+

WO2008145621A2 - Procédé et système d'attribution de clé de sécurité pour une transmission en multidiffusion - Google Patents

Procédé et système d'attribution de clé de sécurité pour une transmission en multidiffusion Download PDF

Info

Publication number
WO2008145621A2
WO2008145621A2 PCT/EP2008/056393 EP2008056393W WO2008145621A2 WO 2008145621 A2 WO2008145621 A2 WO 2008145621A2 EP 2008056393 W EP2008056393 W EP 2008056393W WO 2008145621 A2 WO2008145621 A2 WO 2008145621A2
Authority
WO
WIPO (PCT)
Prior art keywords
security key
user equipment
service
key
multicast service
Prior art date
Application number
PCT/EP2008/056393
Other languages
English (en)
Other versions
WO2008145621A3 (fr
Inventor
Li Zhu
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Publication of WO2008145621A2 publication Critical patent/WO2008145621A2/fr
Publication of WO2008145621A3 publication Critical patent/WO2008145621A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Definitions

  • the present invention relates to network security technology, in particular to a method and a system for allocating a security key for a multimedia broadcast/multicast service (MBMS) in an internet protocol (IP) multimedia sub-system (IMS) .
  • MBMS multimedia broadcast/multicast service
  • IP internet protocol
  • IMS multimedia sub-system
  • An IMS system is a mobile network based on IP, which is increasingly evolved towards flatting. It provides multi- media services as well as platforms based in packet switch, and makes it possible for service providers and end users to obtain faster and more flexible applications from the innovation in the multi-media services.
  • the WCDMA/GSM global standardization organization 3GPP has proposed standards for multimedia broadcast/multicast service (MBMS) .
  • MBMS achieves in mobile networks the services of one-point to multi-point which transmit data from a data source to a plurality of users, so as to realize the sharing of network resources, to improve the utilization rate of network resources, and especially free interface resources.
  • a part of the data service can be accomplished via multicasting so as to save bandwidth.
  • the security mechanism based on existing IMS system is capable of providing a secure channel between user equipment (UE) and an application server (AS) to ensure the point-to- point communication between the UE and the AS; however, the MBMS service is a one point-to-multipoint service, the existing IMS security mechanism is incapable of ensuring the security of MBMS service data.
  • a common practice is to encrypt the MBMS service data packets transmitted from the AS, and then to transmit the encrypted data packets to various UE that use the service.
  • the user enjoying the MBMS service need to decrypt successfully the data packets transmitted from the AS, they need to get the multicast transmitting security key (MTK) corresponding to the service. Therefore, how to accomplish the case that the users utilizing the same service have the identical security key is a problem which needs urgent solution to ensure the safe applications of MBMS services in the IMS system.
  • MTK multicast transmitting security key
  • the main object of the present invention is to provide a method for allocating a security key for a multicast transmission, and by applying the method provided in the present invention it is possible to allocate the security key for the multicast transmission to user equipment for receiving MBMS data packets.
  • the present invention provides a method for allocating a security key for a multicast transmission, and this method comprises the following steps:
  • step B the operation of said application server to allocate the security key for multicast transmission according to the MBMS service requested by the user equipment comprises: determining by said application server the security key for the multicast transmission according to the MBMS service requested by the user equipment, and transmitting the same to said user equipment .
  • the method further comprises: allocating in advance by the application server a security key for multicast transmission to each MBMS service provided thereby; and wherein said step for determining by the application server the security key for multicast transmission comprises: determining by said application server the security key for multicast transmission corresponding to said MBMS service according to the security key for multicast transmission allocated in advance.
  • said request for the security key carries therein a service identification of the MBMS service requested by the user equipment; and said step for determining by the application server the security key for multicast transmission comprises: generating the security key for multicast transmission according to the service identification of the MBMS carried in the request for the security key by said application server by using an algorithm for generating the security key corresponding to the MBMS service.
  • said operation for the application server to allocate the security key for multicast transmission according to the MBMS service requested by the user equipment comprises: transmitting by said application server to the user equipment the security key generating information required for generating the security key for multicast transmission, and then generating by the user equipment the security key for multicast transmission.
  • said security key generating information comprises a security key generating parameter and a basic security key; and the operation for said user equipment to generate the security key for multicast transmission is that the user equipment generates the security key for multicast transmission according to the security key generating parameter and the basic security key.
  • said basic security key is generated according to shared information; and said operation for the user equipment to generate the security key for multicast transmission is that: the user equipment calculates the security key for multicast transmission according to its own shared information by eliminating from the basic security key an element of the shared information using the security key generating parameter .
  • said transmitting by the application server the security key generating information to the user equipment comprises: transmitting by said application server the security key generating parameter and the basic security key respectively to the user equipment; and after confirming that the user equipment has received one of them, further transmitting the other piece of information to the user equipment.
  • said user equipment requests for the security key by transmitting a service request message to said application server .
  • the method further comprises : establishing by the IMS system a secure channel between the user equipment and the IMS system when the user equipment registers in the IMS system; and carrying out said operations for transmitting the request for the security key and allocating the security key for multicast transmission on said established secure channel.
  • another main object of the present invention is to provide a system for allocating a security key for a multicast transmission, and the system may allocate a security key for multicast transmission to user equipment requesting the MBMS service.
  • the system for allocating the security key for multicast transmission comprises at least user equipment and an application server; wherein said user equipment is configured to request the security key from the application server corresponding to a MBMS service requested by the user equipment itself, and to receive the security key for multicast transmission allocated by the application server; and said application server is configured to receive the request for the security key transmitted by the user equipment, allocate according to the MBMS service currently requested by the user equipment the security key for multicast transmission corresponding to the service, and transmitting the same to the user equipment.
  • said application server is configured to transmit the security key generating information for generating the security key for multicast transmission to the user equipment; and said user equipment is configured to generate the security key for multicast transmission according to the received security key generating information.
  • the system further comprises: a proxy call session control function (P-CSCF) for connecting the user equipment to the application server; said user equipment is configured to interact with the application server via a secure connection between the user equipment itself and the P-CSCF; and said application server is configured to interact with the user equipment via a secure connection between the application server itself and the P-CSCF.
  • P-CSCF proxy call session control function
  • Another object of the present invention is to provide a user terminal, and the user terminal can obtain the security key for multicast transmission required for decrypting the MBMS service.
  • the user terminal comprises at least: a control unit, a transmitting unit and a receiving unit; wherein said control unit, which is connected with the transmitting unit and the receiving unit, is configured to request via the transmitting unit a security key from an application server corresponding to a requested MBMS service, and to receive via the receiving unit the security key for multicast transmission allocated by the application server; said transmitting unit, which is connected with the control unit, is configured to transmit the request for the security key according to an instruction from the control unit; and said receiving unit, which is connected with the control unit, is configured to transmit the received security key for multicast transmission to the control unit.
  • the user terminal further comprises a calculation unit; said receiving unit is configured to transmit received information for generating the security key to the calculation unit; and said calculation unit is configured to calculate the security key for multicast transmission according to the security key generating information transmitted from the receiving unit, and transmit the same to the control unit.
  • said transmitting unit and receiving unit are respectively configured to transmit to said application server and receive from said application server a message for allocating the security key for multicast transmission via secure connections between themselves and a proxy call session control function.
  • Another object of the present invention is to provide an application server for allocating a security key for multicast transmissions, and the application server can allocate to the users the security key for multicast transmission required to ensure the security of MBMS service.
  • said transmitting unit and receiving unit are respectively configured to transmit to said application server and receive from said application server a message for allocating the security key for multicast transmission via secure connections between themselves and a proxy call session control function.
  • the application server allocates for the user equipment a security key for multicast transmission in order to decrypt MBMS service data packets according to the MBMS service requested by the user equipment.
  • an application server allocates for the user equipment a security key for multicast transmission so as to decrypt the MBMS service packet, which ensures that the users using the same MBMS service have the same security key.
  • the present invention also provides a system for allocating security key for multicast transmissions, a user terminal, and an application server for allocating security key for multicast transmissions in the IMS network.
  • the security key for multicast transmission required for receiving the MBMS can be allocated to user equipment using the same MBMS.
  • the safety can be further ensured during the process of allocating the security key for multicast transmission on the basis of being capable to achieve the allocation of the security key for multicast transmission by the solution of the present invention.
  • Fig. 1 is a schematic flowchart of a method of the present invention
  • Fig. 2 is a schematic structural diagram of a system of the present invention
  • FIG. 3 is a flowchart of a first preferred embodiment of the method of the present invention
  • Fig. 4 is a structural diagram of the first preferred embodiment of the system of the present invention
  • Fig. 5 is a flowchart of a second preferred embodiment of the method of the present invention.
  • Fig. 6 is a structural diagram of the second preferred embodiment of the system of the present invention.
  • the main technical solution adopted in the embodiments of the present invention is that, when a user equipment requests a MBMS service from an application server in the IMS network, the application server allocates for the user equipment a security key for multicast transmission to decrypt the MBMS service data packets according to the MBMS service requested by the user equipment.
  • the application server when user equipment requests a MBMS service, the application server, by allocating for the user equipment the security key for multicast transmission to decrypt the MBMS service packets, which ensures that the users requesting the same MBMS service shall have the same security key.
  • Fig. 1 is a schematic flowchart of the method of the present invention.
  • the particular flow is as following: in step 101, after a user equipment has determined a MBMS service to be accessed by itself, the user equipment transmits a request message for the security key to an application server in the IMS network corresponding to the MBMS service; in step 102, after the application server has received the request message for the security key transmitted by the user equipment, it allocates according to the current MBMS service requested by the user equipment a security key for multicast transmission corresponding to the service.
  • said request message for the security key can be a service request message for requesting a multicast service from the application server by the user equipment.
  • Fig. 2 is a schematic structural diagram of the system of the present invention.
  • the system comprises: user equipment 21 and an application server 22.
  • the user equipment 21 is configured to transmit to the application server 22 a request message for the security key corresponding to the MBMS service after it has determined the MBMS service to be accessed by itself, and to receive the security key for multicast transmission allocated by the application server 22.
  • the application server 22 is configured to allocate the security key for multicast transmission corresponding to the service according to the MBMS currently requested by the user equipment 21 after having received the request message for the security key transmitted by the user equipment 21, and to transmit the same to the user equipment 21.
  • the technical solution of the present invention are described in detail.
  • the first preferred embodiment to be described is mainly the case of generating the security key for multicast transmission by the application server; and the second preferred embodiment to be described is about generating the security key for multicast transmission by the user equipment according to the security key parameters determined by the application server.
  • this is a flowchart of the method of the first preferred embodiment of the present invention. It comprises in particular the following steps:
  • step 301 after having determined the MBMS service to be used by it, the user equipment transmits a service request message to the application server.
  • step 302 after having received the request message transmitted by the user equipment, the application server allocates the security key for multicast transmission to the user equipment according to the MBMS service requested by the user equipment and returns it to the user equipment, and the security key for multicast transmission can carry a 200 OK response message returned from the application server.
  • the 200 OK response message is a standard session initiation protocol message, acknowledging the receipt of the service request message.
  • the allocation of the security key for multicast transmission by the application server to the user equipment can be achieved by using the following method. For example, when the application server only provides one MBMS service, the application server may allocate a corresponding security key for multicast transmission in advance for the MBMS service provided thereby; when user equipment requests the MBMS service, the security key for multicast transmission allocated to the MBMS service in advance is transmitted to the user equipment.
  • the application server can allocate a security key for multicast transmission in advance for each of the MBMS services, and determine the security key for multicast transmission to the user equipment according to an MBMS service identification carried in the request message from the user equipment .
  • an application server can provide a plurality of MBMS services
  • the security key generation algorithm herein should be the same for the same requested MBMS service.
  • step 303 after the user equipment has received the security key for multicast transmission, it will return an ACK message to the application server.
  • the ACK message herein is to acknowledge to the other party.
  • the application server When the application server has received the message transmitted from the user equipment, then it can be determined that the user equipment has received the security key allocated to it. Then, the user equipment can use the security key for multicast transmission to decrypt the MBMS service data packets transmitted from the application server.
  • the security of the process for allocating the security key for multicast transmission itself cannot be overlooked.
  • a secure channel which is set up with the network side when the user equipment is registered with the IMS network to transmit the message during the allocation of the security key for multicast transmission.
  • P-CSCF proxy call session control function
  • the connections between the network entities belonging to the IMS network are safe. Therefore, as long as a secure channel is established between the user equipment and the P-CSCF, the secure channels to the network entities in the IMS network are established, including the application server providing the MBMS service to the user equipment.
  • the system comprises at least: a user equipment 41 and an application server 42.
  • the user equipment 41 is configured to transmit to the application server 42 a request message for the security key for the corresponding MBMS service after having determined the MBMS service to be accessed by it, and to receive the security key for multicast transmission allocated by the application server 42.
  • the application server 42 is configured to allocat the security key for multicast transmission corresponding to the MBMS service requested by the user equipment 41 after having received the request message for the security key transmitted by the user equipment 41, and to transmit the same to the user equipment 41.
  • the system further comprises: a P-CSCF 43, which is configured to connect the user equipment 41 to the application server 42.
  • the user equipment 41 is configured to interact with the application server 42, receive and transmit the messages with the application server 42 via the secure link between itself and P-CSCF 43; and the application server 42 is configured to interact with the user equipment 41, receive and transmit the messages with the user equipment 41 via the secure link between itself and P-CSCF 43.
  • the user equipment 41 comprises a control unit 411, a transmitting unit 412 and a receiving unit 413.
  • the control unit 411 is configured to transmit to the application server 42 a request message for the security key corresponding to the MBMS service via the transmitting unit 412, after the user equipment 41 in which the control unit 411 is located has determined the MBMS service to be accessed by itself; and to receiving the security key for multicast transmission allocated by the application server 42 via the receiving unit 413.
  • the transmitting unit 412 is configured to transmit the request message for the security key according to an instruction of the control unit 411; and the receiving unit 413 is configured to transmit the received security key for multicast transmission to the control unit 411.
  • the transmitting unit 412 and the receiving unit 413 can be respectively configured to transmit a message for allocating the security key for multicast transmission to the application server 42 and receive a message for allocating the security key for multicast transmission transmitted from the application server 42 via the secure link between themselves and the P-CSCF.
  • the application server 42 comprises a processing unit 422, a transmitting unit 423 and a receiving unit 421.
  • the processing unit 422 is configured to receive a request for the security key transmitted by the user equipment 41 via the receiving unit 421, to generating the security key for multicast transmission for the MBMS service requested by the user equipment 41 or to generate a security key generating parameter required for generating the security key for multicast transmission, and transmit the same to the user equipment 41 via the transmitting unit 423;
  • the receive unit 421 is configured to transmit the received request message for the security key to the processing unit 422;
  • the transmitting unit 423 is configured to transmit the security key for multicast transmission to the user equipment 41 according to an instruction of the processing unit 422.
  • the transmitting unit 423 and the receiving unit 421 can be respectively configured to transmit a message for allocating the security key for multicast transmission to the user equipment 41 and to receiving a message for allocating the security key for multicast transmission transmitted from the user equipment 41 via the secure link between themselves and the P-CSCF.
  • Fig. 5 is a flowchart of the method of a second preferred embodiment of the present invention.
  • the particular method used is to transmit the information for generating the security key for multicast transmission to the user equipment by the application server, and the security key for multicast transmission is generated by the user equipment itself.
  • the method can ensure the security of the process for allocating and transmitting the security key because the security key is not transmitted directly in the transmission process. It comprises the following steps:
  • step 501 the details of implementing step 501 are the same as that of step 201, thus will not be repeated herein.
  • the message usually will carry a Session Initial Protocol (SIP) identification of the MBMS service selected by the user equipment, and a Global Routable UA URI identification presenting its own linking address.
  • SIP Session Initial Protocol
  • step 502 the application server returns the multicast medium information and the security key generating parameter to the user equipment, and the information and parameter can be returned to the user equipment by 200 OK.
  • a security key calculation algorithm is included in the security key generating parameter.
  • the information for generating the security key for multicast transmission can be a SIP session identification and/or GRUU, and so on.
  • step 503 after the user equipment has received the message , it returns an ACK message to the application server to confirm the receipt of the message transmitted in step 503.
  • step 504 the application server generates a basic security key and transmits it to the user equipment, and the basic security key can be carried in Info message for transmission .
  • the security key for multicast transmission can be calculated.
  • the basic security key and the security key generating parameter are collectively called security key generating information.
  • the composition of the basic security key can be arbitrary and random numbers; it also can be a code string which is capable to uniquely identify this time of the MBMS service
  • a shared information between the application server and the user equipment is added into the basic information, namely the basic security key is generated according to the share information; while at the user equipment side, the user equipment calculates the security key for multicast transmission by eliminating elements in the shared information from the basic security key by using the security key generating parameter according to the user equipment and the application server.
  • the shared information can be the user' s information; it can also be information of a MBMS service.
  • the basic security key then can be calculated as follows: ⁇ " ' . Wherein, X
  • the user equipment can be by way of exchange transmission between the user equipment and the application server; also it can be the information which has been known by both the user equipment and the application server in advance.
  • step 505 after the user equipment has received the message , it returns an ACK message to the application server, to confirm the receipt of the message transmitted in step 504.
  • step 506 the user equipment generates the security key for multicast transmission according to the security key calculating parameter received in step 502, and the basic security key received in step 505. Since the security key for multicast transmission is used by all the users using the same service, if the user equipment's own information is carried in the basic security key, then it is necessary to eliminate from it the elements of user equipment's own in the algorithm of generating the security key for multicast transmission. For example, when the basic
  • the application server After the application server has received the message transmitted from the user equipment, it can then determine that the user equipment has received the security key allocated to it. After this, the user equipment can use the security key for multicast transmission to decrypt the MBMS service data packets transmitted from the application server.
  • the security key generating parameter and the basic security key are separately transmitted twice.
  • the security key generating parameter and the basic security key can also be transmitted in one transmission.
  • the security key generating parameter is transmitted first, and then the basic security key is transmitted; after confirming that the information transmitted in the first time has been received by the other end, the second transmitting is then performed, so as to avoid that too much security information is intercepted by a prying party thus allowing the prying party to gather enough data for analyzing the intercepted information.
  • Fig. 6 is a structural diagram of the method of the second preferred embodiment of the present invention.
  • the user equipment 61 is configured to transmit to the application server 62 a request message for the security key corresponding to the MBMS service after having determined an MBMS service to be accessed by the user equipment 61, and to generate the security key for multicast transmission according to the received security key generating information.
  • the application server 62 is configured to allocate the security key for multicast transmission corresponding to the MBMS service requested by the user equipment 61 after having received the request message for the security key transmitted by the user equipment 61, and to transmit to the user equipment 61 the security key generating information for generating the security key for multicast transmission .
  • the system further comprises: a P-CSCF63, which is configured to connect the user equipment 61 and the application server 62.
  • the user equipment 61 is configured to interact with the application server 62, to receive/transmit the messages from/to the application server 62 via the secure link between itself and P-CSCF63; and the application server 62 is configured to interact with the user equipment 61, to receive/transmit the messages from/to the user equipment 61 via the secure link between itself and P-CSCF63.
  • the user equipment 61 comprises a control unit 611, a transmitting unit 612, a receiving unit 613 and a calculating unit 614.
  • the control unit 611 is configured to transmit to the application server 62 the request message for the security key corresponding to the MBMS service via the transmitting unit 612 after the user equipment 61 has determined the MBMS service to be accessed by itself.
  • the transmitting unit 612 is configured to transmit the request message for the security key according to an instruction of the control unit 611.
  • the receiving unit 613 is configured to transmit the received security key generating information to the calculating unit 614.
  • the calculating unit 614 is configured to calculate the security key for multicast transmission according to the security key generating information transmitted by the receiving unit 613, and transmit the same to the control unit 611.
  • the transmitting unit 612 and the receiving unit 613 are respectively configured to transmit the message for allocating the security key for multicast transmission to the application server 62 and receive the message for allocating the security key for multicast transmission transmitted from the application server 62 via the secure link between themselves and the P-CSCF.
  • the application server 62 comprises at least a processing unit 622, a transmitting unit 623 and a receiving unit 621.
  • the processing unit 622 is configured to receive the request for the security key transmitted by the user equipment 61 via the receiving unit 621, generate the security key generating parameter for the security key for the MBMS service requested by the user equipment 61, and transmit the same to the user equipment 61 via the transmitting unit 623.
  • the receiving unit 621 is configured to transmit the received request message for the security key to the processing unit 622.
  • the transmitting unit 623 is configured to transmit the security key for multicast transmission to the user equipment 61 according to an instruction of the processing unit 622.
  • the transmitting unit 623 and the receiving unit 621 in the application server 62 can also be used respectively for transmitting a message for allocating the security key for multicast transmission to the user equipment 61, and to receive a message for allocating the security key for multicast transmission transmitted from the user equipment 61 via a secure link between themselves and the P-CSCF.
  • the method for allocating the security key for multicast transmission by the application server in the present invention can be used at any stage before the user equipment receives the MBMS data packets and after the time of having determined the MBMS service to be used thereby. For example, it can be after the user equipment has finished the registration with the IMS network or the activation procedure of the MBMS service.
  • the present invention by using the application server, at the time that the user equipment requests a MBMS service, to allocate to the user equipment the security key for multicast transmission for decrypting the service, it therefore ensures that the users using the same MBMS service have the same security key.
  • the present invention also provides a system for allocating the security key for multicast transmission, a user terminal, and an application server for in the IMS network. By using the technical solutions provided by the present invention, it is possible to allocate the security key for multicast transmission required for receiving the MBMS service to all the user equipment using the same MBMS service.
  • the security can be further ensured during the process for allocating the security key for multicast transmission on the basis that the technical solution of the present invention is capable of accomplishing the allocation of the security key for multicast transmission.
  • a user equipment may issue a multicast service request to a server, e.g. an IMS application server (AS) .
  • the request may be transmitted to the IMS AS by using a session initiation protocol (SIP) message, e.g. INVITE.
  • SIP session initiation protocol
  • the IMS AS may respond with information relating to multicast media and security by using a SIP message, e.g. 200 OK.
  • Said information may comprise an algorithm needed for the multicast service and possible some other information such as the contact address of the UE, additional shared information relating to SIP dialog, GRUU, etc.
  • the UE may acknowledge the receipt of the information transited by the IMS AS.
  • the IMA AS may provide a MBMS service key (MSK) to the UE via, e.g. a SIP message Info.
  • MSK MBMS service key
  • this message may be spared by delivering the MSK together with the information relating to multicast media and security to the UE when IMS AS responds to the service request.
  • the UE may issue an acknowledgement to the IMS AS through, e.g. a SIP message 200 OK.
  • the delivery of the MSK is combined with the response to the UE' s service request transmitted by the IMS AS, the acknowledgement is not needed.
  • the UE may use the received algorithm and the MSK to generate a MBMS traffic key (MTK) , which may be used to decrypt multicast data relating to the requested multicast service.
  • MTK MBMS traffic key
  • the multicast service may be provided by the same IMS AS or by a different server.
  • Functions of the user equipment described above may be implemented by code means, as software, and loaded into memory of a computer, for example into a mobile phone.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé pour attribuer une clé de sécurité pour une transmission en multidiffusion, le procédé comprenant les étapes consistant à : a) demander par un équipement utilisateur la clé de sécurité pour la transmission en multidiffusion correspondant à un service de diffusion/multidiffusion multimédia (MBMS) demandé par l'équipement utilisateur lui-même à un serveur d'applications de sous-système multimédia (IMS) basé sur un protocole Internet; et b) attribuer par ledit serveur d'applications la clé de sécurité pour une transmission en multidiffusion correspondant au service à l'équipement utilisateur selon le service MBMS actuellement demandé par l'équipement utilisateur. En outre, la présente invention concerne également un système pour attribuer une clé de sécurité pour une transmission en multidiffusion, un terminal utilisateur et un serveur d'applications. L'utilisation des solutions techniques fournies par la présente invention permet d'attribuer la clé de sécurité pour une transmission en multidiffusion nécessaire pour recevoir le MBMS à un équipement utilisateur utilisant le même MBMS. L'adoption des solutions techniques de la présente invention permet en outre d'assurer la sécurité durant le processus d'attribution de la clé de sécurité pour une transmission en multidiffusion sur la base de l'accomplissement de l'attribution de la clé de sécurité pour une transmission en multidiffusion par l'intermédiaire d'un canal sécurisé entre l'équipement utilisateur et le serveur d'applications.
PCT/EP2008/056393 2007-05-29 2008-05-26 Procédé et système d'attribution de clé de sécurité pour une transmission en multidiffusion WO2008145621A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710106442.4 2007-05-29
CN 200710106442 CN101316437A (zh) 2007-05-29 2007-05-29 一种分配组播传输密钥的方法及系统

Publications (2)

Publication Number Publication Date
WO2008145621A2 true WO2008145621A2 (fr) 2008-12-04
WO2008145621A3 WO2008145621A3 (fr) 2009-04-09

Family

ID=40075577

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/056393 WO2008145621A2 (fr) 2007-05-29 2008-05-26 Procédé et système d'attribution de clé de sécurité pour une transmission en multidiffusion

Country Status (2)

Country Link
CN (1) CN101316437A (fr)
WO (1) WO2008145621A2 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159742A (zh) * 2019-12-26 2020-05-15 Oppo广东移动通信有限公司 密钥管理方法、服务代理、终端设备、系统以及存储介质

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7400729B2 (en) * 2001-12-28 2008-07-15 Intel Corporation Secure delivery of encrypted digital content
KR100987207B1 (ko) * 2003-08-02 2010-10-12 삼성전자주식회사 멀티미디어 방송/다중방송 서비스를 지원하는이동통신시스템에서의 암호화 방법
GB2423221A (en) * 2005-02-14 2006-08-16 Ericsson Telefon Ab L M Key delivery method involving double acknowledgement

Also Published As

Publication number Publication date
WO2008145621A3 (fr) 2009-04-09
CN101316437A (zh) 2008-12-03

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
US20180146362A1 (en) Data transmission method for edge multimedia broadcast/multicast service (mbms) service and related device
KR101353209B1 (ko) 무선 통신 시스템 내의 멀티캐스트 통신 세션과 연관된 메시지의 보안
JP5550627B2 (ja) 通信システムにおけるグループ通信
CN100488139C (zh) 建立聊天室数据传输通道实现聊天消息传送的方法
CN102546559B (zh) 受限网络中端到端传输数据的方法、设备和系统
US20070071002A1 (en) Method and apparatus for verifying encryption of sip signalling
EP4184821B1 (fr) Procédé et dispositif de communication à base d'un canal de données ims
CN101379802B (zh) 在媒体服务器和用户设备之间以加密方式传输媒体数据的方法和装置
JP6937826B2 (ja) ミッションクリティカルプッシュツートーク・マルチメディアブロードキャストマルチキャストサービスサブチャネル制御メッセージの保護
KR20070073343A (ko) 이동통신 ims시스템에서 아이들모드 단말기의 세션 설정프로토콜 데이터를 전송하는 방법 및 장치
CN101317404A (zh) Ip报文传输、协商带宽节省能力和节省网络带宽的方法及系统
US20070253417A1 (en) Address translation in a communication system
US20090106389A1 (en) Sharing Multimedia
WO2009129718A1 (fr) Procédé, équipement et système pour mettre en œuvre un partage de fichier dans une conférence audio/vidéo
CN106850399A (zh) 一种基于WebRTC技术即时消息的通信方法
CN107925848A (zh) 用于跨多个平面的标识管理的方法和系统
CN108702359A (zh) 用于增强mbms内容提供和内容摄取的方法和装置
WO2008040213A1 (fr) Procédé, système et dispositif de chiffrement et de signature de messages dans un système de communication
CN102255906B (zh) 数据发送和接收方法、设备及系统
CN101227272A (zh) 一种获取媒体流保护密钥的方法和系统
CN101997846A (zh) 会话处理方法和设备及通信系统
WO2010111938A1 (fr) Procédé, appareil et système destinés à traiter un service de diffusion multimédia en continu
CN114900500B (zh) 呼叫控制方法、应用服务器、通信系统以及存储介质
WO2008145621A2 (fr) Procédé et système d'attribution de clé de sécurité pour une transmission en multidiffusion

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08759992

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08759992

Country of ref document: EP

Kind code of ref document: A2

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载