METHOD AND APPARATUS FOR SECURE COMMUNICATION BETWEEN USER EQUIPMENT AND PRIVATE NETWORK
First Claim
1. A method for implementing special secure communication with a private network in user equipment of a communication network, wherein, comprising the steps of:
- a) generating a security parameters index value by using a pre-stored second root key, said security parameters index value being used for indicating the encryption/decryption algorithm and parameters of data encryption/decryption;
b) performing an operation on said security parameters index value and a first predetermined sequence by using a pre-stored first root key, to generate an encryption key;
c) encrypting data to be transmitted by using said encryption key, to generate encrypted data;
d) encapsulating said encrypted data and said security parameters index value into a data packet which is transmitted via said communication network.
1 Assignment
0 Petitions
Accused Products
Abstract
It is an object of the present invention to provide a new technical solution of supporting special secure communication between user equipment which is located in an external network and an private network the user equipment belongs to. Specifically, transmitted data is encrypted/decrypted and authenticated by using pre-stored root keys corresponding to specific private networks and the agreed encryption/decryption and authentication algorithm at the user equipment and an access device. The manner of generating the encryption/decryption keys and authentication key is simplified, and the complexity of the access device at the private network end is reduced on the premise of not degrading the security grade. The technical solution of the present invention is highly flexible and extensible and can achieve better user experience.
118 Citations
23 Claims
-
1. A method for implementing special secure communication with a private network in user equipment of a communication network, wherein, comprising the steps of:
-
a) generating a security parameters index value by using a pre-stored second root key, said security parameters index value being used for indicating the encryption/decryption algorithm and parameters of data encryption/decryption;
b) performing an operation on said security parameters index value and a first predetermined sequence by using a pre-stored first root key, to generate an encryption key;
c) encrypting data to be transmitted by using said encryption key, to generate encrypted data;
d) encapsulating said encrypted data and said security parameters index value into a data packet which is transmitted via said communication network. - View Dependent Claims (2, 3, 4, 5, 14, 15, 17)
-
-
6. User equipment for implementing special secure communication with a belonging private network in a communication network, comprising:
-
generating means for generating a security parameters index value by using a pre-stored second root key, said security parameters index value being used for indicating the encryption/decryption algorithm and parameters of data encryption/decryption;
first operating means for performing an operation on said security parameters index value and a first predetermined sequence by using a pre-stored first root key, to generate an encryption key;
encrypting means for encrypting the data to be sent by using said encryption key, to generate encrypted data; and
encapsulating means for encapsulating said encrypted data and said security parameters index value into a data packet which is transmitted via said communication network. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for supporting special secure communication between user equipment and the belonging private network in an access device of a communication network, comprising the steps of:
-
i) receiving a data packet from said user equipment;
ii) deciding whether or not said data packet from the user equipment belongs to special secure communication between said user equipment and the belonging private network;
iii) if said data packet from the user equipment belongs to said special secure communication, performing a decryption algorithm, which corresponds to an encryption algorithm at the user equipment, on encrypted data part in said data packet from the user equipment by using a pre-stored first root key corresponding to said private network, to generate an ordinary data packet, and forwarding the ordinary data packet to said private network. - View Dependent Claims (12, 13, 16)
-
-
18. An access device for supporting special secure communication between user equipment and the belonging private network in a communication network, comprising:
-
first receiving means for receiving a data packet from said user equipment;
deciding means for deciding whether or not said data packet from the user equipment belongs to special secure communication between said user equipment and the belonging private network;
conversion processing means for, if said data packet belongs to said special secure communication, performing a decryption algorithm, which corresponds to the encryption algorithm at the user equipment, on encrypted data part in said data packet from the user equipment by using a pre-stored first root key corresponding to said private network, to generate an ordinary data packet; and
first sending means for forwarding the data packet. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification