An end to end the session key negotiation method for identity and location separation network architecture, including: when the first access node receives the first user terminal sends the encrypted call request, second user terminal carrying the encrypted call request identity, query second access node identification and effective routing the public key; generating the first access node end-to-end session key, and the end to the first user terminal to end the session key is sent, and the use of public key and effective query to the end to end the session key encryption is sent to the second access node; the second access node uses the effective public key corresponding to the private key and get the end key to end the session, and the end to end the session key is transmitted to the user terminal second. Accordingly, the invention also provides an end to end session key negotiation system. The above method and system have realized the end-to-end data message encryption, and can satisfy the legal monitor demand.
【技术实现步骤摘要】
【技术保护点】
1.一种端对端会话密钥协商方法,用于身份标识与位置分离的网络架构中,其特征在于,包括:当第一接入节点接收到第一用户终端发起的加密呼叫请求时,利用该加密呼叫请求中携带的第二用户终端的身份标识,查询第二接入节点的路由标识和有效的公钥;所述第一接入节点生成端对端会话密钥,并将所述端对端会话密钥发送给所述第一用户终端,并利用查询到的有效的公钥将该端对端会话密钥加密后发送给所述第二接入节点;所述第二接入节点利用所述有效的公钥对应的私钥解密并获取该端对端会话密钥,并将所述端对端会话密钥发送给所述第二用户终端。
【技术特征摘要】
【专利技术属性】
技术研发人员:张世伟,符涛,颜正清,
申请(专利权)人:中兴通讯股份有限公司,
类型:发明
国别省市:94[中国|深圳]
还没有人留言评论。发表了对其他浏览者有用的留言会获得科技券。