Encrypted communication method and apparatus
First Claim
1. An encrypted communication method, the method comprising:
- receiving, by a network-side device, first authentication information sent by a User Equipment (UE), and authenticating on an encryption module of the UE according to the first authentication information;
if the authentication on the encryption module of the UE is passed, then generating, by the network-side device, a transmission key corresponding to the UE, and second authentication information, encrypting the transmission key using an initial key corresponding to the UE, and sending the second authentication information and the encrypted transmission key to the UE, wherein the second authentication information is used by the UE to authenticate on the network-side device; and
if the network-side device receives a session setup request sent by the UE which is a calling UE after the authentication on the network-side device by the UE using the second authentication information is passed, then generating, by the network-side device, a session key for encrypting a session message transmitted between the calling UE and a called UE, encrypting the session key using the transmission key corresponding to the calling UE and sending the encrypted session key to the calling UE, and encrypting the session key using a transmission key corresponding to the called UE and sending the encrypted session key to the called UE.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a method and apparatus for achieving encrypted communications, which are used for achieving a secure session between a calling UE and a called UE in an IP multimedia subsystem (IMS) architecture, so as to prevent a session message from being eavesdropped in a session process. The method of the present invention comprises: receiving, by a network-side device, first authentication information sent by a UE, and according to the first authentication information, conducting authentication on an encrypted module of the UE; generating a transmission key corresponding to the UE and second authentication information, encrypting the transmission key using an initial key corresponding to the UE, and sending the second authentication information and the encrypted transmission key to the UE; and generating a session key for encrypting a session message transmitted between a calling UE and a called UE, encrypting the session key using the transmission key corresponding to a calling UE and sending the encrypted session key to the calling UE, and encrypting the session key using the transmission key corresponding to the called UE and sending the encrypted session key to the called UE.
-
Citations
20 Claims
-
1. An encrypted communication method, the method comprising:
receiving, by a network-side device, first authentication information sent by a User Equipment (UE), and authenticating on an encryption module of the UE according to the first authentication information; if the authentication on the encryption module of the UE is passed, then generating, by the network-side device, a transmission key corresponding to the UE, and second authentication information, encrypting the transmission key using an initial key corresponding to the UE, and sending the second authentication information and the encrypted transmission key to the UE, wherein the second authentication information is used by the UE to authenticate on the network-side device; and if the network-side device receives a session setup request sent by the UE which is a calling UE after the authentication on the network-side device by the UE using the second authentication information is passed, then generating, by the network-side device, a session key for encrypting a session message transmitted between the calling UE and a called UE, encrypting the session key using the transmission key corresponding to the calling UE and sending the encrypted session key to the calling UE, and encrypting the session key using a transmission key corresponding to the called UE and sending the encrypted session key to the called UE. - View Dependent Claims (2, 3, 4, 5)
-
6. An encrypted communication method, comprising:
-
generating, by a User Equipment (UE), first authentication information, and sending the first authentication information to a network-side device, wherein the first authentication information is used by the network-side device to authenticate on an encryption module of the UE; receiving, by the UE, second authentication information, and an encrypted transmission key, sent by the network-side device, and authenticating on the network-side device according to the second authentication information, wherein the encrypted transmission key is generated by the network-side device encrypting a generated transmission key corresponding to the UE using an initial key corresponding to the UE; decrypting, by the UE, the encrypted transmission key using the initial key corresponding to the UE; if the authentication by the UE on the network-side device using the second authentication information is passed, then sending, by the UE which is a calling UE, a session setup request to the network-side device; receiving, by the UE, an encrypted session key sent by the network-side device, and decrypting the encrypted session key using the transmission key generated as a result of decryption; and encrypting and transmitting, by the UE, a session message transmitted between the UE and an opposite UE using a session key generated as a result of decryption. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An encrypted communication apparatus, comprising:
-
at least one processor; and a memory communicably connected with the at least one processor for storing instructions executable by the at least one processor, wherein execution of the instructions by the at least one processor causes the at least one processor to; receive first authentication information sent by a User Equipment (UE), and authenticate on an encryption module of the UE according to the first authentication information; if the authentication on the encryption module of the UE is passed, generate a transmission key corresponding to the UE, and second authentication information, encrypt the transmission key using an initial key corresponding to the UE, and send the second authentication information and the encrypted transmission key to the UE, wherein the second authentication information is used by the UE to authenticate on the network-side device; and if a session setup request sent by the UE which is a calling UE is received, after the authentication on the network-side device by the UE using the second authentication information is passed, generate a session key for encrypting a session message transmitted between the calling UE and a called UE, encrypt the session key using the transmission key corresponding to the calling UE and send the encrypted session key to the calling UE, and encrypt the session key using a transmission key corresponding to the called UE and send the encrypted session key to the called UE. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An encrypted communication apparatus, comprising:
-
at least one processor; and a memory communicably connected with the at least one processor for storing instructions executable by the at least one processor, wherein execution of the instructions by the at least one processor causes the at least one processor to; generate first authentication information, and send the first authentication information to a network-side device, wherein the first authentication information is used by the network-side device to authenticate on an encryption module of the UE; receive second authentication information, and an encrypted transmission key, sent by the network-side device, and to authenticate on the network-side device according to the second authentication information, wherein the encrypted transmission key is generated by the network-side device encrypting a generated transmission key corresponding to the UE using an initial key corresponding to the UE; and
decrypt the encrypted transmission key using the initial key corresponding to the UE; andif the authentication on the network-side device using the second authentication information is passed, send a session setup request to the network-side device;
receive an encrypted session key sent by the network-side device, and decrypt the encrypted session key using the transmission key generated as a result of decryption; and
encrypt and transmit a session message transmitted between the UE and an opposite UE using a session key generated as a result of decryption. - View Dependent Claims (17, 18, 19, 20)
-
Specification