[go: up one dir, main page]

CN109286930A - A kind of cellular mobile communications networks packet data network protection method - Google Patents

A kind of cellular mobile communications networks packet data network protection method Download PDF

Info

Publication number
CN109286930A
CN109286930A CN201811217649.3A CN201811217649A CN109286930A CN 109286930 A CN109286930 A CN 109286930A CN 201811217649 A CN201811217649 A CN 201811217649A CN 109286930 A CN109286930 A CN 109286930A
Authority
CN
China
Prior art keywords
count value
packet
packet data
mobile communications
data network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811217649.3A
Other languages
Chinese (zh)
Inventor
邱岳光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jiahang Communications Technology Co Ltd
Original Assignee
Guangzhou Jiahang Communications Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jiahang Communications Technology Co Ltd filed Critical Guangzhou Jiahang Communications Technology Co Ltd
Priority to CN201811217649.3A priority Critical patent/CN109286930A/en
Publication of CN109286930A publication Critical patent/CN109286930A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of cellular mobile communications networks packet data network protection method, defines boundaries between cellular mobile communications networks and Packet Data Network;Security boundary is determined inside special-purpose terminal in cellular mobile communications networks;The count value and enhancing count value of Packet Data Network's convergence protocol data packet are obtained, the enhancing count value is a high position for the count value in logic, and after the count value reaches predetermined threshold, the enhancing count value increases predetermined value;According to the count value, the enhancing count value and safeguard protection key; safe handling is carried out to Packet Data Network's convergence protocol data packet of the upper transmitting; compared with network layer security protocols; Data Link Layer security protocol used in the present invention has the technical advantage that agreement is simple, realization is convenient, operation and protocol overhead are small; especially in information security field, it is more suitable for meeting high guarantee safety requirements.

Description

A kind of cellular mobile communications networks packet data network protection method
Technical field
The present invention is a kind of cellular mobile communications networks packet data network protection method, belongs to field of mobile communication.
Background technique
In the prior art, as cellular mobile communications networks are from the network centered on voice to data-centered network Transition, cellular mobile communications networks constitute the physical layer and data link layer of computer network, and cellular mobile communications networks are no longer direct Provide a user specific service.
User data is still transmitted using plaintext in the core net of mobile radio communication, and the terminal of cellular mobile communications networks identifies It is not able to satisfy the requirement of high security level user with cryptoguard intensity.The equipment of especially cellular mobile communications networks does not all have Assessed by high level safety assurance, the security functions of these equipment whether correctly realize there is no sufficiently reliable evidence into Line justification.Therefore, for the dedicated computer network of high security level, no matter the security protocol of computer network network layers is relied on also It is the safety requirements for not being able to satisfy user by the safety measure of mobile communications network.
Summary of the invention
In view of the deficienciess of the prior art, it is an object of the present invention to provide a kind of cellular mobile communications networks Packet Data Network guarantors Maintaining method, to solve the problems mentioned in the above background technology.
To achieve the goals above, the present invention is to realize by the following technical solutions: a kind of cellular mobile communications networks Packet data network protection method, includes the following steps:
S1: it defines boundaries between cellular mobile communications networks and Packet Data Network;
S2: security boundary is determined inside the special-purpose terminal in cellular mobile communications networks;Obtain convergence association of Packet Data Network The count value and enhancing count value of data packet are discussed, the enhancing count value is a high position for the count value in logic, in the meter After numerical value reaches predetermined threshold, the enhancing count value increases predetermined value;It is counted according to the count value, the enhancing Value and safeguard protection key carry out safe handling to Packet Data Network's convergence protocol data packet of the upper transmitting;
S3: security password service function is provided to special-purpose terminal and boundary protection gateway;
S4: according to the security password service function, cellular mobile communications networks point are completed by the boundary protection gateway The boundary protection of group data network.
Further, flow statistical module, flow system are connected between the cellular mobile communications networks and Packet Data Network Meter module is connected with the cellular mobile communications networks, for counting the flow between cellular mobile communications networks and Packet Data Network.
Further, the security password service function by the load identification that carries in data convergence protocol data packet, Direction and message generate and send to receiving device, and the security password service function includes that the first air interface key and second are empty Mouth key, when the count value of the corresponding Packet Data Network's convergence protocol data packet of the first air interface key reaches predetermined threshold, to Relay node sends safe mode command or wireless heterogeneous networks reconfigure order, is used with triggering base station and the relay node Second air interface key;Using second air interface key to the packet data transmitted upper between the base station and the relay node Net convergence protocol data packet carries out safeguard protection.
Further, the boundary protection gateway generates submodule by key, for according to the count value, the increasing Strong count value, safeguard protection key, load identification, direction and the length carried in the Packet Data Convergence Protocol data packet, Generate encryption key stream or decruption key stream;Encryption and decryption handles submodule, for utilizing the encryption key stream, to upper transmitting Packet Data Convergence Protocol data packet is encrypted;Alternatively, the grouping using the decruption key stream, to the upper transmitting Data convergence protocol data packet is decrypted.
Further, the safeguard protection key is used for close according to the count value, the enhancing count value, safeguard protection Load identification, direction and the message carried in key, the Packet Data Convergence Protocol data packet generates integrity protected message and recognizes Demonstrate,prove code.
Beneficial effects of the present invention: a kind of cellular mobile communications networks packet data network protection method of the invention, compared to The beneficial effect of the prior art, method provided by the invention is: compared with network layer security protocols, data-link used in the present invention Layer security protocol has the technical advantage that agreement is simple, realization is convenient, operation and protocol overhead are small, especially leads in information security Domain is more suitable for meeting high guarantee safety requirements.
Specific embodiment
To be easy to understand the technical means, the creative features, the aims and the efficiencies achieved by the present invention, below with reference to Specific embodiment, the present invention is further explained.
The present invention provides a kind of technical solution: a kind of cellular mobile communications networks packet data network protection method, including as follows Step:
S1: it defines boundaries between cellular mobile communications networks and Packet Data Network;
S2: security boundary is determined inside the special-purpose terminal in cellular mobile communications networks;Obtain convergence association of Packet Data Network The count value and enhancing count value of data packet are discussed, enhancing count value is a high position for count value in logic, reaches predetermined in count value After threshold value, enhancing count value increases predetermined value;According to count value, enhancing count value and safeguard protection key, to upload The Packet Data Network's convergence protocol data packet passed carries out safe handling;
S3: security password service function is provided to special-purpose terminal and boundary protection gateway;
S4: according to security password service function, cellular mobile communications networks Packet Data Network is completed by boundary protection gateway Boundary protection.
Flow statistical module is connected between cellular mobile communications networks and Packet Data Network, flow statistical module and honeycomb move Dynamic communication network is connected, for counting the flow between cellular mobile communications networks and Packet Data Network.
Security password service function is generated by load identification, direction and the message carried in data convergence protocol data packet And be sent to receiving device, security password service function include the first air interface key and the second air interface key, first eat dishes without rice or wine it is close When the count value of the corresponding Packet Data Network's convergence protocol data packet of key reaches predetermined threshold, safe mould is sent to relay node Formula order or wireless heterogeneous networks reconfigure order, use the second air interface key to trigger base station and relay node;Utilize second Air interface key carries out safeguard protection to the Packet Data Network's convergence protocol data packet transmitted upper between base station and relay node.
Boundary protection gateway generates submodule by key, for close according to count value, enhancing count value, safeguard protection Load identification, direction and the length carried in key, Packet Data Convergence Protocol data packet generates encryption key stream or decruption key Stream;Encryption and decryption handles submodule, for utilizing encryption key stream, adds to the Packet Data Convergence Protocol data packet of upper transmitting Close processing;Alternatively, the Packet Data Convergence Protocol data packet of upper transmitting is decrypted using decruption key stream.
Safeguard protection key is used for according to count value, enhancing count value, safeguard protection key, Packet Data Convergence Protocol number According to load identification, direction and the message carried in packet, integrity protected message's authentication code is generated.
Embodiment: it defines boundaries between cellular mobile communications networks and Packet Data Network;In cellular mobile communications networks Special-purpose terminal inside determine security boundary;The count value and enhancing count value of Packet Data Network's convergence protocol data packet are obtained, Enhancing count value is a high position for count value in logic, and after count value reaches predetermined threshold, enhancing count value increases predetermined Numerical value;According to count value, enhancing count value and safeguard protection key, to Packet Data Network's convergence protocol data packet of upper transmitting into Row safe handling;Security password service function is provided to special-purpose terminal and boundary protection gateway;According to security password service function, The boundary protection of cellular mobile communications networks Packet Data Network is completed by boundary protection gateway;
Flow statistical module is connected between cellular mobile communications networks and Packet Data Network, flow statistical module and honeycomb move Dynamic communication network is connected, and for counting the flow between cellular mobile communications networks and Packet Data Network, security password service function is logical It crosses the load identification carried in data convergence protocol data packet, direction and message to generate and send to receiving device, safety is close Code service function includes the first air interface key and the second air interface key, the corresponding Packet Data Network's convergence protocol of the first air interface key When the count value of data packet reaches predetermined threshold, safe mode command is sent to relay node or wireless heterogeneous networks reconfigure Order uses the second air interface key to trigger base station and relay node;Using the second air interface key to base station and relay node it Between the upper Packet Data Network's convergence protocol data packet transmitted carry out safeguard protection, boundary protection gateway generates submodule by key Block, for according to the carrying carried in count value, enhancing count value, safeguard protection key, Packet Data Convergence Protocol data packet Mark, direction and length generate encryption key stream or decruption key stream;Encryption and decryption handles submodule, for utilizing encryption key Stream, is encrypted the Packet Data Convergence Protocol data packet of upper transmitting;Alternatively, using decruption key stream, to upper transmitting Packet Data Convergence Protocol data packet be decrypted, safeguard protection key be used for according to count value, enhancing count value, peace Load identification, direction and the message carried in full guard key, Packet Data Convergence Protocol data packet generates integrity protection and disappears Cease authentication code.
The above shows and describes the basic principles and main features of the present invention and the advantages of the present invention, for this field skill For art personnel, it is clear that invention is not limited to the details of the above exemplary embodiments, and without departing substantially from spirit of the invention or In the case where essential characteristic, the present invention can be realized in other specific forms.Therefore, in all respects, should all incite somebody to action Embodiment regards exemplary as, and is non-limiting, the scope of the present invention by appended claims rather than on state Bright restriction, it is intended that including all changes that fall within the meaning and scope of the equivalent elements of the claims in the present invention It is interior.Claim should not be construed as limiting the claims involved.
In addition, it should be understood that although this specification is described in terms of embodiments, but not each embodiment is only wrapped Containing an independent technical solution, this description of the specification is merely for the sake of clarity, and those skilled in the art should It considers the specification as a whole, the technical solutions in the various embodiments may also be suitably combined, forms those skilled in the art The other embodiments being understood that.

Claims (5)

1. a kind of cellular mobile communications networks packet data network protection method, it is characterised in that include the following steps:
S1: it defines boundaries between cellular mobile communications networks and Packet Data Network;
S2: security boundary is determined inside the special-purpose terminal in cellular mobile communications networks;Obtain Packet Data Network's convergence protocol number According to the count value and enhancing count value of packet, the enhancing count value is a high position for the count value in logic, in the count value After reaching predetermined threshold, the enhancing count value increases predetermined value;According to the count value, the enhancing count value and Safeguard protection key carries out safe handling to Packet Data Network's convergence protocol data packet of the upper transmitting;
S3: security password service function is provided to special-purpose terminal and boundary protection gateway;
S4: according to the security password service function, cellular mobile communications networks packet count is completed by the boundary protection gateway According to the boundary protection of net.
2. a kind of cellular mobile communications networks packet data network protection method according to claim 1, it is characterised in that: described Flow statistical module is connected between cellular mobile communications networks and Packet Data Network, flow statistical module and the honeycomb are mobile logical Letter net is connected, for counting the flow between cellular mobile communications networks and Packet Data Network.
3. a kind of cellular mobile communications networks packet data network protection method according to claim 1, it is characterised in that: described Security password service function by the load identification, direction and the message that carry in data convergence protocol data packet generate and send to Receiving device, the security password service function include the first air interface key and the second air interface key, the first air interface key pair When the count value for the Packet Data Network's convergence protocol data packet answered reaches predetermined threshold, safe mode life is sent to relay node It enables or wireless heterogeneous networks reconfigures order, use the second air interface key to trigger base station and the relay node;Using described Second air interface key carries out the Packet Data Network's convergence protocol data packet transmitted upper between the base station and the relay node Safeguard protection.
4. boundary protection gateway according to claim 1, it is characterised in that: the boundary protection gateway is generated by key Submodule, for according to the count value, the enhancing count value, safeguard protection key, the Packet Data Convergence Protocol number According to load identification, direction and the length carried in packet, encryption key stream or decruption key stream are generated;Encryption and decryption handles submodule, For utilizing the encryption key stream, the Packet Data Convergence Protocol data packet of upper transmitting is encrypted;Alternatively, utilizing The Packet Data Convergence Protocol data packet of the upper transmitting is decrypted in the decruption key stream.
5. key according to claim 4 generates submodule, it is characterised in that: the safeguard protection key is used for according to institute State count value, the enhancing count value, safeguard protection key, the carrying mark carried in the Packet Data Convergence Protocol data packet Knowledge, direction and message generate integrity protected message's authentication code.
CN201811217649.3A 2018-10-18 2018-10-18 A kind of cellular mobile communications networks packet data network protection method Pending CN109286930A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811217649.3A CN109286930A (en) 2018-10-18 2018-10-18 A kind of cellular mobile communications networks packet data network protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811217649.3A CN109286930A (en) 2018-10-18 2018-10-18 A kind of cellular mobile communications networks packet data network protection method

Publications (1)

Publication Number Publication Date
CN109286930A true CN109286930A (en) 2019-01-29

Family

ID=65176764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811217649.3A Pending CN109286930A (en) 2018-10-18 2018-10-18 A kind of cellular mobile communications networks packet data network protection method

Country Status (1)

Country Link
CN (1) CN109286930A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111757322A (en) * 2020-06-19 2020-10-09 兴唐通信科技有限公司 Cellular mobile communication network protection method and system with centralized base station password service
WO2022198671A1 (en) * 2021-03-26 2022-09-29 华为技术有限公司 Communication method and apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6128327A (en) * 1998-01-29 2000-10-03 Ericsson Inc. Frequency hopping
CN102404721A (en) * 2010-09-10 2012-04-04 华为技术有限公司 Safety protection method and device for Un interface and base station
CN103957197A (en) * 2014-04-15 2014-07-30 兴唐通信科技有限公司 Method for protecting cellular mobile communication network and grouped data network
CN104636684A (en) * 2014-12-15 2015-05-20 上海新储集成电路有限公司 Monotonic counter and monotonic counting method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6128327A (en) * 1998-01-29 2000-10-03 Ericsson Inc. Frequency hopping
CN102404721A (en) * 2010-09-10 2012-04-04 华为技术有限公司 Safety protection method and device for Un interface and base station
CN103957197A (en) * 2014-04-15 2014-07-30 兴唐通信科技有限公司 Method for protecting cellular mobile communication network and grouped data network
CN104636684A (en) * 2014-12-15 2015-05-20 上海新储集成电路有限公司 Monotonic counter and monotonic counting method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111757322A (en) * 2020-06-19 2020-10-09 兴唐通信科技有限公司 Cellular mobile communication network protection method and system with centralized base station password service
CN111757322B (en) * 2020-06-19 2023-11-17 兴唐通信科技有限公司 Cellular mobile communication network protection method and system for base station password service centralization
WO2022198671A1 (en) * 2021-03-26 2022-09-29 华为技术有限公司 Communication method and apparatus

Similar Documents

Publication Publication Date Title
CN104012134B (en) The method and system of secure communication for the control information in wireless network environment
CN113630773B (en) Safety implementation method, equipment and system
CN101640887B (en) Authentication method, communication device and communication system
CN105554907B (en) A method of configuration WiFi equipment connects WiFi router
US8959333B2 (en) Method and system for providing a mesh key
CN101155026B (en) Protection method and apparatus for communication security
CN107005927A (en) Cut-in method, equipment and the system of user equipment (UE)
CN104247328B (en) Data transmission method and device
WO2019096075A1 (en) Method and apparatus for message protection
CN105850176A (en) Method and device for controlling congestion in mobile communication system
CN102075930A (en) Apparatus, system and method of prioritizing management frame of wireless network
CN110366175B (en) Security negotiation method, terminal equipment and network equipment
CN110505714A (en) Multi-link communication means, equipment and terminal
CN109286930A (en) A kind of cellular mobile communications networks packet data network protection method
CN101119381B (en) Method and system for preventing playback attack
CN109964500A (en) Export is used for the security key of relayed communications
CN102625307B (en) Wireless network access system
CN103457953A (en) Handling mechanism preventing 802.1X protocol attack under security access mode of port
CN100388849C (en) Method of cipher key management, distribution, and transfer during subscriber switch in digital cellular mobile communication system
CN106358195B (en) Safe activation optimization method suitable for LTE access layer
CN104125570B (en) A kind of method and device of signaling message integrity checking
KR102104844B1 (en) Data transmission method, first device and second device
CN105992162A (en) Method for communication through multicast frame embedded data under unrelated WIFI environment
CN101765110B (en) Dedicated encryption protection method between user and wireless access point
CN105027495B (en) A kind of method of check key, base station, user equipment and core network element

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190129