ENCRYPTED COMMUNICATION METHOD AND APPARATUS
First Claim
1. An encrypted communication method, the method comprising:
- receiving, by a network-side device, first authentication information sent by a User Equipment (UE), and authenticating on an encryption module of the UE according to the first authentication information;
if the authentication on the encryption module of the UE is passed, then generating, by the network-side device, a transmission key corresponding to the UE, and second authentication information, encrypting the transmission key using an initial key corresponding to the UE, and sending the second authentication information and the encrypted transmission key to the UE, wherein the second authentication information is used by the UE to authenticate on the network-side device; and
if the network-side device receives a session setup request sent by the UE which is a calling UE after the authentication on the network-side device by the UE using the second authentication information is passed, then generating, by the network-side device, a session key for encrypting a session message transmitted between the calling UE and a called UE, encrypting the session key using the transmission key corresponding to the calling UE and sending the encrypted session key to the calling UE, and encrypting the session key using a transmission key corresponding to the called UE and sending the encrypted session key to the called UE.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a method and apparatus for achieving encrypted communications, which are used for achieving a secure session between a calling UE and a called UE in an IP multimedia subsystem (IMS) architecture, so as to prevent a session message from being eavesdropped in a session process. The method of the present invention comprises: receiving, by a network-side device, first authentication information sent by a UE, and according to the first authentication information, conducting authentication on an encrypted module of the UE; generating a transmission key corresponding to the UE and second authentication information, encrypting the transmission key using an initial key corresponding to the UE, and sending the second authentication information and the encrypted transmission key to the UE; and generating a session key for encrypting a session message transmitted between a calling UE and a called UE, encrypting the session key using the transmission key corresponding to a calling UE and sending the encrypted session key to the calling UE, and encrypting the session key using the transmission key corresponding to the called UE and sending the encrypted session key to the called UE.
21 Citations
24 Claims
-
1. An encrypted communication method, the method comprising:
-
receiving, by a network-side device, first authentication information sent by a User Equipment (UE), and authenticating on an encryption module of the UE according to the first authentication information; if the authentication on the encryption module of the UE is passed, then generating, by the network-side device, a transmission key corresponding to the UE, and second authentication information, encrypting the transmission key using an initial key corresponding to the UE, and sending the second authentication information and the encrypted transmission key to the UE, wherein the second authentication information is used by the UE to authenticate on the network-side device; and if the network-side device receives a session setup request sent by the UE which is a calling UE after the authentication on the network-side device by the UE using the second authentication information is passed, then generating, by the network-side device, a session key for encrypting a session message transmitted between the calling UE and a called UE, encrypting the session key using the transmission key corresponding to the calling UE and sending the encrypted session key to the calling UE, and encrypting the session key using a transmission key corresponding to the called UE and sending the encrypted session key to the called UE. - View Dependent Claims (2, 3, 4, 5)
-
-
6. (canceled)
-
7. An encrypted communication method, comprising:
-
generating, by a User Equipment (UE), first authentication information, and sending the first authentication information to a network-side device, wherein the first authentication information is used by the network-side device to authenticate on an encryption module of the UE; receiving, by the UE, second authentication information, and an encrypted transmission key, sent by the network-side device, and authenticating on the network-side device according to the second authentication information, wherein the encrypted transmission key is generated by the network-side device encrypting a generated transmission key corresponding to the UE using an initial key corresponding to the UE; decrypting, by the UE, the encrypted transmission key using the initial key corresponding to the UE; if the authentication by the UE on the network-side device using the second authentication information is passed, then sending, by the UE which is a calling UE, a session setup request to the network-side device; receiving, by the UE, an encrypted session key sent by the network-side device, and decrypting the encrypted session key using the transmission key generated as a result of decryption; and encrypting and transmitting, by the UE, a session message transmitted between the UE and an opposite UE using a session key generated as a result of decryption. - View Dependent Claims (8, 9, 11, 12)
-
-
10. (canceled)
-
13. An encrypted communication apparatus, comprising:
-
a module authenticating unit configured to receive first authentication information sent by a User Equipment (UE), and to authenticate on an encryption module of the UE according to the first authentication information; an information processing unit configured, if the authentication on the encryption module of the UE is passed, to generate a transmission key corresponding to the UE, and second authentication information, to encrypt the transmission key using an initial key corresponding to the UE, and to send the second authentication information and the encrypted transmission key to the UE, wherein the second authentication information is used by the UE to authenticate on the network-side device; and a session request processing unit configured, if a session setup request sent by the UE which is a calling UE is received, after the authentication on the network-side device by the UE using the second authentication information is passed, to generate a session key for encrypting a session message transmitted between the calling UE and a called UE, to encrypt the session key using the transmission key corresponding to the calling UE and to send the encrypted session key to the calling UE, and to encrypt the session key using a transmission key corresponding to the called UE and to send the encrypted session key to the called UE. - View Dependent Claims (14, 15, 16, 17)
-
-
18. (canceled)
-
19. An encrypted communication apparatus, comprising:
-
a first information processing unit configured to generate first authentication information, and to send the first authentication information to a network-side device, wherein the first authentication information is used by the network-side device to authenticate on an encryption module of the UE; a second information processing unit configured to receive second authentication information, and an encrypted transmission key, sent by the network-side device, and to authenticate on the network-side device according to the second authentication information, wherein the encrypted transmission key is generated by the network-side device encrypting a generated transmission key corresponding to the UE using an initial key corresponding to the UE; and
to decrypt the encrypted transmission key using the initial key corresponding to the UE; anda session request processing unit configured, if the authentication on the network-side device using the second authentication information is passed, to send a session setup request to the network-side device;
to receive an encrypted session key sent by the network-side device, and to decrypt the encrypted session key using the transmission key generated as a result of decryption; and
to encrypt and transmit a session message transmitted between the UE and an opposite UE using a session key generated as a result of decryption. - View Dependent Claims (20, 21, 23, 24)
-
-
22. (canceled)
Specification