CN100561917C - Select the method for cryptographic algorithm in a kind of wireless communication system - Google Patents
Select the method for cryptographic algorithm in a kind of wireless communication system Download PDFInfo
- Publication number
- CN100561917C CN100561917C CNB2004100463438A CN200410046343A CN100561917C CN 100561917 C CN100561917 C CN 100561917C CN B2004100463438 A CNB2004100463438 A CN B2004100463438A CN 200410046343 A CN200410046343 A CN 200410046343A CN 100561917 C CN100561917 C CN 100561917C
- Authority
- CN
- China
- Prior art keywords
- access network
- cryptographic algorithm
- algorithm
- terminal
- core net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention discloses the method for selecting cryptographic algorithm in a kind of wireless communication system, may further comprise the steps: be earlier each cryptographic algorithm configuration preference level information of Access Network institute permission to use; Access Network is preserved after receiving the algorithm set information of the permission to use separately that terminal and core net are sent; After Access Network is initiated ciphering process, from by terminal, core net and Access Network the algorithm set of common permission to use, the highest cryptographic algorithm of selected priority is carried out this locality configuration, and notifies terminal and core net to be configured according to this selected cryptographic algorithm; After unified activationary time arrived, terminal, Access Network began to carry out coded communication according to selected cryptographic algorithm simultaneously.The priority issues that the inventive method has occurred when well having solved Standard Encryption algorithm and the coexistence of non-standard cryptographic algorithm, and the selection problem of the cryptographic algorithm of multiple common permission to use do not influence existing standard system structure, have good versatility.
Description
Technical field
The present invention relates to radio communication and encrypt, relate in particular to the method for selecting cryptographic algorithm when carrying out coded communication in the wireless communication system.
Background technology
In the wireless communication system,, except being subjected to the cable network security threat, be subjected to fake user, abuse resource and the threat of being communicated by letter especially easily by the eavesdropping Radio Link owing to rely on open transmission medium.Thereby wireless communication system must provide and improve reliable encryption safe mechanism, needs between terminal and core net, the Access Network to adopt certain cryptographic algorithm, communicates with cipher mode, to guarantee information security.Like this, transmit leg uses cryptographic algorithm that initial data is encrypted, and with mode transmitting subscriber information and signaling information on Radio Link of ciphertext, the recipient receives ciphertext, through identical process, recovers expressly.
The selection of cryptographic algorithm is to realize by the mechanism of the encrypted negotiation between terminal, core net and the Access Network.For the algorithm set of terminal permission to use, the algorithm set of core net permission to use and the algorithm set of Access Network permission to use, use following rule:
1) if three set exist non-NULL to occur simultaneously, terminal and core net, Access Network have the cryptographic algorithm of common permission to use so, then select one of them to encrypt arbitrarily by Access Network.
2) if three intersection of sets collection are empty, terminal and core net, Access Network do not have the cryptographic algorithm of common permission to use so, but core net allows to use the mode of not encrypting, and then access network selection is not encrypted and gone on.
3) if three intersection of sets collection are empty, terminal and core net, Access Network do not have the cryptographic algorithm of common permission to use so, and core net must be used the mode of encryption, then Access Network refusal connection this time.
The specific implementation process that the cryptographic algorithm selection is consulted may further comprise the steps as shown in Figure 1:
1) behind the accessing terminal to network, with the algorithm set information of terminal institute permission to use, carry to Access Network by signaling A, Access Network is preserved after receiving this information;
2) core net is initiated ciphering process to Access Network, carries the algorithm set information of core net institute permission to use among the associated encryption signaling B, and Access Network is preserved after receiving this information;
3) after Access Network is initiated ciphering process, according to the algorithm set information of Access Network permission to use, and the terminal of preserving, the algorithm set information of core net permission to use, select the cryptographic algorithm of the common permission to use of a kind of quilt, and dispose in this locality;
4) Access Network is initiated ciphering process by signaling C notice terminal, has carried the cryptographic algorithm that final selection is determined in the signaling;
5) after terminal receives signaling C, carry out this locality configuration according to the cryptographic algorithm of appointment in the signaling.Subsequently, send the signaling D of success response to Access Network;
6) same, Access Network is after receiving signaling D, and with the signaling E answer core net of success response, core net is carried out this locality configuration according to the cryptographic algorithm of appointment among the signaling E of success response;
7) after this, after unified activationary time arrived, terminal, Access Network began to carry out coded communication according to the cryptographic algorithm of appointment simultaneously.
As can be seen, the selection of above-mentioned cryptographic algorithm selects a kind of cryptographic algorithm to obtain in by the algorithm set of terminal and core net, the common permission to use of Access Network arbitrarily.
At present, the cryptographic algorithm of normalized definition all is a standard.But because the particularity of coded communication, a lot of countries are specially controlled for commercial cipher technology, product, and own exclusive off-gauge cryptographic algorithm is arranged.Like this, just caused the situation of Standard Encryption algorithm and non-standard cryptographic algorithm coexistence.In these countries, when the real network operation is used, in by the algorithm set of terminal and core net, the common permission to use of Access Network, existing Standard Encryption algorithm has again under the situation of non-standard algorithm, just requires the preferential own exclusive non-standard cryptographic algorithm of selecting.And there is not specific (special) requirements in other countries for encrypting utilization, when the real network operation is used, even terminal, in the algorithm set of all common permission to use of Access Network and core net, existing Standard Encryption algorithm and non-standard cryptographic algorithm, but still tend to preferential choice criteria cryptographic algorithm.From the angle of terminal, when it was roamed in the country of encrypting special control, what current reality was used was the exclusive non-standard cryptographic algorithm of this national requirements; When this terminal not for encrypting utilization when the country roaming of specific (special) requirements is arranged, it is current that actual what use is the Standard Encryption algorithm.
Situation by above introduction as can be seen; during actual the operation; need be according to different application scenarioss; from the algorithm set of common permission to use; the non-standard cryptographic algorithm of preferential use; perhaps preferentially use the Standard Encryption algorithm,, guarantee interconnection and interflow property again simultaneously to reach the optimum of user benefit and network performance.The method of a kind of cryptographic algorithm of existing any selection can not satisfy the demand.
On the other hand, had under the multiple situation by the cryptographic algorithm of terminal and core net, the common permission to use of Access Network, because each cryptographic algorithm is for the expense and the load of terminal and network, and to use later overall performance performance all be different.Optional a kind of cryptographic algorithm may not be best a kind of to systematic function in alternative cryptographic algorithm.
Summary of the invention
The technical problem to be solved in the present invention provides in a kind of wireless communication system the method for selecting cryptographic algorithm, can select optimum a kind of coded communication of carrying out as required from multiple alternative cryptographic algorithm.
In order to solve the problems of the technologies described above, the invention provides the method for selecting cryptographic algorithm in a kind of wireless communication system, may further comprise the steps:
(a), for each cryptographic algorithm of Access Network institute permission to use corresponding priorities information is set in advance in the Access Network side;
(b) terminal and core net will be separately the algorithm set information of permission to use notify described Access Network, described Access Network is preserved this information that receives;
(c) after described Access Network is initiated ciphering process, from by described terminal, core net and Access Network the algorithm set of common permission to use, the selected the highest cryptographic algorithm of its medium priority is carried out this locality and is disposed;
(d) described Access Network is notified described terminal and core net with selected cryptographic algorithm, and described terminal and core net are carried out this locality configuration according to selected cryptographic algorithm respectively;
(e) after unified activationary time arrived, described terminal, Access Network began to carry out coded communication according to selected cryptographic algorithm simultaneously.
Further, said method can have following characteristics: in the described step (a), be that the priority definition with non-standard cryptographic algorithm is higher, be defined as the cryptographic algorithm of standard lower.
Further, said method can have following characteristics: in the described step (a), be that the priority definition with the Standard Encryption algorithm is higher, be defined as off-gauge cryptographic algorithm lower.
Further, said method can have following characteristics: in the described step (a), be to be higher with the priority definition to the more favourable cryptographic algorithm of systematic function.
Further, said method can have following characteristics: described step (b) further may further comprise the steps:
(b1) behind the described accessing terminal to network, the algorithm set information of its permission to use is carried to described Access Network by signaling, described Access Network is preserved after receiving this information;
(b2) described core net is initiated ciphering process to described Access Network, carries the algorithm set information of described core net institute permission to use in the associated encryption signaling, and described Access Network is preserved after receiving this information.
Further, said method can have following characteristics: described step (d) further may further comprise the steps:
(d1) described Access Network is initiated ciphering process by air-interface encryption signaling terminal, carried selected cryptographic algorithm in the signaling, described terminal according to selected cryptographic algorithm configuration successful after, send air-interface encryption success response signaling to described Access Network;
(d2) after described Access Network is received described air-interface encryption success response signaling, reply described core net with successful ciphering process response signaling, and in this signaling, carry selected cryptographic algorithm, described core net is carried out this locality configuration according to this selected cryptographic algorithm.
In sum, the inventive method is by setting in advance the cryptographic algorithm priority of Access Network institute permission to use, carry out the selection of cryptographic algorithm by the master control of Access Network side, be up to the principle of optimal selection according to priority, selected the final optimal result by the algorithm set of terminal and core net, the common permission to use of Access Network.Thereby have a following tangible technique effect:
The priority issues that has occurred when 1) well having solved the coexistence of Standard Encryption algorithm and non-standard cryptographic algorithm.Under the situation of Standard Encryption algorithm and the coexistence of non-standard cryptographic algorithm; according to different application scenarioss and related needs; set in advance the Standard Encryption algorithm of Access Network institute permission to use and the precedence information of non-standard cryptographic algorithm; when carrying out the cryptographic algorithm selection; will pick out the highest cryptographic algorithm of priority as optimum final result; reach the purpose that control is used non-standard cryptographic algorithm or used the Standard Encryption algorithm; with the optimum that meets user benefit and reach network performance, guarantee interconnection and interflow property.
2) well solved the selection problem of the cryptographic algorithm of multiple common permission to use.According to the assessment result of cryptographic algorithm for the systematic function influence, set in advance the cryptographic algorithm precedence information of corresponding Access Network institute permission to use, the cryptographic algorithm that priority is high more represents that assessment result is best, wishes preferentially to use.When carrying out the cryptographic algorithm selection, will pick out the highest cryptographic algorithm of priority as optimum final result, thereby the cryptographic algorithm of assessment result optimum is used in control.
In addition, the inventive method logic is rationally simple, high efficiency, does not influence existing standard system structure, fully conformance with standard signaling procedure, cell structure.Simultaneously, terminal, core net need not anyly change, and just Access Network has very little change, realizes simple and convenient.And have good versatility, be applicable to various coded communication processes.
Description of drawings
Fig. 1 is the flow chart of the ciphering process that defines in the present standard.
Fig. 2 is that the embodiment of the invention is encrypted the flow chart that priority is selected the implementation method of cryptographic algorithm based on wireless access network.
Embodiment
When in wireless communication system, using the inventive method, need satisfy terminal and core net, Access Network and permit multiple encryption method jointly, otherwise can not select the flow process of cryptographic algorithm.Secondly, terminal has the ability the algorithm set information of its permission is reported Access Network, and the capable ciphering process of initiating of core net, guarantees that ciphering process can normal process.
Be described in further detail below in conjunction with the enforcement of accompanying drawing technical scheme:
Present embodiment provides a kind of and has encrypted the method that priority is selected cryptographic algorithm based on wireless access network, this method on the signaling process of encryption and signaling structure and normalized definition in full accord, just adopt and encrypt the priority principle based on wireless access network and carry out the selection of cryptographic algorithm in the Access Network side.
Need be in the Access Network side in advance according to the actual demand of runing, the precedence information of each cryptographic algorithm that the configuration Access Network is permitted.For example, having in the country of specific (special) requirements for the encryption utilization, wishing preferentially to select for use the own exclusive non-standard cryptographic algorithm of this country, next is the cryptographic algorithm of choice criteria.So, the Access Network lateral root is according to the demand and the principle of this commercial operation, with the priority definition of the own exclusive non-standard cryptographic algorithm of this country is higher, the cryptographic algorithm of standard is defined as lower, sets in advance each cryptographic algorithm corresponding priorities information of Access Network institute permission to use.
The algorithm set of present embodiment terminal, core net and Access Network permission has been shown in the table 1.Wherein, the algorithm set of terminal permission is: { canonical algorithm 1, non-standard algorithm 2}; The algorithm set of core net and Access Network permission is: { canonical algorithm 1, non-standard algorithm 2, non-standard algorithm 3}.
Table 1
The cryptographic algorithm of terminal permission | Canonical algorithm 1 | Non-standard algorithm 2 | |
The cryptographic algorithm of core net permission | Canonical algorithm 1 | Non-standard algorithm 2 | Non-standard algorithm 3 |
The cryptographic algorithm of Access Network permission | Canonical algorithm 1 | Non-standard algorithm 2 | Non-standard algorithm 3 |
Table 2 shows the actual demand of present embodiment according to commercial operation, is the corresponding precedence information of each cryptographic algorithm setting of Access Network institute permission to use in advance, and the big more expression priority of priority value is high more.Because this commercial operation wishes preferentially to select for use the own exclusive non-standard cryptographic algorithm of this country, the assessment result of 3 pairs of systematic function influences of non-standard in addition algorithm is better, so be set at non-standard algorithm 3 priority the highest (value is 9), non-standard algorithm 2 priority are (value is 7) secondly, canonical algorithm 1 priority minimum (value is 5).As can be seen, the operation actual demand is, override is selected non-standard algorithm 3, secondly preferentially selects non-standard algorithm 2, and the choice criteria algorithm 1 once more.
Table 2
The cryptographic algorithm of Access Network permission | Canonical algorithm 1 | Non-standard algorithm 2 | Non-standard algorithm 3 |
The precedence information of the cryptographic algorithm of Access Network permission | 5 | 7 | 9 |
Present embodiment based on encrypt priority select cryptographic algorithm method the specific implementation flow process as shown in Figure 2, may further comprise the steps:
In sum, method of encrypting priority selection cryptographic algorithm based on wireless access network provided by the invention, by setting in advance the cryptographic algorithm priority of Access Network institute permission to use, follow the principle that priority is up to optimal selection, carry out cryptographic algorithm by the Access Network master control and select.This method is simple, effective, complete compliant standard, not only well solve the priority issues that occurs when Standard Encryption algorithm and non-standard cryptographic algorithm coexist, and solved the selection problem of the cryptographic algorithm of multiple common permission to use, guaranteed the optimum of user benefit and network performance.
The concrete enforcement of the inventive method is not limited to the foregoing description, and the flow process that transmits for signaling can have different selections.
Claims (6)
1, select the method for cryptographic algorithm in a kind of wireless communication system, may further comprise the steps:
(a), for each cryptographic algorithm of Access Network institute permission to use corresponding priorities information is set in advance in the Access Network side;
(b) terminal and core net will be separately the algorithm set information of permission to use notify described Access Network, described Access Network is preserved this information that receives;
(c) after described Access Network is initiated ciphering process, from by described terminal, core net and Access Network the algorithm set of common permission to use, the selected the highest cryptographic algorithm of its medium priority is carried out this locality and is disposed;
(d) described Access Network is notified described terminal and core net with selected cryptographic algorithm, and described terminal and core net are carried out this locality configuration according to selected cryptographic algorithm respectively;
(e) after unified activationary time arrived, described terminal, Access Network began to carry out coded communication according to selected cryptographic algorithm simultaneously.
2, the method for claim 1 is characterized in that, in the described step (a), is that the priority definition with non-standard cryptographic algorithm is higher, is defined as the cryptographic algorithm of standard lower.
3, the method for claim 1 is characterized in that, in the described step (a), is that the priority definition with the Standard Encryption algorithm is higher, is defined as off-gauge cryptographic algorithm lower.
4, the method for claim 1 is characterized in that, in the described step (a), is to be higher with the priority definition to the more favourable cryptographic algorithm of systematic function.
5, the method for claim 1 is characterized in that, described step (b) further may further comprise the steps:
(b1) behind the described accessing terminal to network, the algorithm set information of its permission to use is carried to described Access Network by signaling, described Access Network is preserved after receiving this information;
(b2) described core net is initiated ciphering process to Access Network, carries the algorithm set information of described core net institute permission to use in the associated encryption signaling, and described Access Network is preserved after receiving this information.
As claim 1 or 5 described methods, it is characterized in that 6, described step (d) further may further comprise the steps:
(d1) described Access Network is initiated ciphering process by air-interface encryption signaling terminal, carried selected cryptographic algorithm in the signaling, described terminal according to selected cryptographic algorithm configuration successful after, send air-interface encryption success response signaling to described Access Network;
(d2) after described Access Network is received described air-interface encryption success response signaling, reply described core net with successful ciphering process response signaling, and in this signaling, carry selected cryptographic algorithm, described core net is carried out this locality configuration according to this selected cryptographic algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100463438A CN100561917C (en) | 2004-06-04 | 2004-06-04 | Select the method for cryptographic algorithm in a kind of wireless communication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100463438A CN100561917C (en) | 2004-06-04 | 2004-06-04 | Select the method for cryptographic algorithm in a kind of wireless communication system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1708005A CN1708005A (en) | 2005-12-14 |
CN100561917C true CN100561917C (en) | 2009-11-18 |
Family
ID=35581668
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2004100463438A Expired - Fee Related CN100561917C (en) | 2004-06-04 | 2004-06-04 | Select the method for cryptographic algorithm in a kind of wireless communication system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100561917C (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8948393B2 (en) * | 2006-04-28 | 2015-02-03 | Qualcomm Incorporated | Uninterrupted transmission during a change in ciphering configuration |
JP5100286B2 (en) * | 2007-09-28 | 2012-12-19 | 東芝ソリューション株式会社 | Cryptographic module selection device and program |
CN102014381B (en) * | 2009-09-08 | 2012-12-12 | 华为技术有限公司 | Encryption algorithm consultation method, network element and mobile station |
CN102083063B (en) * | 2009-11-30 | 2013-07-10 | 电信科学技术研究院 | Method, system and equipment for confirming AS key |
CN112039730B (en) * | 2020-08-31 | 2022-06-07 | 海南大学 | Performance evaluation method of encryption algorithm and storage medium |
CN112637166B (en) * | 2020-12-15 | 2022-07-22 | 平安科技(深圳)有限公司 | Data transmission method, device, terminal and storage medium |
-
2004
- 2004-06-04 CN CNB2004100463438A patent/CN100561917C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN1708005A (en) | 2005-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109640324B (en) | A kind of communication means and relevant apparatus | |
CN104243143B (en) | A kind of mobile secret communication method based on quantum key distribution network | |
CN102821483B (en) | Interoperation method for wireless local area network and wireless wide area network, user equipment and base station | |
CN101854625B (en) | Selective processing method and device of security algorithm, network entity and communication system | |
CN101715238B (en) | Method of transmitting/receiving control information of data channel for enhanced uplink data transmission | |
CN101366226A (en) | Method and apparatus for data security and automatic repeat request implementation in a wireless communication system | |
CN104579627A (en) | Data encryption method and system | |
CN100505759C (en) | Non peer-to-peer entity safety grade arranging method | |
CN105517053A (en) | Method and system for reducing wireless link control layer protocol data unit subdivision sections | |
CN101351033B (en) | Data multiplexing method capable of enhancing up access system through multi-carrier | |
CN100561917C (en) | Select the method for cryptographic algorithm in a kind of wireless communication system | |
EP2757854B1 (en) | Traffic Offload | |
CN104283854A (en) | IPsec based method for transmitting large data volume in VPN | |
CN101965064B (en) | Method and device for transmitting packet data convergence protocol data | |
CN106211350B (en) | A kind of unauthorized frequency range cut-in method based on receiving side carrier sense | |
CN101123608A (en) | Full frequency band and full duplex transmission power adjustable wireless network adapter and its implementation method | |
CN212343809U (en) | Edge type cellular Internet of things private network system | |
CN104521261B (en) | Being provided in communication network can the method for Lawful intercept, user's set and base transceiver station | |
CN101473599A (en) | System and method for controlling bandwidth at a wireless endpoint | |
CN102378347B (en) | A kind of terminal and authorization processing method thereof | |
CN110855801A (en) | Gateway for electric power multi-interface transmission and data transmission method | |
CN114286303A (en) | Satellite terrestrial space roaming charging method, system and storage medium | |
CN102056109A (en) | Methods for group sending and returning short message services (SMSs) and telecom smart card | |
CN207995105U (en) | Intelligent terminal safety communication system based on data encryption and decryption | |
CN105025476B (en) | A kind of mobile encrypted communication mechanism of space-time separation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091118 Termination date: 20190604 |