CN104243409A - Terminal-to-terminal data transmission method - Google Patents
Terminal-to-terminal data transmission method Download PDFInfo
- Publication number
- CN104243409A CN104243409A CN201310236233.7A CN201310236233A CN104243409A CN 104243409 A CN104243409 A CN 104243409A CN 201310236233 A CN201310236233 A CN 201310236233A CN 104243409 A CN104243409 A CN 104243409A
- Authority
- CN
- China
- Prior art keywords
- terminal
- key
- random number
- ciphertext
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Disclosed is a terminal-to-terminal data transmission method. The method comprises the steps that a random number generated by a first terminal is sent to a second terminal; the first terminal and the second terminal generate a session key SK of a current session through a key generation function through the random number and a key encryption key KEK; the first terminal utilizes the SK for encrypting a plaintext to generate a ciphertext and sends the ciphertext to the second terminal; the second terminal decrypts the ciphertext according to the SK to obtain the plaintext. After the terminal-to-terminal data transmission method is applied, the probability of leakage of high-security-level secrete keys is reduced, and the security of terminal-to-terminal data transmission is improved.
Description
Technical field
The application relates to communication technical field, more specifically, relates to a kind of method of end-to-end transmission data.
Background technology
Trunked communication system is the private wireless communication system developed to meet industry user's command scheduling demand, applying towards specific industry.In this system, a large amount of wireless user shares a small amount of wireless channel, is that main body is applied with command scheduling, is a kind of multipurpose, dynamical wireless communication system.Trunked communication system is widely used in the fields such as government department, public safety, emergency communication, electric power, civil aviaton, petrochemical industry and army.
Because trunked communication system transmission information requires higher confidentiality, this just needs trunked communication system to have encryption function.Encryption requirements mainly comprises four aspects: full-service is encrypted, and comprises video-encryption, the concurrent encryption of multi-service; Eat dishes without rice or wine to encrypt and End to End Encryption, namely trunking signal is encrypted, the whole network cryptosync mechanism is provided; Adopt the close chip of business, to reduce the impact on terminal; Realize fail soft to communicate with the safety encipher under network-off direct-passing.
End-to-End Security encryption comprises: at key-encrypting key (KEK) in the update cycle, the KEK for End to End Encryption is constant.During each session establishment, calling and called consult this session key, utilize this session of session key, and carry out speech scrambling.
Specifically comprise: during session start, generate this session key by calling party, be sent to recipient by KEK encrypted session key.Callee uses the key-encrypting key decrypted session key shared.Or adopt following technical scheme: KDC (KDC) generates this session key, send to calling/called both sides by after calling/called both sides' master key encryption, calling/called both sides obtain this session key with respective master key deciphering.
Send session key to need to utilize shared key-encrypting key or master key encryption session key, and send by eating dishes without rice or wine, there is following problem in above-mentioned technical scheme: the key-encrypting key or the master key encryption session key that utilize high level of security, and the session key after the direct Transmission Encryption of eating dishes without rice or wine that fail safe is not high.Once the session key after encryption is cracked, then the key-encrypting key of whole system, session key are all revealed.Therefore, there is larger potential safety hazard in prior art.
Summary of the invention
The embodiment of the present invention proposes a kind of method of end-to-end transmission data, reduces the possibility of the leakage of the secret key of high level of security, improves the fail safe of end-to-end transfer of data.
The technical scheme of the embodiment of the present invention is as follows:
A method for end-to-end transmission data, described method comprises:
The random number that first terminal generates is sent to the second terminal;
First terminal and the second terminal generate the session key SK of this session according to described random number and key-encrypting key KEK by key-function;
First terminal utilizes SK encrypting plaintext generating ciphertext, ciphertext is sent to the second terminal;
Second terminal deciphers described ciphertext according to SK, obtains described plaintext.
Described first terminal is calling terminal, and described second terminal is terminal called.
Described first terminal is terminal called, and described second terminal is calling terminal.
Described key function is one-way function.
The described random number by first terminal generation is sent to the second terminal and comprises: in SIP session establishment, the Call-ID that first terminal generates is sent to the second terminal.
As can be seen from technique scheme, in embodiments of the present invention the random number that first terminal generates is sent to the second terminal; First terminal and the second terminal generate the session key SK of this session according to described random number and KEK by key-function; First terminal utilizes SK encrypting plaintext generating ciphertext, ciphertext is sent to the second terminal; Second terminal deciphers described ciphertext according to SK, obtains described plaintext.Because random number and ciphertext are only sent to the second terminal by first terminal, even if there is error of transmission, also can not reveal the key of high level of security, thus improve the fail safe of end-to-end transfer of data.
Accompanying drawing explanation
Fig. 1 is the method flow schematic diagram of end-to-end transmission data.
Embodiment
Express clearly clear for making the object, technical solutions and advantages of the present invention, below in conjunction with drawings and the specific embodiments, the present invention is further described in more detail.
In embodiments of the present invention, generate random number and be expressly sent to the second terminal by first terminal, both sides utilize this random number and the key-encrypting key shared through key-function computing session key generation.Close without the need to can realize words one in air interface transmission enciphered message in the present invention, reduce the possibility of session key and key-encrypting key leakage, thus improve the fail safe of end-to-end transfer of data.
See the method flow schematic diagram that accompanying drawing 1 is end-to-end transmission data.Wherein, when first terminal and the second terminal communication are set up, generate random number by first terminal or the second terminal.Random number transfers to the second terminal or first terminal, after the second terminal or first terminal receive random number, sends receive confirmation instruction to first terminal or the second terminal.
First terminal is calling terminal in the present invention, then the second terminal is terminal called; First terminal is terminal called, then the second terminal is terminal called.Be calling terminal with first terminal below, the second terminal is terminal called is that example is described in detail.
At calling terminal place, random number and KEK generate this session key (SK) by key-function as input parameter.Calling terminal utilizes SK to encrypt the plaintext generating ciphertext of calling terminal.
At terminal called place, random number and KEK generate this SK by key-function as input parameter.Terminal called utilizes SK decrypting ciphertext, obtains the plaintext of calling terminal.
Due at calling terminal and the preset KEK of terminal called, and calling terminal and terminal called utilize identical parameter function to obtain identical SK.Wherein, key-function can be arbitrary function of the prior art, is also can be one-way function.
If key-function f meets following two conditions, then f is called one-way function:
1. for all arbitrary x belonging to the f domain of definition, can be easy to calculate f (x)=y;
2. for nearly all arbitrary y belonging to f codomain, then computationally can not obtain x and make y=f (x).
That is calculate SK by random number and KEK by key-function easy, but obtain random number and KEK possibility hardly according to SK and key-function.Therefore, even if SK reveals, also KEK can not be revealed.
Illustrate technical scheme of the present invention below.
During connection setup, generate a random number by calling terminal, this random number and KEK generate this session key SK by key-function as input parameter, encrypt the plaintext generating ciphertext of calling terminal with SK.Terminal called first with the random number received and with calling terminal share key-encrypting key as input parameter, generated this SK by the key-function identical with calling terminal, decipher the ciphertext received with SK, obtain the plaintext of calling terminal.
Such as, random number is the Call-ID of this session, and key-function is one-way function y=f (x1, x2).Call-ID is that SIP session protocol is for identifying a specific invitation and inviting relevant all subsequent transaction to this.
Calling terminal: SK=f (KEK, Call-ID) (1)
Receiving terminal: SK`=f (KEK`, Call-ID`) (2)
Wherein KEK` is the key-encrypting key shared with calling terminal, so KEK=KEK`; Call-ID` sends from calling terminal, so Call-ID`=Call-ID.SK=SK` can be obtained from upper (1) formula and (2) formula, thus receiving terminal receives the plaintext of calling terminal.
In sum, adopt technique scheme, even if session key is cracked, is also difficult to obtain key-encrypting key by session key, thus ensure that the safety of its upper level key and key-encrypting key.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (5)
1. a method for end-to-end transmission data, is characterized in that, described method comprises:
The random number that first terminal generates is sent to the second terminal;
First terminal and the second terminal generate the session key SK of this session according to described random number and key-encrypting key KEK by key-function;
First terminal utilizes SK encrypting plaintext generating ciphertext, ciphertext is sent to the second terminal;
Second terminal deciphers described ciphertext according to SK, obtains described plaintext.
2. the method for end-to-end transmission data according to claim 1, it is characterized in that, described first terminal is calling terminal, and described second terminal is terminal called.
3. the method for end-to-end transmission data according to claim 1, it is characterized in that, described first terminal is terminal called, and described second terminal is calling terminal.
4. the method for end-to-end transmission data according to claim 1, it is characterized in that, described key function is one-way function.
5. the method for end-to-end transmission data according to claim 1, is characterized in that, describedly the random number that first terminal generates is sent to the second terminal comprises: in SIP session establishment, the Call-ID that first terminal generates is sent to the second terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310236233.7A CN104243409A (en) | 2013-06-14 | 2013-06-14 | Terminal-to-terminal data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310236233.7A CN104243409A (en) | 2013-06-14 | 2013-06-14 | Terminal-to-terminal data transmission method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104243409A true CN104243409A (en) | 2014-12-24 |
Family
ID=52230774
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310236233.7A Pending CN104243409A (en) | 2013-06-14 | 2013-06-14 | Terminal-to-terminal data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243409A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982419A (en) * | 2016-01-18 | 2017-07-25 | 普天信息技术有限公司 | A kind of broadband cluster system individual calling End to End Encryption method and system |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN112242977A (en) * | 2019-07-18 | 2021-01-19 | 深圳市文鼎创数据科技有限公司 | Data transmission method and data transmission system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1534931A (en) * | 2003-04-02 | 2004-10-06 | 华为技术有限公司 | Method of forming dynamic key in radio local network |
| CN1767429A (en) * | 2004-10-29 | 2006-05-03 | 大唐移动通信设备有限公司 | Mobile communication user certification and key negotiation method |
| CN101895877A (en) * | 2009-05-21 | 2010-11-24 | 华为技术有限公司 | Method, device and system for key agreement |
-
2013
- 2013-06-14 CN CN201310236233.7A patent/CN104243409A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1534931A (en) * | 2003-04-02 | 2004-10-06 | 华为技术有限公司 | Method of forming dynamic key in radio local network |
| CN1767429A (en) * | 2004-10-29 | 2006-05-03 | 大唐移动通信设备有限公司 | Mobile communication user certification and key negotiation method |
| CN101895877A (en) * | 2009-05-21 | 2010-11-24 | 华为技术有限公司 | Method, device and system for key agreement |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982419A (en) * | 2016-01-18 | 2017-07-25 | 普天信息技术有限公司 | A kind of broadband cluster system individual calling End to End Encryption method and system |
| CN106982419B (en) * | 2016-01-18 | 2020-05-08 | 普天信息技术有限公司 | Single call end-to-end encryption method and system for broadband cluster system |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN109462605B (en) * | 2018-12-17 | 2021-07-30 | 北京邮电大学 | IM communication system and communication method thereof |
| CN112242977A (en) * | 2019-07-18 | 2021-01-19 | 深圳市文鼎创数据科技有限公司 | Data transmission method and data transmission system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104219051B (en) | The communication means and system of a kind of inner group message | |
| CN101188496B (en) | A SMS encryption transport method | |
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| CN101282211B (en) | A key distribution method | |
| CN104618110B (en) | A kind of VoIP security conferences session key transmission method | |
| CN103338437B (en) | The encryption method of a kind of mobile instant message and system | |
| MX2018003295A (en) | Computer-implemented cryptographic method for improving a computer network, and terminal, system and computer-readable medium for the same. | |
| CN105792190B (en) | Data encryption, decryption and transmission method in communication system | |
| US20130339726A1 (en) | File server apparatus and file server system | |
| CN101340443A (en) | Session key negotiating method, system and server in communication network | |
| CN104754581A (en) | Public key password system based LTE wireless network security certification system | |
| CN102025505A (en) | Advanced encryption standard (AES) algorithm-based encryption/decryption method and device | |
| CN107181584B (en) | Asymmetric completely homomorphic encryption and key replacement and ciphertext delivery method thereof | |
| CN103167494B (en) | Method for sending information and system | |
| WO2012024906A1 (en) | Mobile communication system and voice call encryption method thereof | |
| CN101720071A (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN106375306A (en) | Mobile phone application data transmission encrypting method and system | |
| CN1323507C (en) | Short block processing method in block encryption algorithm | |
| CN104009841B (en) | A kind of message encryption method under instant messaging situation | |
| CN101729536B (en) | Method and system for transmitting delayed media information of IP multimedia subsystem | |
| CN102281303A (en) | Data exchange method | |
| CN104243409A (en) | Terminal-to-terminal data transmission method | |
| CN107659405B (en) | The encrypting and decrypting method of data communication between a kind of substation boss station | |
| CN104579645B (en) | Key updating method based on AES encryption system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141224 |
|
| RJ01 | Rejection of invention patent application after publication |