[go: up one dir, main page]

WO2012024905A1 - Procédé, terminal et ggsn de chiffrement et de déchiffrement de données dans un réseau de communication mobile - Google Patents

Procédé, terminal et ggsn de chiffrement et de déchiffrement de données dans un réseau de communication mobile Download PDF

Info

Publication number
WO2012024905A1
WO2012024905A1 PCT/CN2011/070337 CN2011070337W WO2012024905A1 WO 2012024905 A1 WO2012024905 A1 WO 2012024905A1 CN 2011070337 W CN2011070337 W CN 2011070337W WO 2012024905 A1 WO2012024905 A1 WO 2012024905A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
packet data
module
terminal
ggsn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2011/070337
Other languages
English (en)
Chinese (zh)
Inventor
张蓬勃
曹耀斌
薛宝林
薛涛
于松
邓方民
孙君生
杨玉林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2012024905A1 publication Critical patent/WO2012024905A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a data encryption and decryption method, a terminal, and a gateway general packet radio service support node in a mobile communication network.
  • Data services are the focus of the development of the third generation mobile communication technology, and are most concerned by users and operators. Many traditional services (such as voice calls) have also been implemented through packet interaction (voice over IP, VOIP). )), so the confidentiality and security of data services are also receiving increasing attention.
  • the mobile network itself has its own communication encryption method, in the 3rd Generation Partnership Project (3GPP) (including the Universal Mobile Telecommunications System (UMTS) and the Global System for Mobile (Global System for Mobile) Communications, GSM)), the user's Subscriber Identity Module (SIM) card and the home location register/authentication center (HLR/AuC) of the home network, general representation, representation
  • 3GPP 3rd Generation Partnership Project
  • UMTS Universal Mobile Telecommunications System
  • GSM Global System for Mobile Communications
  • SIM Subscriber Identity Module
  • HLR/AuC home location register/authentication center
  • the HLR integrated with the AUC shares a security key Ki (128bit). Based on the security key Ki, the core network and the user can perform two-way authentication
  • FIG. 1 is a schematic diagram of a packet data network.
  • Mobile terminals A and B respectively support a Serving GPRS Support Node (SGSN) through a respective Radio Network System (RNS) and a General Packet Radio Service (GPRS) support node.
  • RNS Radio Network System
  • GPRS General Packet Radio Service
  • GGSN Gateway GPRS Support Node
  • monitoring is usually performed in the SGSN and GGSN.
  • related patents or schemes are end-to-end encryption. Such encryption parameters cannot be dynamically changed and are easily cracked. The way data is output between users who support encryption and those who do not support encryption is difficult to coordinate.
  • the technical problem to be solved by the present invention is to provide a data encryption and decryption method in a mobile communication network, a terminal and a gateway general packet radio service support node, to ensure that user information is not transmitted through plaintext, to prevent user information from being illegally monitored, and to improve data transmission. Security and confidentiality.
  • the present invention provides a data encryption and decryption method in a mobile communication network, the method comprising: before the packet data transmission, the sender sends the original packet data message to the encryption module, and the encryption module uses the encryption key
  • the key (CK) encrypts the original packet data packet, encapsulates the encrypted packet data packet, and sends the encrypted packet data packet to the receiving end; and after receiving the encrypted packet data packet, the receiving end sends the encrypted packet data packet to the decryption module.
  • the decryption module decrypts the packet data message using the same CK as the CK used by the sender to encrypt the packet data message, and transmits the decrypted packet data message to the next destination.
  • the method further includes: determining whether the encrypted identifier is received when the packet data channel is established, and if received, sending the original packet data packet to the encryption module. Encrypt.
  • the transmitting end is a terminal, and the receiving end is a gateway general packet radio service supporting node.
  • GGSN the transmitting end is a GGSN
  • the receiving end is a terminal.
  • the sending end is a terminal, and when the receiving end is a GGSN, the sending end sends the original packet data packet to the encryption module, and the encryption module encrypts the original packet data packet, and the encrypted packet data packet is protocolized.
  • the step of transmitting to the receiving end after the encapsulation comprises: the terminal encrypting the packet data by using the CK by the ciphering module in the terminal, and the terminal encrypting the encrypted packet data>3 ⁇ 4 text before sending the packet data message. Encapsulated and sent to the network;
  • the receiving end sends the encrypted packet data packet to the decryption module, and the decryption module decrypts the packet data packet, and the step of sending the decrypted packet data packet to the next destination includes:
  • the decryption module in the GGSN sends the decrypted packet data packet to the destination address of the packet by using the GGSN.
  • the sending end is a GGSN, and when the receiving end is a terminal, the sending end sends the original packet data packet to the encryption module, and the encryption module encrypts the original packet data packet, and performs the protocol on the encrypted packet data packet.
  • the GGSN After being encapsulated and sent to the receiving end, the GGSN encrypts the packet data packet by using the CK after the GGSN receives the packet data packet sent to the terminal, and the GGSN encrypts the packet data packet.
  • the message is encapsulated and sent, and sent to the terminal through the network; the receiving end sends the encrypted packet data message to the decryption module, and the decryption module decrypts the packet data message, and sends the decrypted packet data message to the next message.
  • the step of the destination includes: after the terminal receives the encrypted packet data message, the decryption module in the terminal uses the same CK as the CK used by the GGSN encrypted packet data message to process the packet data packet. Decryption is performed to obtain the decrypted packet data message.
  • the step of decrypting the packet data packet by the decryption module in the GGSN using the same CK as the terminal includes: after receiving the packet data packet sent by the terminal, the GGSN, the CK of the terminal and the packet The data message is sent to the decryption module, and the decryption module uses the CK to decrypt the packet data message; when the data transmission link is established, the GGSN is from the home location memory/authentication center (HLR/AUC) Obtaining the CK of the terminal.
  • HLR/AUC home location memory/authentication center
  • the step of encrypting the packet data packet by using the CK by the cryptographic module in the GGSN includes: after receiving the packet data packet sent to the terminal, the GGSN sends the CK of the terminal and the packet data packet to An encryption module, configured by the cryptographic module to encrypt the packet data by using the CK; the GGSN obtains from a home location memory/authentication center (HLR/AUC) when the data transmission link is established
  • HLR/AUC home location memory/authentication center
  • the present invention further provides a terminal in a mobile communication network, where the terminal includes an encryption module, a sending module, a receiving module, and a decryption module, where: the encryption module is configured to: use an encryption key (CK Encrypting the packet data message;
  • the sending module is configured to: perform protocol encapsulation on the encrypted packet data packet, and then send the packet to the network side; the receiving module is configured to: receive the encrypted packet data packet sent by the network side; the decryption module is configured to: The packet data message is decrypted using the same CK as the CK used by the network side to encrypt the packet data message, and the decrypted packet data message is obtained.
  • the terminal further includes a determining module, where the determining module is configured to: determine whether an encrypted identifier is present before sending the packet data packet, if yes, trigger an encryption module, if the sending module is not triggered; and receive the packet datagram After the text, if it is determined that there is an encrypted identifier, the decryption module is triggered.
  • the present invention further provides a gateway general packet radio service support node (GGSN), where the GGSN includes a receiving module, a decryption module, an encryption module, and a sending module, where: the receiving module is configured to: receive An encrypted packet data message sent by the terminal, and a packet data message for receiving the transmission to the terminal; the decryption module is configured to: use the same encryption key (CK) as the terminal uses to encrypt the packet data message The CK decrypts the received encrypted packet data packet; the sending module is configured to: send the decrypted packet data packet to a destination address of the packet, and perform the encrypted packet data packet After the protocol is encapsulated, the packet is sent to the terminal through the network.
  • CK encryption key
  • the encryption module is configured to: use the CK to perform the strength of the received packet data packet sent to the terminal.
  • the GGSN further includes: a key acquisition module configured to: when the data transmission link is established, the CK of the terminal obtained from a home location storage/authentication center (HLR/AUC); and: After receiving the packet data file sent by the terminal, the obtained CK of the terminal and the packet data packet are sent to the decryption module, and the decryption module uses the CK to decrypt the packet data packet; After receiving the packet data packet sent to the terminal, the obtained CK and the packet data packet of the terminal are sent to the encryption module, and the cryptographic module uses the CK to perform the packet data packet. encryption.
  • HLR/AUC home location storage/authentication center
  • the GGSN further includes a determining module, where the determining module is configured to: determine whether an encrypted identifier is present before sending the packet data packet, if yes, trigger an encryption module, if the sending module is not triggered; and receive the packet datagram After the text, if it is determined that there is an encrypted identifier, the decryption module is triggered.
  • the invention provides a hardware encryption and decryption module in the mobile terminal and the GGSN respectively, and the hardware encryption and decryption module encrypts and decrypts the uplink and downlink packet data by using an encryption key (Cipher Key, CK), so that the user information is not transmitted through the plaintext.
  • an encryption key Cipher Key, CK
  • the encrypted data cannot be monitored on the network side, and it is encrypted in the wireless environment, which is equivalent to double encryption, which is more confidential and secure. Even if the eavesdropper obtains the security key Ki of the eavesdropper, it cannot perform eavesdropping in the wireless transmission environment, thereby improving the security and confidentiality of data transmission.
  • the present invention is applicable to organizations and individuals who attach great importance to security and confidentiality to government sensitive departments, intelligence agencies, and the like.
  • FIG. 1 is a schematic diagram of a packet data network
  • FIG. 2 is a schematic diagram of an encrypted packet network and data transmission
  • FIG. 3 is a schematic diagram of a specific structure of a terminal and a GGSN.
  • the inventive concept of the present invention is: Before the packet data transmission, the sending end (the user terminal or the GGSN) sends the original packet data message to the encryption module, and the encryption module encrypts the original packet data message by using the encryption key (CK) as the encryption operation factor. After the encrypted packet data packet is encapsulated by the protocol, the packet is encapsulated and sent to the receiving end.
  • the transmitting end is the user terminal
  • the receiving end is the GGSN.
  • the sending end is the GGSN
  • the receiving end is the user.
  • the terminal After receiving the encrypted packet data message, the terminal sends the encrypted packet data message to the decryption module, and the decryption module decrypts the packet data message by using the same CK as the sender encryption module, and then sends the decrypted packet data message to the decryption module.
  • the decryption module decrypts the packet data message by using the same CK as the sender encryption module, and then sends the decrypted packet data message to the decryption module.
  • the terminal encrypts the packet data packet by using an encryption key (CK) through the encryption module in the terminal before transmitting the packet data file, and the terminal encapsulates the encrypted packet data packet by protocol encapsulation.
  • the decryption module in the GGSN decrypts the packet data packet by using the same CK as the terminal, and the GGSN decrypts the packet data packet.
  • the text is sent to the destination address of the message.
  • the decrypting module in the GGSN decrypts the packet data packet by using the same CK as the terminal, and the GGSN receives the packet data sent by the terminal.
  • the CK of the terminal and the packet data message are sent to the decryption module, and the decryption module uses the CK to decrypt the packet data message.
  • the CK of the terminal in the GGSN is obtained from the Home Location Memory/Authentication Center (HLR/AUC) when the data transmission link is established.
  • HLR/AUC Home Location Memory/Authentication Center
  • the GGSN For the downlink packet data, after receiving the packet data message sent to the terminal, the GGSN encrypts the packet data packet by using the CK, and the GGSN encapsulates the encrypted packet data packet after protocol encapsulation. Sending, sending to the terminal through the network; after receiving the encrypted packet data message, the decryption module in the terminal decrypts the packet data message by using the same CK as the GGSN, and obtains the decrypted packet. Data message. After the GGSN receives the packet data message sent to the terminal, the encryption module in the GGSN encrypts the packet data packet by using the CK, and the GGSN receives the GGSN.
  • the CK of the terminal and the packet data packet are sent to the encryption module, and the cryptographic module encrypts the packet data packet by using the CK.
  • the implementation of this paper has nothing to do with the encryption of the mobile network itself. It directly encrypts and decrypts the original data that needs to be transmitted. After the data is encrypted, it is transmitted in the network to ensure the confidentiality and security of the data.
  • the hardware encryption and decryption module uses CK as an encryption factor to encrypt and decrypt packet data.
  • the Ki is shared by the network (such as the network unit HLR/AUC) and stored in the terminal (such as the Universal Subscriber Identity Module (USIM) card) and the HLR/AUC. It is not transmitted on the network and is difficult to steal.
  • RAND is a random sequence that changes every connection establishment and has a strong randomness. Therefore, in this scheme, the encryption factor is different each time and is only valid in this session, so it is also called real-time encryption. This makes the CK more difficult to crack in the wireless transmission environment, thus ensuring the privacy of data transmission.
  • both parties using the data service do not need to know the CK of the other party.
  • the network side is responsible for transmitting RAND to the terminal at each authentication, and the terminal can generate CK according to the algorithm itself; for the GGSN, the GGSN can obtain the CK calculated by the HLR/AUC from the HLR/AUC. No additional losses will be added.
  • the above hardware encryption module and decryption module may be provided by a third party, embedded in the terminal and the network device, and are responsible for encrypting and decrypting the packet data. This makes it impossible for network equipment vendors, terminal equipment vendors, and operators to eavesdrop on encrypted packet data.
  • the packet data is based on IP transmission. In this application, the original data is encrypted, and the ciphertext is used as the original data of the IP packet, and is encapsulated by the IP related protocol, which does not affect the processing and routing of the packet data by the gateway.
  • the system for implementing the foregoing method mainly includes a terminal and a GGSN, where: the terminal includes an encryption module, a sending module, a receiving module, and a decryption module, where: the encryption module is configured to: use a CK pair The packet data packet is encrypted; the sending module is configured to: after the encrypted packet data packet is encapsulated by the protocol and sent to The receiving side is configured to: receive the encrypted packet data message sent by the network side; the decrypting module is configured to: use the same CK pair as the CK used to encrypt the packet data message on the network side The packet data packet is decrypted to obtain the decrypted packet data packet.
  • the terminal includes an encryption module, a sending module, a receiving module, and a decryption module, where: the encryption module is configured to: use a CK pair The packet data packet is encrypted; the sending module is configured to: after the encrypted packet data packet is encapsulated by the protocol and sent to The receiving side is configured to: receive the encrypted packet data
  • the GGSN includes a receiving module, a decrypting module, an encryption module, and a sending module, where: the receiving module is configured to: receive an encrypted packet data message sent by the terminal, and receive a packet data message sent to the terminal; The module is configured to: decrypt the received encrypted packet data message by using the same CK as the CK used by the terminal to encrypt the packet data message; the sending module is configured to: the decrypted packet data message Sending to the destination address of the packet, and performing packet encapsulation on the encrypted packet data packet to be sent to the terminal through the network; the encryption module is configured to: use the CK to send the received packet data packet to the terminal The text is hard-working.
  • the encryption module and the decryption module in the terminal may be configured as an encryption and decryption module.
  • the encryption module and the decryption module in the GGSN may be combined.
  • the sending module and the receiving module can also be collectively configured as a transceiver module. How to set the terminal is independent of how the GGSN is set. How to set it in the GGSN is also independent of how it is set in the terminal.
  • the operation rules of the GGSN and the encryption and decryption module in the terminal are the same, and the specific encryption and decryption algorithm is not limited by the present invention.
  • the GGSN is further configured to: when the data transmission link is established, the CK of the terminal obtained from the HLR/AUC; and, after receiving the packet data message sent by the terminal, the acquired The CK of the terminal and the packet data message are sent to the decryption module, and the decryption module decrypts the packet data message by using the CK; and after receiving the packet data message sent to the terminal, The obtained CK of the terminal and the packet data packet are sent to the encryption module, and the cryptographic module encrypts the packet data packet by using the CK.
  • the terminal further includes a determining module, where the determining module is configured to: determine whether an encrypted identifier is present before sending the packet data packet, if yes, trigger an encryption module, if not, trigger the sending module; and receive After the data packet is packetized, if it is determined that there is an encrypted identifier, it is triggered.
  • Decryption module Preferably, the GGSN further includes a determining module, the determining module is configured to: determine whether an encrypted identifier is present before sending the packet data packet, if yes, trigger an encryption module, if the sending module is not triggered; and receive the packet After the data message, if it is determined that there is an encrypted identifier, the decryption module is triggered.
  • GGSN is the gateway node of the third generation mobile communication packet domain network, which is the demarcation point between the mobile network and the public PDN.
  • the user data is transmitted in the external PDN, the user's IP address is dynamically allocated, and it is difficult to obtain.
  • User information, and user identification information (such as international mobile user ID)
  • the hardware encryption module in the terminal and the GGSN has a slightly different function, and the operation rules are identical.
  • Part I Encryption Judgment and Encryption Key (CK)
  • Encryption ID Before processing the data, the mobile terminal and the GGSN need to know whether user data needs to be processed. encrypt and decode.
  • the transmission-related parameter information such as the IP configuration information and the domain name system (DNS) configuration information
  • the terminal increases the parameter by adding Encrypt the identifier to inform the GGSN whether it needs to perform encryption and decryption operations.
  • the terminal and the GGSN determine whether the encrypted identifier is present. If yes, the encryption module is triggered to perform encryption. If not, the packet data is encapsulated and sent according to a normal procedure.
  • CK acquisition In the terminal: According to the 3GPP protocol, before establishing the packet data transmission channel, first establish a signaling connection, and the user needs to be authenticated during the establishment of the signaling connection. In the authentication process, the network side sends RAND. To the terminal, the terminal generates the current valid CK through the A3 algorithm according to the obtained RAND, combined with its own Ki, and transmits the CK to the terminal hardware encryption and decryption module.
  • the GGSN does not participate in the establishment of the signaling link. Therefore, the CK value cannot be obtained according to the existing procedure in the GGSN, so an additional signaling procedure needs to be added to implement.
  • the interface (Gc) port between the existing GGSN and the HLR/AUC when the data transmission link is established, it is judged that if the data needs to be encrypted and decrypted, the CK is obtained from the HLR/Auc and stored in the GGSN.
  • the corresponding user terminal needs to transmit data, it sends it to the hardware encryption and decryption module.
  • the terminal After receiving the packet data packet from the network, the terminal transmits the packet data packet to the hardware encryption and decryption module for decryption, and the hardware encryption and decryption module uses CK to decrypt the packet data packet, and the terminal transmits the decrypted plaintext data packet to the corresponding Application module.
  • Part III Encryption and decryption processing in GGSN
  • the GGSN After receiving the packet data packet from the terminal, the GGSN first decrypts the packet data packet and sends the packet data packet to the external PDN in plaintext. After receiving the packet data packet from the external PDN or other GGSN, the GGSN encrypts the packet. The text form is sent to the terminal. Encryption:
  • the GGSN After receiving the packet data packet from the external PDN or other GGSN, the GGSN obtains the user information according to the destination address, determines whether the current user data needs to be encrypted, and needs to encrypt the current user's CK, together with the original packet data packet. Passed to the hardware encryption and decryption module, the hardware encryption and decryption module uses the received CK to encrypt the packet data message to generate the ciphertext. The GGSN encapsulates the ciphertext according to the protocol specified by the 3GPP (and the GPRS Tunneling Protocol (GTP) between the SGSN) and then transmits the ciphertext.
  • GTP GPRS Tunneling Protocol
  • the GGSN obtains the user identifier according to the data received from the terminal (according to the 3GPP protocol, the GTP is used for data transmission between the SGSN and the GGSN, and the user identification information can be obtained according to the GTP identifier), according to the obtained user identifier, from the saved CK.
  • the CK of the UE is detected, and the packet data message is sent to the hardware encryption and decryption module together with the CK for decryption. After decryption, the packet data packet in the plaintext form is obtained, and the packet is sent according to the destination address specified in the packet.
  • the encrypted data cannot be monitored on the network side, and it is encrypted in the wireless environment, which is equivalent to double encryption, which is more confidential and secure. Even if the eavesdropper obtains the security key Ki of the eavesdropper, it cannot perform eavesdropping in the wireless transmission environment, thereby improving the security and confidentiality of data transmission.
  • the present invention is applicable to organizations and individuals who attach great importance to security and confidentiality to government sensitive departments, intelligence agencies, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé de chiffrement et de déchiffrement des données dans un réseau de communication mobile, qui consiste en ce qui suit : avant de transmettre des données par paquets, un expéditeur envoie un message de données par paquets d'origine à un module de chiffrement (1), et le module de chiffrement (1) chiffre le rapport de données par paquets d'origine à l'aide d'une clé de chiffrement (CK), et l'expéditeur l'envoie à un destinataire après avoir effectué l'encapsulation de protocole du rapport de données par paquets chiffré ; après avoir reçu le rapport de données par paquets chiffré, le destinataire l'envoie à un module de déchiffrement (4), et le module de déchiffrement (4) déchiffre le rapport de données par paquets à l'aide de la CK qui est la même que la CK utilisée pour chiffrer le rapport de paquets de l'expéditeur, et envoie le rapport de données par paquets déchiffré à la cible suivante. Un terminal et un nœud de service GPRS de transit (GGSN) dans le réseau de communication mobile sont également décrits. La présente invention permet ainsi de s'assurer que la transmission d'informations utilisateur en texte en clair est empêchée.
PCT/CN2011/070337 2010-08-25 2011-01-17 Procédé, terminal et ggsn de chiffrement et de déchiffrement de données dans un réseau de communication mobile Ceased WO2012024905A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2010102652976A CN101917712A (zh) 2010-08-25 2010-08-25 一种移动通讯网中数据加解密方法和系统
CN201010265297.6 2010-08-25

Publications (1)

Publication Number Publication Date
WO2012024905A1 true WO2012024905A1 (fr) 2012-03-01

Family

ID=43325073

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/070337 Ceased WO2012024905A1 (fr) 2010-08-25 2011-01-17 Procédé, terminal et ggsn de chiffrement et de déchiffrement de données dans un réseau de communication mobile

Country Status (2)

Country Link
CN (1) CN101917712A (fr)
WO (1) WO2012024905A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079023A (zh) * 2014-10-29 2017-08-18 高通股份有限公司 用于下一代蜂窝网络的用户面安全

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917712A (zh) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 一种移动通讯网中数据加解密方法和系统
CN102256246A (zh) * 2011-07-05 2011-11-23 上海市安全生产科学研究所 移动通信的数据传输加密方法
AU2013230989B2 (en) * 2012-03-07 2015-12-03 Google Technology Holdings LLC Policy for secure packet transmission using required node paths and cryptographic signatures
CN103888411A (zh) * 2012-12-19 2014-06-25 杭州智为科技有限公司 一种报文处理装置
CN104270242B (zh) * 2014-09-27 2017-12-19 杭州电子科技大学 一种用于网络数据加密传输的加解密装置
CN113872975B (zh) * 2021-09-29 2023-08-18 中国人民解放军火箭军工程大学 一种信息加密传输装置及方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1784899A (zh) * 2003-05-13 2006-06-07 三星电子株式会社 在移动通信系统中广播服务的安全方法
CN101483865A (zh) * 2009-01-19 2009-07-15 中兴通讯股份有限公司 一种密钥更替方法、系统及设备
CN101917712A (zh) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 一种移动通讯网中数据加解密方法和系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101075865B (zh) * 2006-05-16 2011-02-02 华为技术有限公司 一种用户面加密的启动方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1784899A (zh) * 2003-05-13 2006-06-07 三星电子株式会社 在移动通信系统中广播服务的安全方法
CN101483865A (zh) * 2009-01-19 2009-07-15 中兴通讯股份有限公司 一种密钥更替方法、系统及设备
CN101917712A (zh) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 一种移动通讯网中数据加解密方法和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079023A (zh) * 2014-10-29 2017-08-18 高通股份有限公司 用于下一代蜂窝网络的用户面安全
CN107079023B (zh) * 2014-10-29 2020-10-09 高通股份有限公司 用于下一代蜂窝网络的用户面安全

Also Published As

Publication number Publication date
CN101917712A (zh) 2010-12-15

Similar Documents

Publication Publication Date Title
US10694376B2 (en) Network authentication method, network device, terminal device, and storage medium
KR101507482B1 (ko) Lte 모바일 유닛에서의 비접속 계층(nas) 보안을 가능하게 하는 방법 및 장치
JP3742772B2 (ja) 通信システムにおける完全性のチェック
US10455414B2 (en) User-plane security for next generation cellular networks
CN106936570B (zh) 一种密钥配置方法及密钥管理中心、网元
EP2033479B1 (fr) Procédé et appareil pour la protection de sécurité de l'identité d'un utilisateur d'origine dans un message de signalisation initial
US20060059344A1 (en) Service authentication
KR20100092989A (ko) 네트워크에서의 패킷 처리 방법
JP2011139457A (ja) 無線通信装置とサーバとの間でデータを安全にトランザクション処理する方法及びシステム
WO2011041962A1 (fr) Procédé et système de négociation de clé de session de bout en bout prenant en charge les interceptions légales
WO2012024906A1 (fr) Système de communication mobile et procédé de chiffrement d'appels vocaux associé
WO2020248624A1 (fr) Procédé de communication, dispositif de réseau, équipement utilisateur et dispositif de réseau d'accès
WO2012024903A1 (fr) Procédé de chiffrement d'appels vocaux dans un réseau de communication mobile, et système, terminal et côté réseau qui lui sont associés
WO2012024905A1 (fr) Procédé, terminal et ggsn de chiffrement et de déchiffrement de données dans un réseau de communication mobile
WO2011111842A1 (fr) Procédé de communication confidentielle à l'aide d'un vpn, système et programme pour celui-ci, et support de mémoire pour programme correspondant
CN105577365A (zh) 一种用户接入wlan的密钥协商方法及装置
WO2017197596A1 (fr) Procédé de communication, dispositif de réseau et équipement utilisateur
CA3190801A1 (fr) Procede de gestion de cles et appareil de communication
Leu et al. Improving security level of LTE authentication and key agreement procedure
CN106465117B (zh) 一种终端接入通信网络的方法、装置及通信系统
WO2018222133A2 (fr) Procédé, appareil, et système de protection de données
JP4847951B2 (ja) シグナリングメッセージのプロトコル拡張
CN101088246A (zh) 用于传送消息的系统、终端、方法、和软件
Hassan et al. Comprehensive Analysis of UMTS Authentication and Key Agreement
Page Report Highlights

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11819280

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11819280

Country of ref document: EP

Kind code of ref document: A1