptographic authentication response message transmitted from the mobile communication terminal to the network includes the SRES value calculated by the mobile communication terminal.
The present invention also includes the network transmitting a ciphering authentication unavailable message for data and voice calls to the mobile communication terminal when it is determined that the received ciphering request message does not include the RAND value and ciphering activation is not to be carried out.
A method for removing encryption of data and voice calls transmitted between a mobile communication terminal and a network according to another embodiment of the present invention includes: the mobile communication terminal encrypts and removes the network request data and the voice call; and the network implements the ciphering removal and transmits a ciphering removal completion message to the mobile communication terminal in response to the ciphering removal request message transmitted from the mobile communication terminal.
The mobile communication terminal can make an encryption removal request even when data and voice calls are transmitted between the mobile communication terminal and the network.
The mobile communication terminal can make an encryption removal request even when data and voice calls are not transmitted between the mobile communication terminal and the network.
Brief description of the drawings
Fig. 1 is a general configuration diagram of a GSM mobile communication system;
FIG. 2 is a message flow diagram that may be implemented within a related art encryption activation process implemented within the system of FIG. 1;
FIG. 3 is a message flow diagram implemented within a related art process of activating a voice call that may occur within the system of FIG. 1;
FIG. 4 is a flow chart showing steps implemented within a related art cryptographic activation process;
fig. 5 is a message flow diagram corresponding to one embodiment of a ciphering activation process implemented within a mobile communication system in accordance with the present invention;
FIG. 6 is a message flow diagram corresponding to another embodiment of a cryptographic activation process using a particular key value in accordance with the present invention;
fig. 7 is a message flow diagram included in one embodiment of an encryption removal process implemented in a mobile communication system in accordance with the present invention; and
fig. 8(a) and 8(B) are flowcharts showing steps included in the encryption activation process according to the present invention.
Detailed description of the preferred embodiments
Although embodiments of the present invention have been described in many cases as transmitting user data between a mobile communication terminal and a network, it is emphasized that the present invention is applicable to the transmission of other types of call information including, but not limited to, voice call messages transmitted by a user, SMS (short message service) transmitting short messages, SS (supplementary service), and PDP (packet data protocol) context activation service information transmitting GPRS. It is further noted that the GSM implementation of the mobile communication system and the mobile communication terminal described in the following embodiments is only intended to illustrate the invention. The present invention is broadly applicable in any mobile communication system and mobile communication terminal such as, but not limited to, a CDMA mobile communication system and terminal.
Fig. 5 shows a message flow in a ciphering activation procedure implemented in a GSM mobile communication system according to an embodiment of the present invention. For illustrative purposes, some of the reference numbers used in FIG. 1 are still used in FIG. 5 to describe the message flow.
When the user turns on his mobile communication terminal 10, the terminal requests registration to the network 20.
The terminal transmits a registration request message 501 to the base station 111 within the network through a wireless link, and the base station transmits the registration request message 501 to the mobile communication switching center 150 through the base station controller 130.
When the registration request message 501 is received from the terminal 10, the network determines whether encryption activation is implemented. When it is determined that encryption activation is to be achieved, the network transmits an encryption verification request message 502 to the terminal.
The terminal then transmits a cryptographic authentication response message 503 to the network in response to the cryptographic authentication request message 502.
After the encrypted authentication response message 503 is transmitted from the terminal, the network transmits a registration completion message 504 indicating that the registration process is completed to the terminal. Thus, the ciphering activation initiation procedure between the mobile communication terminal and the network is completed.
When it is determined that the encryption activation should not be achieved, the network does not transmit the encryption authentication request message to the mobile communication terminal. As a result, data is normally transmitted between the terminal and the network without encryption at 505.
When an encryption activation procedure between the terminal and the network is not formed in the initial registration procedure and data needs to be encrypted in data transmission from the mobile communication terminal, the terminal transmits an encryption request message during transmission of the data 506 to the network. At that time, an encryption request message is transmitted to the network during transmission of data 506 that does not include a specific value (RAND: RANDom number).
When the network receives the encryption request message while transmitting data 506, the network implements the encryption activation process.
When the network completes the encryption activation process, the network transmits an encryption authentication request message 507 to the terminal.
The terminal transmits a cryptographic authentication response message 508 to the network in response to the cryptographic authentication request message 507.
When the encryption verification response message 508 is transmitted to the network, the network transmits an encryption activation complete message upon transmitting data 509 indicating that the encryption activation process is completed when transmitting the data to the mobile communication terminal. Thus, encryption activates the required procedures upon completion of all data transfers. After all procedures required for encryption activation are completed, all data to be transmitted is encrypted and transmitted.
Fig. 6 illustrates a cipher activation process message flow using a specific key value in a GSM mobile communication system according to another embodiment of the present invention. The flow includes a message 601 which requests data encryption in the transmission of data from the mobile communication terminal 10 to the network 20. The message includes a specific value (RAND: RANDom number) and is transmitted to the network 20.
The network generates a key value required for the ciphering activation procedure from a specific value RAND transmitted from the terminal and transmits a ciphering activation completion message indicating completion of the ciphering activation procedure to the terminal when transmitting data 602.
After transmitting the encryption activation completion message, all data to be transmitted between the terminal and the network is encrypted and transmitted. Here, a point of time when the terminal transmits the encryption request message in data transmission may vary. For example, the encryption request may be made at the time of data transmission between the mobile communication terminal and the network, and the encryption request may be made at the time of no data transmission between the terminal and the network.
When the user no longer requires any data encryption, even in the encrypted data transmission between the terminal and the network shown in fig. 7, the user terminal can transmit an encryption removal request message 701 indicating that the network encryption should be stopped.
The encryption removal request message transmitted from the terminal to the network is preferably included in the data transmitted by the terminal.
When the network receives the encryption removal request message 701 while transmitting data from the terminal, the network transmits an encryption removal completion message 702 corresponding to the encryption removal request message 701 to the mobile communication terminal. As a result, the encryption activation process is removed.
Fig. 8(a) and 8(B) are flowcharts illustrating a procedure including encryption activation implemented in the GSM mobile communication system described above according to the present invention.
While in the wait state or data transfer state 801, the network receives an encryption request message from a GSM type terminal at 802, and determines whether the RAND value is included in the encryption request message transmitted from the terminal at 803.
In the present invention, transmitting an encryption request message from a terminal to a network in data transmission means that a mobile communication terminal has generated a key value (Kc) for encryption activation from a RAND value to prepare for encryption activation. This means that the cryptographic activation can only be achieved if the network is ready for cryptographic activation. Therefore, in the present invention, the data encryption process in data transmission is implemented in the band of the mobile communication terminal.
When it is determined that the RAND value is included in the received ciphering request message at 803, the network calculates a key value required for a ciphering activation procedure using the RAND value at 804 and transmits a ciphering activation completion message to the terminal. When the terminal receives the encryption activation completion message at 805, the encryption activation process 806 is completed at 806. After the encryption activation process is completed at 806, all data is encrypted and transmitted.
When it is determined at 803 that the RAND value is not included in the encryption request message, the network determines 807 whether encryption should be implemented for the transmitted data.
When it is determined at 807 that encryption is not to be performed on the data to be transmitted, the network transmits an encryption unavailable message to the mobile communication terminal at 808, and the process is completed at 809. After encryption is not available at 809, all data continues to be transmitted unencrypted.
When it is determined at 807 that encryption is to be implemented for transmission data, the network generates a RAND value, calculates/stores an SRES value, and then transmits an encryption authentication request message to the mobile communication terminal at 811. At this time, the RAND value is included in the encrypted authentication request message to be transmitted.
The terminal receives the encrypted authentication request message from the network and then transmits an encrypted authentication response message to the network. I.e., the network receives a cryptographic authentication response message from the terminal at 812. Here, the encryption authentication response message includes the SRES value calculated by the mobile communication terminal.
The network compares the SRES value transmitted from the mobile communication terminal with the SRES values stored within the network at 813 to determine if the two values are equal.
When it is determined at 813 that the two values are not equal, then 814 the network transmits an encryption verification not available message to the mobile communication terminal indicating that encryption of the data to be transmitted is no longer required, 815 and the process is complete. After the process is complete at 815, encryption services for the transmitted data are not available.
When the two values are determined to be equal at 815, the network transmits a ciphering authentication available message indicating the possibility of ciphering the data for transmission to the terminal at 816, completing the process at 817. After the process is complete at 817, the service of encrypting the transmission data is available.
As described above, according to the present invention, data can be transmitted more reliably by improving the data encryption process in the GSM type mobile communication system. In addition, since the mobile communication terminal can also determine whether an encryption activation process should be implemented, the user can enjoy data encryption or remove data encryption, thereby enhancing the reliability of data transmission.
The present invention may also be embodied in the form of a computer readable medium storing a computer program implementing one or more of the methods described above. The computer readable medium may be removable or permanent, magnetic or optical, or any other known type of storage medium. Examples include, but are not limited to, floppy or magnetic disks, optical disks, digital tape, hard disk, and digital memory. The program may be implemented in the form of a general purpose processor such as a microprocessor or special purpose processor such as an ASIC or any other known type.
The foregoing embodiments and advantages are merely exemplary and are not to be construed as limiting the present invention. The inventive concept is applicable to other types of devices. The description of the invention is intended to be illustrative, and not to limit the scope of the claims. Variations, modifications, and changes will occur to those skilled in the art. Means-plus-function clauses are intended to cover the structures described herein as performing the recited function and not only structural equivalents but also equivalent structures within the claims.
Claims (17)
1. A method of encrypting call information transmitted between a mobile communication terminal and a network, comprising:
transmitting an encryption request for call information from the terminal to the network when the encryption activation process is not initially performed or the data is not specific data;
transmitting an encrypted authentication request message from a network to a terminal;
transmitting a cryptographic authentication response message from the terminal to the network in response to the cryptographic authentication request message; and
transmitting an encryption activity completion message from the network to the terminal according to the encryption verification response message;
receiving encrypted information from the network or transmitting encrypted information to the network after the encryption request is received.
2. The method of claim 1, further comprising:
transmitting an encryption removal request for call information from the terminal to the network; and
and responding to the encryption removal request message, performing encryption removal and sending an encryption removal completion message to the terminal.
3. The method of claim 1, wherein:
the encryption request message includes a specific value.
4. The method of claim 3, wherein the cryptographic authentication request message includes a RAND value, the RAND value being a random number.
5. The method of claim 4, wherein the key value required for the cryptographic activation process is calculated from the specific value, the calculation being performed by the network.
6. The method of claim 5, wherein the step of calculating a key value required for the encryption activation process according to a specific value comprises:
determining whether the RAND value is included in an encryption request message received by the network;
generating a key value (Kc) required for encryption using the RAND value if the RAND value is included in the encryption request message, and transmitting an encryption activation completion message for the call information to the terminal;
generating a RAND value if the RAND value is not included in the encryption request message, calculating/storing an SRES value, and transmitting an encryption authentication request message to the terminal according to whether encryption activation should be performed or not;
transmitting an encrypted authentication response message including the SRES value from the terminal to the network in response to the encrypted authentication request message transmitted from the network;
comparing the SRES value transmitted from the terminal with SRES values stored in the network; and
whether encryption of the call information is available is determined according to whether the two SRES values are equal.
7. The method of claim 6, further comprising:
if the received encryption request message does not include the RAND value and encryption activation should not be performed, an encryption verification unavailable message for call information is transmitted from the network to the terminal.
8. A method according to claim 1 or 2, characterized in that the request message is transmitted by the terminal during the transmission of call information between the terminal and the network.
9. A method according to claim 1 or 2, wherein the request message is transmitted by the terminal during a period in which call information is not being transmitted between the terminal and the network.
10. The method of claim 1, wherein the call information comprises voice information.
11. The method of claim 1, wherein the call information includes data.
12. A communication terminal, comprising:
a processor and transceiver configured to perform the following acts:
generating, by the processor, an encryption request for call information when an encryption activation process is not initially performed or data is not specific data;
transmitting, by the transceiver, an encrypted request for call information to a mobile network;
receiving, by the transceiver, a cryptographic authentication request message from a mobile network;
generating, by the processor and transmitting, by the transceiver, a cryptographic validation response message to the mobile network in response to the cryptographic validation request message;
receiving, by the transceiver from the mobile network, a cryptographic activity completion message sent by the mobile network in accordance with the cryptographic validation response message;
after the encryption request is received, encrypted information is received by the transceiver from the mobile network or transmitted by the transceiver to the mobile network.
13. The terminal of claim 12, wherein the processor generates an encrypted request for the call information in response to user input.
14. The communication terminal of claim 12, wherein:
the processor is further configured to generate an encryption removal request;
the transceiver is also configured to transmit the encryption de-encryption request to a mobile network.
15. The communication terminal of claim 12, wherein the call information includes at least one of voice information, data, SMS information, SS information, and PDP context activation information.
16. A mobile communications network controller comprising:
a transceiver and processor configured to perform the following acts:
receiving, by the processor, an encryption request for call information from the mobile terminal when an encryption activation process is not initially performed or data is not specific data;
generating, by the processor, an encrypted authentication request message and transmitting, by the transceiver, the encrypted authentication request message to the mobile terminal;
receiving, by the transceiver, from the mobile terminal, an encrypted authentication response message transmitted by the mobile terminal in response to the encrypted authentication request message;
generating an encrypted activity completion message by the processor according to the encrypted authentication response message, and transmitting the encrypted activity completion message to the mobile terminal by the transceiver;
after the encryption request is received, encryption information is sent to the mobile terminal by the transceiver or an encryption message is received from the mobile terminal by the transceiver.
17. The communications network controller of claim 16, wherein:
the transceiver is further configured to receive an encryption removal request from the mobile terminal; and
the processor is also configured to suspend encryption of call information to be transmitted to the terminal.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR10-2002-0072008 | 2002-11-19 | ||
| KR1020020072008A KR100554799B1 (en) | 2002-11-19 | 2002-11-19 | Transmission data encryption and decryption method of SMS mobile communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1066940A1 HK1066940A1 (en) | 2005-04-01 |
| HK1066940B true HK1066940B (en) | 2010-10-22 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8804961B2 (en) | Method and system for mobile terminals handing over between clear session and encrypted session communications | |
| JP5597676B2 (en) | Key material exchange | |
| CN201286113Y (en) | Wireless emission/receiving unit | |
| JP4689830B2 (en) | Application registration method, apparatus, wireless apparatus and home system for wireless system | |
| KR100451557B1 (en) | Secure session set up based on the Wireless Application Protocol | |
| JP3667576B2 (en) | Method and mobile device for establishing a communication channel | |
| US8595807B2 (en) | Method, system, and device for implementing device addition in Wi-Fi device to device network | |
| CN101895877B (en) | Method, device and system for key agreement | |
| WO2005027559A1 (en) | Fast authentication method and apparatus for inter-domain handover | |
| JPH06195024A (en) | Communication channel opening method and customer device | |
| JPH06188828A (en) | Mobile station authentication method | |
| JP2002232418A (en) | System and method for converting key | |
| JP4536934B2 (en) | Authentication method for cellular communication system | |
| CN100441023C (en) | Method for authenticating mobile station, communication system and mobile station | |
| CN101442742A (en) | Method, system and equipment for implementing end-to-end encipher of mobile cluster set call | |
| CN109391942A (en) | Method for triggering network authentication and related equipment | |
| WO2012024906A1 (en) | Mobile communication system and voice call encryption method thereof | |
| CN100589330C (en) | Method for encrypting and de-encrypting data and/or voice calls transmitted over a mobile communication system | |
| CN102420642A (en) | Bluetooth device and communication method thereof | |
| CN100525156C (en) | Method of selecting safety communication algorithm | |
| JP2002152190A (en) | Method for distributing cipher key through overlay data network | |
| CN100375410C (en) | Position information transmission method | |
| CN101120522A (en) | TLS session management method in SUPL-based positioning system | |
| HK1066940B (en) | Method of ciphering data and/or voice call to be transferred in mobile communication system and method of deactivating the ciphering | |
| JP2005051368A (en) | COMMUNICATION DEVICE, BASE STATION DEVICE, AND COMMUNICATION SYSTEM |