[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114630290B - Key negotiation method, device, equipment and storage medium for voice encryption call - Google Patents

Key negotiation method, device, equipment and storage medium for voice encryption call Download PDF

Info

Publication number
CN114630290B
CN114630290B CN202210368018.1A CN202210368018A CN114630290B CN 114630290 B CN114630290 B CN 114630290B CN 202210368018 A CN202210368018 A CN 202210368018A CN 114630290 B CN114630290 B CN 114630290B
Authority
CN
China
Prior art keywords
key
identity
calling terminal
session
called terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210368018.1A
Other languages
Chinese (zh)
Other versions
CN114630290A (en
Inventor
郭茂文
张�荣
黎艳
卢燕青
刘大方
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210368018.1A priority Critical patent/CN114630290B/en
Publication of CN114630290A publication Critical patent/CN114630290A/en
Application granted granted Critical
Publication of CN114630290B publication Critical patent/CN114630290B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/16Communication-related supplementary services, e.g. call-transfer or call-hold
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

The invention provides a key negotiation method, a device, equipment and a storage medium for voice encryption call, and the method applied to a calling terminal comprises the following steps: generating a session key; calculating an identity identification public key of the called terminal based on the identity identification of the called terminal and the public parameter; encrypting the session key by using the identity public key of the called terminal; digital signature is carried out by utilizing the identity private key of the calling terminal to obtain signature information; transmitting a session description protocol proposal message to the called terminal; receiving a session description protocol response message sent by the called terminal; and encrypting the voice stream sent to the called terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the called terminal. The invention solves the potential safety hazard that the VoLTE voice service of the user is monitored.

Description

Key negotiation method, device, equipment and storage medium for voice encryption call
Technical Field
The present invention relates to the field of voice communication, and in particular, to a method, an apparatus, a device, and a storage medium for key agreement in voice encryption communication.
Background
Currently, voice over Long-Term Evolution (LTE) Voice service based on LTE (Long Term Evolution ) network has become a main mode for providing Voice service for operators. VoLTE voice service based on IMS (IP Multimedia Subsystem, IP multimedia system) has high bandwidth, high speed, low time delay, better QoS (Quality of Service, service quality), shorter call connection duration and the like, and can bring better use experience to users.
VOLTE is based on an IP Multimedia Subsystem (IMS) network, and uses configuration files tailored to the Control plane and the media plane (MEDIA PLANE) of the voice services over LTE to enable the voice services (Control and media planes) to be transported as data flows in the LTE data bearer network without requiring maintenance and reliance on conventional circuit switched voice networks.
VoLTE is essentially a call process based on IP data transmission. The voice service of the user VoLTE is possibly monitored due to the problems of the openness of the IP network, such as easy attack, intercepted traffic and the like. Therefore, when people enjoy the convenience brought by the voice multimedia service, the security problem in the voice call process is also inevitably faced, and the voice call is intercepted, which is one of the most common security problems.
Therefore, how to solve the potential safety hazard that the VoLTE voice service of the user is monitored is a technical problem to be solved urgently by the person skilled in the art.
It should be noted that the information disclosed in the foregoing background section is only for enhancement of understanding of the background of the invention and thus may include information that does not form the prior art that is already known to those of ordinary skill in the art.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a key negotiation method, a device, equipment and a storage medium for voice encryption call, which overcome the difficulties in the prior art and solve the potential safety hazard that the VoLTE voice service of a user is monitored.
The embodiment of the invention provides a key negotiation method for voice encryption call, which is applied to a calling terminal and comprises the following steps:
Generating a session key;
Calculating an identity identification public key of the called terminal based on the identity identification of the called terminal and the public parameter;
encrypting the session key by using the identity public key of the called terminal;
Digital signature is carried out by utilizing the identity private key of the calling terminal to obtain signature information;
Transmitting a session description protocol proposal message to the called terminal, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, and the session description protocol proposal message is used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter;
Receiving a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
And encrypting the voice stream sent to the called terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the called terminal.
In some embodiments of the present application, the generating the session key is preceded by:
An identity private key acquisition request is sent to an identity key server, wherein the identity private key acquisition request comprises an identity of the calling terminal, and the identity is user number information;
And receiving an identity private key of the calling terminal and the public parameter, which are sent by the identity key server, wherein the identity private key is obtained based on the identity of the calling terminal through calculation.
According to still another aspect of the present application, there is also provided a key agreement method for voice encryption call, applied to a called terminal, the key agreement method including:
Receiving a session description protocol proposal message actively sent by a calling party, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encrypting an identity public key of the called terminal, and the signature information is obtained by carrying out digital signature on an identity private key of the calling terminal;
calculating an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
Verifying the signature information based on the identity public key of the calling terminal;
Decrypting the encrypted session key based on the identity private key of the called terminal;
Determining an encryption algorithm for voice encryption call according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
Transmitting a session description protocol response message to the calling terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
And encrypting the voice stream sent to the calling terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the calling terminal.
In some embodiments of the present application, before the receiving the session description protocol proposal message actively sent by the caller, the method further includes:
an identity private key acquisition request is sent to an identity key server, wherein the identity private key acquisition request comprises the identity of the called terminal, and the identity is user number information;
and receiving an identity private key of the called terminal and the public parameter, which are sent by the identity key server, wherein the identity private key is obtained based on the identity of the called terminal through calculation.
According to still another aspect of the present application, there is also provided a key agreement device for voice encryption call, applied to a calling terminal, the key agreement device including:
A session key generation module configured to generate a session key;
The public key calculation module of the called terminal is configured to calculate the public key of the identity of the called terminal based on the identity of the called terminal and the public parameter;
A session key encryption module configured to encrypt the session key by using an identity public key of the called terminal;
the digital signature module is configured to carry out digital signature by using the identity identification private key of the calling terminal to obtain signature information;
A proposal message sending module configured to send a session description protocol proposal message to the called terminal, the session description protocol proposal message including an encrypted session key, signature information, and an encryption algorithm supported by the calling terminal, the session description protocol proposal message being used by the called terminal to verify the signature information based on the identity of the calling terminal and the public parameter, and decrypt the session key;
The response message receiving module is configured to receive a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
And the calling voice call encryption and decryption module is configured to encrypt a voice stream sent to the called terminal through the session key and the determined encryption algorithm and decrypt the voice stream received from the called terminal.
According to still another aspect of the present application, there is also provided a key agreement device for voice encryption call, applied to a called terminal, the key agreement device including:
a proposal message receiving module configured to receive a session description protocol proposal message actively sent by a calling party, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encryption of an identity public key of the called terminal, and the signature information is obtained by digital signature of an identity private key of the calling terminal;
a calling public key calculation module configured to calculate an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
a signature verification module configured to verify the signature information based on an identity public key of the calling terminal;
A session key decryption module configured to decrypt the encrypted session key based on an identity private key of the called terminal;
The encryption algorithm determining module is configured to determine an encryption algorithm for voice encryption call according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
a response message sending module configured to send a session description protocol response message to the calling terminal, the session description protocol response message including session key confirmation information and encryption algorithm confirmation information;
And the called voice call encryption and decryption module is configured to encrypt the voice stream sent to the calling terminal through the session key and the determined encryption algorithm and decrypt the voice stream received from the calling terminal.
According to still another aspect of the present application, there is also provided a key agreement system for a voice encryption call, including:
A calling terminal configured to perform a key negotiation method applied to the calling terminal;
a called terminal configured to perform a key negotiation method applied to the called terminal;
and the identity identification key server is configured to send the identity identification private key and the public parameter to the calling terminal and the called terminal.
In some embodiments of the present application, the identification key server uses SM9 algorithm to send identification private key and the public parameter to the calling terminal and the called terminal.
According to still another aspect of the present invention, there is also provided a key agreement processing apparatus for voice encryption call, including:
A processor;
A memory having stored therein executable instructions of the processor;
Wherein the processor is configured to perform the steps of the key agreement method of a voice encrypted call as described above via execution of the executable instructions.
Embodiments of the present invention also provide a computer-readable storage medium storing a program that, when executed, implements the steps of the key agreement method for voice encryption telephony described above.
Compared with the prior art, the invention aims at:
On the premise of not changing the existing VoLTE service mode and user experience, the VoLTE terminal realizes the key negotiation of the end-to-end encrypted call based on the identity, thereby carrying out encrypted transmission on the VoLTE RTP (Real-time Transport Protocol, real-time transmission protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when the VoLTE voice call is initiated each time, is safely transmitted and synchronized to the called terminal in the call establishment process through an encryption and decryption algorithm based on the identity, does not need to be distributed from the network side each time, reduces the dependence on the network, and is safer and more reliable in transmission. Therefore, the transmission of the session key is carried out in a safer and more reliable mode without changing the original service mode and user experience, thereby solving the potential safety hazard that the VoLTE voice service of the user is monitored.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings.
Fig. 1 is a flowchart of one embodiment of a key agreement method of the present invention applied to a voice encryption call of a calling terminal.
Fig. 2 is a flowchart of another embodiment of a key agreement method applied to a voice encryption call of a calling terminal of the present invention.
Fig. 3 is a flowchart of one embodiment of a key agreement method applied to a voice encryption call of a called terminal of the present invention.
Fig. 4 is a flowchart of another embodiment of a key agreement method applied to a voice encryption call of a called terminal of the present invention.
Fig. 5 is a block diagram of an embodiment of a key agreement device applied to a voice encryption call of a calling terminal of the present invention.
Fig. 6 is a block diagram of another embodiment of a key agreement device applied to a voice encryption call of a calling terminal of the present invention.
Fig. 7 is a block diagram of an embodiment of a key agreement device applied to a voice encryption call of a called terminal according to the present invention.
Fig. 8 is a block diagram of another embodiment of a key agreement device applied to a voice encryption call of a called terminal according to the present invention.
Fig. 9 is a block diagram of a key agreement system for voice encryption telephony according to the present invention.
Fig. 10 is a schematic diagram of the key agreement device of the voice encryption call of the present invention.
Fig. 11 is a schematic structural view of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the example embodiments may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus a repetitive description thereof will be omitted.
Referring to fig. 1, fig. 1 is a flowchart of an embodiment of a key agreement method applied to a voice encryption call of a calling terminal of the present invention. The embodiment of the invention provides a key negotiation method applied to voice encryption communication of a calling terminal, which comprises the following steps:
step S110: a session key is generated.
Step S120: and calculating the identity identification public key of the called terminal based on the identity identification of the called terminal and the public parameter.
Step S130: and encrypting the session key by using the identity public key of the called terminal.
Step S140: and carrying out digital signature by using the identity private key of the calling terminal to obtain signature information.
Step S150: and sending a session description protocol proposal message to the called terminal, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, and the session description protocol proposal message is used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter.
In particular, the session description protocol offer message may be a SIP INVITE (SDP offer) message, whereby negotiations with session keys may be performed through the original business process.
Step S160: and receiving a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information.
Specifically, the session description protocol response message may be SIP INVITE 200, 200OK (SDP answer), so that negotiation with the session key may be performed through the original service flow.
Step S170: and encrypting the voice stream sent to the called terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the called terminal.
Specifically, both the calling terminal and the called terminal may be VoLTE terminals.
Therefore, in the call process, the calling party and the called party encrypt the sent RTP voice stream respectively through the session key, decrypt the received RTP voice stream and realize the VoLTE voice safety call function of the two parties.
Referring now to fig. 2, fig. 2 is a flow chart of another embodiment of the key agreement method of the present invention applied to a voice encryption call of a calling terminal. Step S110 to step S170 in fig. 2 are the same as those in fig. 1, and are not repeated here. Before step S110 is shown in fig. 2, the following steps may be further included:
step S101: and sending an identity private key acquisition request to an identity key server, wherein the identity private key acquisition request comprises the identity of the calling terminal, and the identity is user number information.
Step S102: and receiving an identity private key of the calling terminal and the public parameter, which are sent by the identity key server, wherein the identity private key is obtained based on the identity of the calling terminal through calculation.
In particular, the identification server may employ the SM9 algorithm to generate the master key and the public parameters. Specifically, the identity server can perform identity authentication on the calling terminal after receiving an identity private key acquisition request sent by the calling terminal. Specifically, when the identity server issues the identity private key and the public parameter of the calling terminal to the calling terminal, the private key and the public parameter can be protected by transmission through an auxiliary security channel, such as GBA (GeneralBootstrappingArchitecture, general authentication mechanism) mode based on a telecommunication network.
Referring now to fig. 3, fig. 3 is a flow chart of one embodiment of a key agreement method of the present invention applied to a voice encrypted call of a called terminal. Fig. 3 shows the following steps in total:
Step S210: and receiving a session description protocol proposal message actively sent by a calling party, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encrypting an identity public key of the called terminal, and the signature information is obtained by carrying out digital signature on an identity private key of the calling terminal.
In particular, the session description protocol offer message may be a SIP INVITE (SDP offer) message, whereby negotiations with session keys may be performed through the original business process.
Step S220: and calculating an identity identification public key of the calling terminal based on the identity identification of the calling terminal and the public parameter.
Step S230: and verifying the signature information based on the identity public key of the calling terminal.
Step S240: decrypting the encrypted session key based on the identity private key of the called terminal.
Step S250: and determining an encryption algorithm for voice encryption call according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal.
Step S260: and sending a session description protocol response message to the calling terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information.
Specifically, the session description protocol response message may be SIP INVITE 200, 200OK (SDP answer), so that negotiation with the session key may be performed through the original service flow.
Step S270: and encrypting the voice stream sent to the calling terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the calling terminal.
Specifically, both the calling terminal and the called terminal may be VoLTE terminals.
Therefore, in the call process, the calling party and the called party encrypt the sent RTP voice stream respectively through the session key, decrypt the received RTP voice stream and realize the VoLTE voice safety call function of the two parties.
Referring now to fig. 4, fig. 4 is a flow chart of another embodiment of the key agreement method of the present invention applied to a voice encrypted call of a called terminal. Step S210 to step S270 in fig. 4 are the same as those in fig. 3, and are not repeated here. Before step S210 is shown in fig. 4, the following steps may be further included:
Step S201: an identity private key acquisition request is sent to an identity private key server, wherein the identity private key acquisition request comprises the identity of the called terminal;
Step S202: and receiving an identity private key of the called terminal and the public parameter, which are sent by the identity key server, wherein the identity private key is obtained based on the identity of the called terminal through calculation.
In particular, the identification server may employ the SM9 algorithm to generate the master key and the public parameters. Specifically, the identity server can perform identity authentication on the called terminal after receiving an identity private key acquisition request sent by the called terminal. Specifically, when the identity server issues the identity private key and the public parameter of the called terminal to the called terminal, the private key and the public parameter can be protected by transmission through an auxiliary security channel, such as GBA (GeneralBootstrappingArchitecture, general authentication mechanism) mode based on a telecommunication network.
Therefore, the application realizes the key negotiation of the end-to-end encrypted call by the VoLTE terminal based on the identity without changing the prior VoLTE service mode and user experience, thereby carrying out encrypted transmission on the VoLTE RTP (Real-time Transport Protocol, real-time transmission protocol) message. Meanwhile, session keys of some VoLTE voice encryption technologies are generated and distributed to VoLTE terminals through a password server arranged on a network side according to request messages, the mode has high requirements on network instantaneity and performance of the password server, and a safety channel is needed between the password server and the terminals. The VoLTE voice encryption session key is generated by the calling terminal when the VoLTE voice call is initiated each time, is safely transmitted and synchronized to the called terminal in the call establishment process through the encryption and decryption algorithm based on the identity, does not need to be distributed from the network side each time, reduces the dependence on the network, and is safer and more reliable in transmission. Therefore, the transmission of the session key is carried out in a safer and more reliable mode without changing the original service mode and user experience, thereby solving the potential safety hazard that the VoLTE voice service of the user is monitored.
The foregoing is merely illustrative of specific embodiments of the present invention, and the present invention is not limited thereto, and the splitting, merging, performing sequence change, module splitting, merging, and information transmission change of the steps are all within the scope of the present invention.
Fig. 5 is a block diagram of an embodiment of a key agreement device applied to a voice encryption call of a calling terminal of the present invention. The key agreement device 300 for calling voice encryption call of the present invention, as shown in fig. 5, includes but is not limited to: a session key generation module 310, a called terminal public key calculation module 320, a session key encryption module 330, a digital signature module 340, a proposal message transmission module 350, a response message reception module 360, and a caller voice call encryption and decryption module 370.
The session key generation module 310 is configured to generate a session key;
the called terminal public key calculation module 320 is configured to calculate an identity public key of the called terminal based on the identity of the called terminal and the public parameter;
The session key encryption module 330 is configured to encrypt the session key with the public key of the identity of the called terminal;
the digital signature module 340 is configured to obtain signature information by performing digital signature by using the identity private key of the calling terminal;
The proposal message sending module 350 is configured to send a session description protocol proposal message to the called terminal, where the session description protocol proposal message includes an encrypted session key, signature information, and an encryption algorithm supported by the calling terminal, and the session description protocol proposal message is used by the called terminal to verify the signature information based on the identity of the calling terminal and the public parameter, and decrypt the session key;
The response message receiving module 360 is configured to receive a session description protocol response message sent by the called terminal, where the session description protocol response message includes session key confirmation information and encryption algorithm confirmation information;
The calling voice call encryption and decryption module 370 is configured to encrypt a voice stream sent to the called terminal by the session key and the determined encryption algorithm, and decrypt a voice stream received from the called terminal.
The implementation principle of the above modules refers to the related description in the key negotiation method of the voice encryption call, and will not be repeated here.
Fig. 6 is a block diagram of another embodiment of a key agreement device for a caller voice encryption call according to the present invention. The key agreement means 300' of the caller voice encryption call of the present invention includes, but is not limited to: a caller private key request module 301, a caller private key receiving module 302, a session key generation module 310, a callee public key calculation module 320, a session key encryption module 330, a digital signature module 340, a proposal message sending module 350, a response message receiving module 360, and a caller voice call encryption and decryption module 370.
The session key generation module 310, the called terminal public key calculation module 320, the session key encryption module 330, the digital signature module 340, the offer message transmission module 350, the answer message reception module 360, and the caller voice call encryption/decryption module 370 may perform functions corresponding to those of fig. 5.
The calling private key request module 301 is configured to send an identity private key acquisition request to an identity private key server, where the identity private key acquisition request includes an identity of the called terminal.
The calling private key receiving module 302 is configured to receive the identity private key of the called terminal and the public parameter, where the identity private key is sent by the identity key server, and the identity private key is obtained based on the identity of the called terminal through calculation.
The implementation principle of the above modules refers to the related description in the key negotiation method of the voice encryption call, and will not be repeated here.
Fig. 7 is a block diagram of an embodiment of a key agreement device applied to a voice encryption call of a called terminal according to the present invention. The key negotiation apparatus 400 for called voice encryption call of the present invention, as shown in fig. 7, includes but is not limited to: proposal message receiving module 410, caller public key calculation module 420, signature verification module 430, session key decryption module 440, encryption algorithm determination module 450, answer message sending module 460, and called voice call encryption and decryption module 470.
The proposal message receiving module 410 is configured to receive a session description protocol proposal message actively sent by a calling party, the session description protocol proposal message comprising an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key being obtained by encryption of an identity public key of the called terminal, the signature information being obtained by digital signature of an identity private key of the calling terminal;
The calling public key calculation module 420 is configured to calculate an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
signature verification module 430 is configured to verify the signature information based on the identity public key of the calling terminal;
The session key decryption module 440 is configured to decrypt the encrypted session key based on the identity private key of the called terminal;
The encryption algorithm determining module 450 is configured to determine an encryption algorithm for voice encryption call according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
The response message sending module 460 is configured to send a session description protocol response message to the calling terminal, where the session description protocol response message includes session key confirmation information and encryption algorithm confirmation information;
The called voice call encryption and decryption module 470 is configured to encrypt a voice stream transmitted to the calling terminal by the session key and the determined encryption algorithm, and decrypt a voice stream received from the calling terminal.
The implementation principle of the above modules refers to the related description in the key negotiation method of the voice encryption call, and will not be repeated here.
Fig. 8 is a block diagram of another embodiment of a key agreement device for a called voice encryption call according to the present invention. The key negotiation apparatus 400' of the called voice encryption call of the present invention includes, but is not limited to: the system comprises a called private key request module 401, a called private key receiving module 402, a proposal message receiving module 410, a calling public key calculating module 420, a signature verification module 430, a session key decrypting module 440, an encryption algorithm determining module 450, a response message sending module 460 and a called voice call encrypting and decrypting module 470.
The proposal message receiving module 410, the caller public key calculation module 420, the signature verification module 430, the session key decryption module 440, the encryption algorithm determination module 450, the response message sending module 460, and the called voice call encryption and decryption module 470 may perform the functions of the corresponding modules in fig. 6.
The called private key request module 401 is configured to send an identity private key acquisition request to an identity key server, where the identity private key acquisition request includes an identity of the called terminal.
The called private key receiving module 402 is configured to receive the identity private key of the called terminal and the public parameter, where the identity private key is sent by the identity key server, and the identity private key is obtained based on the identity of the called terminal through calculation.
The implementation principle of the above modules refers to the related description in the key negotiation method of the voice encryption call, and will not be repeated here.
The key negotiation device for voice encryption call realizes the key negotiation of the end-to-end encryption call by the VoLTE terminal based on the identity on the premise of not changing the prior VoLTE service mode and user experience, thereby carrying out encryption transmission on the VoLTE RTP (Real-time Transport Protocol, real-time transmission protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when the VoLTE voice call is initiated each time, is safely transmitted and synchronized to the called terminal in the call establishment process through an encryption and decryption algorithm based on the identity, does not need to be distributed from the network side each time, reduces the dependence on the network, and is safer and more reliable in transmission. Therefore, the transmission of the session key is carried out in a safer and more reliable mode without changing the original service mode and user experience, thereby solving the potential safety hazard that the VoLTE voice service of the user is monitored.
Fig. 5 to 8 are only schematic illustrations of key negotiation devices 300, 300', 400 and 400' for voice encryption call between caller and callee provided by the present invention, respectively, and the splitting, merging and adding of modules are all within the protection scope of the present invention without departing from the concept of the present invention. The key negotiation devices 300, 300', 400 and 400' for voice encryption communication between the calling party and the called party provided by the invention can be implemented by software, hardware, firmware, plug-in units and any combination thereof, and the invention is not limited thereto.
The embodiment of the invention also provides a key negotiation processing system for voice encryption call. Referring to fig. 9, fig. 9 is a block diagram of a key agreement system for voice encryption telephony according to the present invention. The key agreement system includes a calling terminal 510, a called terminal 520, and an identification key server 530. Calling terminal 510 is configured to perform a key agreement method applied to the calling terminal as shown in fig. 1 or fig. 2. The called terminal 520 is configured to perform a key negotiation method applied to the called terminal as shown in fig. 3 or 4. The identification key server 530 is configured to send an identification private key and the public parameter to the calling terminal and the called terminal. The calling terminal 510 and the called terminal 520 communicate through an IMS network. Specifically, the calling terminal 510, the called terminal 520, and the identification key server 530 may interact as follows:
The identification key server 530 may first generate the master key and public parameters of the national secret SM9 elliptic curve algorithm. The calling terminal 510 and the called terminal 520 may request an identification-based private key from the identification key server 530, which carries information such as a terminal code number. The identification key server 530 may perform: 1. and issuing a key and public parameters based on the identity. Specifically, the id key server 530 may generate a private key based on an id for the terminal of the code number after performing necessary authentication, and send the private key to the calling terminal 510 and the called terminal 520 together with the system public parameter through a secure transmission channel. The calling terminal 510 and the called terminal 520 securely store information such as private keys based on identification and system public parameters.
In session key negotiation phase:
the calling terminal 510 can dial the called terminal 520 through the dial plate, and the calling terminal 510 confirms that the called terminal 520 also has the function of encrypting the call;
calling terminal 510 performs: 2-1, generating a session key, calculating an identity public key of the called terminal based on the identity of the called terminal and the public parameter, encrypting the session key through the identity public key of the called terminal, and digitally signing the encrypted session key through the private key based on the identity.
Calling terminal 510 performs: 2-2, send SIP INVITE a message to the called terminal 520, carrying an SDP offer in the SIP INVITE request, containing the following information: encrypted session key, digital signature information, voLTE voice encryption algorithm supported by the local terminal and other information;
The called terminal 520 performs: 2-3, after receiving SIP INVITE request message, analyzing SDP offer, calculating the identity public key of the calling terminal based on the identity of the calling terminal and the public parameter, and verifying the digital signature by using the identity public key of the calling terminal; the session key is then decrypted using its own identity-based private key. And then, determining the encryption algorithm of the VoLTE call according to the encryption algorithm supported by the calling party and the encryption algorithm supported by the calling party provided by the SDP Offer.
The called terminal 520 performs: 2-4, called; and returning 200INVITE response to the calling party, wherein the response carries an SDP offer and comprises the information of session key synchronization OK, encryption algorithm of the VoLTE call and the like.
In the voice encryption call stage:
The calling and called terminals execute: 3. encrypting the VoLTE voice stream to be transmitted, and then transmitting the VoLTE voice stream; and decrypting the received VoLTE voice stream and playing the VoLTE voice stream through a loudspeaker.
Therefore, the key negotiation system for voice encryption call of the invention realizes the key negotiation of the end-to-end encryption call by the VoLTE terminal based on the identity on the premise of not changing the prior VoLTE service mode and user experience, thereby carrying out encryption transmission on the VoLTE RTP (Real-time Transport Protocol, real-time transmission protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when the VoLTE voice call is initiated each time, is safely transmitted and synchronized to the called terminal in the call establishment process through an encryption and decryption algorithm based on the identity, does not need to be distributed from the network side each time, reduces the dependence on the network, and is safer and more reliable in transmission. Therefore, the transmission of the session key is carried out in a safer and more reliable mode without changing the original service mode and user experience, thereby solving the potential safety hazard that the VoLTE voice service of the user is monitored.
The embodiment of the invention also provides key negotiation processing equipment for voice encryption communication, which comprises a processor. A memory having stored therein executable instructions of a processor. Wherein the processor is configured to perform the steps of a key agreement method for a voice encrypted call via execution of executable instructions.
As described above, according to the key negotiation processing device for voice encryption call in this embodiment of the present invention, on the premise of not changing the existing VoLTE service mode and user experience, the VoLTE terminal realizes the key negotiation for the end-to-end encryption call based on the identity, so as to perform encryption transmission on the VoLTE RTP (Real-time Transport Protocol, real-time transmission protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when the VoLTE voice call is initiated each time, is safely transmitted and synchronized to the called terminal in the call establishment process through an encryption and decryption algorithm based on the identity, does not need to be distributed from the network side each time, reduces the dependence on the network, and is safer and more reliable in transmission. Therefore, the transmission of the session key is carried out in a safer and more reliable mode without changing the original service mode and user experience, thereby solving the potential safety hazard that the VoLTE voice service of the user is monitored.
Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" platform.
Fig. 10 is a schematic diagram of the key agreement processing apparatus of the voice encryption call of the present invention. An electronic device 700 according to this embodiment of the present invention is described below with reference to fig. 10. The electronic device 700 shown in fig. 10 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 10, the electronic device 700 is embodied in the form of a general purpose computing device. Components of electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 connecting the different platform components (including memory unit 720 and processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 710 such that the processing unit 710 performs the steps according to various exemplary embodiments of the present invention described in the above-described key agreement method section of the voice encryption call of the present specification. For example, the processing unit 710 may perform the steps as shown in any of the figures 1-4.
The memory unit 720 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 7201 and/or cache memory 7202, and may further include Read Only Memory (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 730 may be a bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 7001 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 700, and/or any device (e.g., router, modem, etc.) that enables the electronic device 700 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 950. Also, electronic device 700 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 760. The network adapter 960 can communicate with other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 700, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage platforms, and the like.
The embodiment of the invention also provides a computer readable storage medium for storing a program, and the steps of the key negotiation method of the voice encryption call are realized when the program is executed. In some possible embodiments, the aspects of the present invention may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the invention as described in the above-mentioned key agreement method section of the voice encryption call, when the program product is run on the terminal device.
As described above, the computer readable storage medium for performing key negotiation of voice encryption call according to this embodiment performs key negotiation of end-to-end encryption call by the VoLTE terminal based on the identity without changing the existing VoLTE service mode and user experience, so as to perform encrypted transmission on the VoLTE RTP (Real-time Transport Protocol ) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when the VoLTE voice call is initiated each time, is safely transmitted and synchronized to the called terminal in the call establishment process through an encryption and decryption algorithm based on the identity, does not need to be distributed from the network side each time, reduces the dependence on the network, and is safer and more reliable in transmission. Therefore, the transmission of the session key is carried out in a safer and more reliable mode without changing the original service mode and user experience, thereby solving the potential safety hazard that the VoLTE voice service of the user is monitored.
Fig. 11 is a schematic structural view of a computer-readable storage medium of the present invention. Referring to fig. 8, a program product 800 for implementing the above-described method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
In summary, the application realizes the key negotiation of the end-to-end encrypted call by the VoLTE terminal based on the identity without changing the existing VoLTE service mode and user experience, thereby carrying out encrypted transmission on the VoLTE RTP (Real-time Transport Protocol, real-time transmission protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when the VoLTE voice call is initiated each time, is safely transmitted and synchronized to the called terminal in the call establishment process through an encryption and decryption algorithm based on the identity, does not need to be distributed from the network side each time, reduces the dependence on the network, and is safer and more reliable in transmission. Therefore, the transmission of the session key is carried out in a safer and more reliable mode without changing the original service mode and user experience, thereby solving the potential safety hazard that the VoLTE voice service of the user is monitored.
The foregoing is a further detailed description of the invention in connection with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.

Claims (10)

1. The key negotiation method for voice encryption call is characterized by being applied to a calling terminal, and comprises the following steps:
Generating a session key;
Calculating an identity identification public key of the called terminal based on the identity identification of the called terminal and the public parameter;
encrypting the session key by using the identity public key of the called terminal;
Digital signature is carried out by utilizing the identity private key of the calling terminal to obtain signature information;
Transmitting a session description protocol proposal message to the called terminal, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, and the session description protocol proposal message is used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter;
Receiving a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
And encrypting the voice stream sent to the called terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the called terminal.
2. The key agreement method for a voice encrypted call according to claim 1, wherein the generating of the session key is preceded by:
An identity private key acquisition request is sent to an identity key server, wherein the identity private key acquisition request comprises an identity of the calling terminal, and the identity is user number information;
And receiving an identity private key of the calling terminal and the public parameter, which are sent by the identity key server, wherein the identity private key is obtained based on the identity of the calling terminal through calculation.
3. The key negotiation method for voice encryption call is characterized by being applied to a called terminal, and comprises the following steps:
Receiving a session description protocol proposal message sent by a calling terminal, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encrypting an identity public key of a called terminal, the signature information is obtained by digital signature of an identity private key of the calling terminal, and the session key is generated by the calling terminal;
calculating an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
Verifying the signature information based on the identity public key of the calling terminal;
Decrypting the encrypted session key based on the identity private key of the called terminal;
Determining an encryption algorithm for voice encryption call according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
Transmitting a session description protocol response message to the calling terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
And encrypting the voice stream sent to the calling terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the calling terminal.
4. A key agreement method for a voice encryption call according to claim 3, wherein the receiving the session description protocol proposal message sent by the calling terminal is preceded by:
an identity private key acquisition request is sent to an identity key server, wherein the identity private key acquisition request comprises the identity of the called terminal, and the identity is user number information;
and receiving an identity private key of the called terminal and the public parameter, which are sent by the identity key server, wherein the identity private key is obtained based on the identity of the called terminal through calculation.
5. A key agreement device for a voice encryption call, applied to a calling terminal, the key agreement device comprising:
A session key generation module configured to generate a session key;
The public key calculation module of the called terminal is configured to calculate the public key of the identity of the called terminal based on the identity of the called terminal and the public parameter;
A session key encryption module configured to encrypt the session key by using an identity public key of the called terminal;
the digital signature module is configured to carry out digital signature by using the identity identification private key of the calling terminal to obtain signature information;
A proposal message sending module configured to send a session description protocol proposal message to the called terminal, the session description protocol proposal message including an encrypted session key, signature information, and an encryption algorithm supported by the calling terminal, the session description protocol proposal message being used by the called terminal to verify the signature information based on the identity of the calling terminal and the public parameter, and decrypt the session key;
The response message receiving module is configured to receive a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
And the calling voice call encryption and decryption module is configured to encrypt a voice stream sent to the called terminal through the session key and the determined encryption algorithm and decrypt the voice stream received from the called terminal.
6. A key agreement device for voice encryption call, applied to a called terminal, the key agreement device comprising:
a proposal message receiving module configured to receive a session description protocol proposal message sent by a calling terminal, where the session description protocol proposal message includes an encrypted session key, signature information, and an encryption algorithm supported by the calling terminal, where the session key is obtained by encrypting an identity public key of the called terminal, the signature information is obtained by digitally signing an identity private key of the calling terminal, and the session key is generated by the calling terminal;
a calling public key calculation module configured to calculate an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
a signature verification module configured to verify the signature information based on an identity public key of the calling terminal;
A session key decryption module configured to decrypt the encrypted session key based on an identity private key of the called terminal;
The encryption algorithm determining module is configured to determine an encryption algorithm for voice encryption call according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
a response message sending module configured to send a session description protocol response message to the calling terminal, the session description protocol response message including session key confirmation information and encryption algorithm confirmation information;
And the called voice call encryption and decryption module is configured to encrypt the voice stream sent to the calling terminal through the session key and the determined encryption algorithm and decrypt the voice stream received from the calling terminal.
7. A key agreement system for a voice encryption call, comprising:
A calling terminal configured to perform the key agreement method according to claim 1 or 2;
a called terminal configured to perform the key agreement method according to claim 3 or 4;
and the identity identification key server is configured to send the identity identification private key and the public parameter to the calling terminal and the called terminal.
8. The key agreement system according to claim 7, wherein the identification key server transmits the identification private key and the public parameter to the calling terminal and the called terminal using SM9 algorithm.
9. A key agreement processing apparatus for a voice encryption call, comprising:
A processor;
A memory having stored therein executable instructions of the processor;
wherein the processor is configured to execute via execution of the executable instructions:
A key agreement method for a voice encryption call as recited in any one of claims 1 to 2; and/or
A key agreement method for a voice encryption call as recited in any one of claims 3 to 4.
10. A computer-readable storage medium storing a program, the program realizing when executed:
A key agreement method for a voice encryption call as recited in any one of claims 1 to 2; and/or
A key agreement method for a voice encryption call as recited in any one of claims 3 to 4.
CN202210368018.1A 2022-04-08 2022-04-08 Key negotiation method, device, equipment and storage medium for voice encryption call Active CN114630290B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210368018.1A CN114630290B (en) 2022-04-08 2022-04-08 Key negotiation method, device, equipment and storage medium for voice encryption call

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210368018.1A CN114630290B (en) 2022-04-08 2022-04-08 Key negotiation method, device, equipment and storage medium for voice encryption call

Publications (2)

Publication Number Publication Date
CN114630290A CN114630290A (en) 2022-06-14
CN114630290B true CN114630290B (en) 2024-08-06

Family

ID=81904987

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210368018.1A Active CN114630290B (en) 2022-04-08 2022-04-08 Key negotiation method, device, equipment and storage medium for voice encryption call

Country Status (1)

Country Link
CN (1) CN114630290B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115412252B (en) * 2022-07-07 2023-05-23 渔翁信息技术股份有限公司 Data transmission method, transmission initiating terminal and transmission receiving terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917711A (en) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 Mobile communication system and voice call encryption method thereof
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7240366B2 (en) * 2002-05-17 2007-07-03 Microsoft Corporation End-to-end authentication of session initiation protocol messages using certificates
US20100166182A1 (en) * 2008-12-31 2010-07-01 Verizon Data Services, Llc Method and system for securing voice over internet protocol transmissions
CN104683291B (en) * 2013-11-27 2020-04-10 北京大唐高鸿数据网络技术有限公司 Session key negotiation method based on IMS system
CN106982419B (en) * 2016-01-18 2020-05-08 普天信息技术有限公司 Single call end-to-end encryption method and system for broadband cluster system
CN114125824A (en) * 2020-08-31 2022-03-01 中国电信股份有限公司 Voice encryption processing method, server, terminal, system and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917711A (en) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 Mobile communication system and voice call encryption method thereof
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system

Also Published As

Publication number Publication date
CN114630290A (en) 2022-06-14

Similar Documents

Publication Publication Date Title
US8452017B2 (en) Methods and systems for secure channel initialization transaction security based on a low entropy shared secret
CN101340443B (en) Session key negotiating method, system and server in communication network
US8495375B2 (en) Methods and systems for secure channel initialization
US7764945B2 (en) Method and apparatus for token distribution in session for future polling or subscription
EP2073430A1 (en) Methods and systems for secure channel initialization transaction security based on a low entropy shared secret
CN102868665A (en) Method and device for data transmission
EP2426852A1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
CN114866234B (en) Voice communication method, device, equipment and storage based on quantum key encryption and decryption
CN112437044B (en) Instant messaging method and device
CN101379802A (en) Method, device and computer program product for the encoded transmission of media data between the media server and the subscriber terminal
CN115567209B (en) VoIP encryption and decryption method by adopting transparent proxy and quantum key pre-filling
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN111327605A (en) Method, terminal, server and system for transmitting private information
CN113992702A (en) Storage state encryption reinforcing method and system for ceph distributed file system
CN114630290B (en) Key negotiation method, device, equipment and storage medium for voice encryption call
US8705745B2 (en) Method and system for transmitting deferred media information in an IP multimedia subsystem
WO2017197968A1 (en) Data transmission method and device
CN115589292A (en) Encrypted call method and system for realizing end-to-end VoIP (Voice over Internet protocol) one-call multi-secret
CN102025485B (en) Key negotiation method, key management server and terminal
WO2023226778A1 (en) Identity authentication method and apparatus, and electronic device and computer-readable storage medium
CN112217862A (en) Data communication method, device, terminal equipment and storage medium
CN108156112B (en) Data encryption method, electronic equipment and network side equipment
CA2646862C (en) Methods and systems for secure channel initialization
CN106559402B (en) User terminal and identity authentication method and device for encrypted voice telephone service thereof
CN110574335B (en) Key distribution system, method and recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant