CDMA port-to-port encryption communication system and key distribution method thereof

An encrypted communication system and key distribution technology, which is applied in the key distribution field of CDMA end-to-end encrypted communication, can solve the problems of key management and identity authentication limitations, to ensure security, reduce security risks, and improve communication safety effect

Inactive Publication Date: 2010-01-27
成都卫士通信息产业股份有限公司
1 Cites 21 Cited by

AI-Extracted Technical Summary

Problems solved by technology

In order to reduce the security risk of signal transmission on the air interface, security defense technologies such as auth...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Abstract

The invention discloses a CDMA port-to-port encryption communication system and a key distribution method thereof, the CDMA port-to-port encryption communication system comprises a CDMA network and a terminal mobile telephone thereof, a public switched telephone network and a terminal fixed-line telephone thereof, a short message service center as well as the following three cipher processing units including a cipher chip of a mobile telephone terminal, a key distribution management center (KDMC) and a Firmware cipher module of a gateway mobile switching center. The key distribution management center is used for key distribution management of the communication system. The key distribution is realized by a layered distribution method, i.e. a first layer is an equipment key which is distributed in the process of initialization; a second layer is a key-encryption key and a short message service key which are distributed in startup of an enciphered mobile telephone; and a third layer is a session key which is distributed every time a session is launched between the enciphered mobile telephones. At the same time, by adopting a bidirectional certification technology for key distribution and combination of a key update and remote destroying method, the safety risk in key exposure is reduced, and the communication safety is improved.

Application Domain

Technology Topic

Cdma networksKey distribution +10

Image

  • CDMA port-to-port encryption communication system and key distribution method thereof
  • CDMA port-to-port encryption communication system and key distribution method thereof
  • CDMA port-to-port encryption communication system and key distribution method thereof

Examples

  • Experimental program(1)

Example Embodiment

[0022] All the features disclosed in this specification, or all disclosed methods or steps in the process, except for mutually exclusive features and/or steps, can be combined in any manner.
[0023] Any feature disclosed in this specification (including any appended claims, abstract and drawings), unless specifically stated, can be replaced by other equivalent or alternative features with similar purposes. That is, unless otherwise stated, each feature is just one example of a series of equivalent or similar features.
[0024] For the system structure of this embodiment, see the attached figure 1 As shown, a key distribution management center server is deployed in a higher security domain in a CDMA communication network, and the short message center is connected to the key distribution management center server.
[0025] The three-tier management structure of key distribution is as follows figure 2 As shown, the specific distribution method is as follows:
[0026] Initialize the crypto chip and distribute the device key through the following steps: refer to the attachment image 3 , The business operator of the key distribution management center writes the characteristic information MDN of the mobile phone user into the mobile security module. This process binds the password chip with the mobile phone terminal to prevent the password chip from being stolen after it is lost. At the same time, set the login PIN password for the password chip , End users can use the password chip only if they enter the correct PIN password. The crypto chip generates the device key internally, and imports the public key of the device key into the key distribution management center for storage; at the same time, writes the public key of the device key of the key distribution management center into the cryptographic module.
[0027] Use the following steps to initialize the Firmware cryptographic module in the gateway mobile switching center and distribute the device key: refer to the attachment image 3 , Generate the cryptographic algorithm dynamic library of the Firmware cryptographic module, the key distribution management center generates the device key for the Firmware cryptographic module, import the public key of the Firmware cryptographic module to the key distribution management center database, and transfer the public key of the key distribution management center Export and store to Firmware password module.
[0028] When the encrypted mobile phone A is turned on, the password chip authentication is performed first. Only when the user enters the correct PIN password can the encryption chip's cryptographic calculation function be used; after that, the password chip and the key distribution management center are mutually authenticated.
[0029] The two-way authentication process includes: After the key distribution management center authenticates the identity of the cryptographic chip, it distributes encrypted confidential parameters to the cryptographic chip: key encryption key and SMS key; after the cryptographic chip receives the issued confidential parameters , To authenticate the identity of the key distribution management center, and receive the key encryption key and SMS key parameters if the authentication is passed.
[0030] Encrypted mobile phone A and encrypted mobile phone B perform encrypted communication. When a call is established, the calling party encrypted mobile phone A requests a session key request to the key distribution management center. The key distribution management center generates the session key for this call based on the characteristic information MDN of the calling parties; then encrypts the short message with the key encryption key A and key encryption key B of the encrypted mobile phone A and encrypted mobile phone B respectively Send to the short message center, the short message center forwards the key issued message to the encrypted mobile phone A and the encrypted mobile phone B. The terminal user encrypted mobile phone A and encrypted mobile phone B respectively use the key encryption key A and the key encryption key B to decrypt, and obtain the session key of this encrypted communication for this encrypted communication.
[0031] When the mobile phone and the fixed phone perform half-way encrypted communication, the key distribution management center respectively issues a session key to the switch corresponding to the mobile phone and the fixed phone. In the half-way encryption process, the voice encryption and decryption of the fixed telephone is realized by the switch GMSC.
[0032] When encrypted mobile phone A sends encrypted short messages to encrypted mobile phone B, encrypted mobile phone A sends encrypted short messages to short message center A, and short message center A forwards the encrypted short messages to the key distribution management center. The key distribution management center uses encrypted mobile phone A's The SMS key decrypts the short message, and encrypts the short message with the SMS key of encrypted mobile phone B and forwards the message to the SMS center B to which encrypted mobile phone B belongs; SMS center B sends the encrypted short message to encrypted mobile phone B, and the encrypted mobile phone B decrypts the message and completes the reception of the encrypted short message.
[0033] The present invention is not limited to the foregoing specific embodiments. The present invention extends to any new feature or any new combination disclosed in this specification, and any new method or process step or any new combination disclosed.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Similar technology patents

Application information push method, system and network element

ActiveCN102388632ATwo-way information exchangeEnsure safetyInformation formatContent conversionApplication serverService provider
Owner:HUAWEI TECH CO LTD

Classification and recommendation of technical efficacy words

  • Reduce security risks
  • Ensure safety

Automatic driving system

Owner:CHERY AUTOMOBILE CO LTD

Power safety socket device

Owner:东莞科奔电器有限公司

Transaction verification method and system based on block chain

ActiveCN106548330APrevent balance leakageEnsure safetyPayment protocolsPayment circuitsVerification systemComposite number
Owner:ONE CONNECT SMART TECH CO LTD SHENZHEN
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products