Background technology
Existing portable terminal is supported multiple type of message based on data service, for example: note, multimedia message (MMS) and Email (EMAIL) etc.And now a lot of portable terminals are all supported the DRM2.X business, and in the case, each mobile phone all has unique device certificate, can uniquely identify this mobile phone.
Wherein DRM is called digital copyright management, and being divided into two classes, one class is the multimedia protection, for example encrypts film, music, audio frequency and video, files in stream media.An other class is an encrypted document, Word for example, Excel, PDF etc.
The operation principle of digital copyright management is; at first set up the digital program authorization center; digital program content after the encoding compression utilizes key (Key) can encryptedly to protect (lock), and the digital program head of encryption is being deposited the network address of key identification (KeyID) and program authorization center.The user according to the key identification of program head and the website information of program authorization center, just can send relevant secret key decryption after the checking mandate by the digital program authorization center in a sowing time, and program can be play.
The program that needs protection is encrypted, even preserved by user's download, the checking mandate that does not obtain the digital program authorization center also can't be play, thereby has protected the copyright of program closely.
(Public Key Infrastructure PKI) realizes DRM by public certificate mechanism.PKI is a kind of key management platform of following set standard, it can use cryptographic service and necessary key and certificate management systems such as encryption and digital signature are provided for all-network, in simple terms, PKI is exactly the infrastructure that security service is provided of utilizing the PKI theory and technology to set up.The PKI technology is the core of information security technology, also is the key and the basic technology of ecommerce.
The DRM agreement can protect receiving terminal not transmit MMS and EMAIL, but if because user misoperation is sent out MMS or EMAIL has misused the family and just can not guarantee that receiving terminal can't open MMS or EMAIL.For example, user A can issue B to a DRM file by multimedia message, and B can utilize DRM module in the mobile phone and browser to go online to obtain copyright and re-use.If but user A is write the multimedia message recipient as C because of carelessness, C re-uses after can utilizing DRM module in the mobile phone and browser to go online to obtain copyright equally.Thereby existing mobile DRM technology still exists potential safety hazard.
Summary of the invention
The purpose of the embodiment of the invention is to provide the guard method of a kind of portable terminal and data service message thereof, thereby raising is to the fail safe of the data service message of portable terminal and the confidentiality of service data service message.
The embodiment of the invention provides a kind of guard method of data service message of portable terminal, wherein said portable terminal comprises that PKI and private key certificate are right, this method comprises: receiving end/sending end send with private key certificate ciphered data service message, comprise the device identity code of described transmitting terminal in the information header of described data service message; Search the public key certificate that whether has described transmitting terminal according to described device identity code,, then decipher described data service message with this public key certificate if having.
Described device identity code is the cryptographic Hash of the public key certificate of transmitting terminal.
In a preferred embodiment, also comprise step: transmitting terminal judges whether message to be sent is non-data service message, if then without private key certificate message is signed.
In a preferred embodiment, also comprise step: whether comprise device identity code in the information header of receiving terminal detect-message; If comprise described device identity code, then search the public key certificate that whether has described transmitting terminal according to described equipment identities identification code, if having, then utilize described public key certificate to decipher described data service message and open message file; If do not comprise described device identity code, then directly open message file.
In a preferred embodiment, also comprise step: to the public key certificate of the described transmitting terminal of described transmitting terminal request.
The embodiment of the invention also provides a kind of portable terminal, this portable terminal comprises at least: receiver module, be used for the usefulness private key certificate ciphered data service message that receiving end/sending end sends, the device identity code that comprises described transmitting terminal in the information header of described data service message, deciphering module, be used for searching the public key certificate that whether has described transmitting terminal,, then decipher described data service message with this public key certificate if having according to described device identity code.
In a preferred embodiment, also comprise: sending module, be used for sending with private key certificate ciphered data service message, comprise device identity code in the information header of described data service message.
In a preferred embodiment, also comprise: memory module is used to store the PKI of this portable terminal and the private key certificate public key certificate to, other portable terminals.
In a preferred embodiment, also comprise: judge module, be used to judge whether message to be sent is data service message, if, then this portable terminal with private key certificate ciphered data service message, otherwise message is signed without the private key certificate of this portable terminal.
In a preferred embodiment, also comprise: control module is used for utilizing the PKI of memory module and private key certificate that the data service message of transmission/reception is controlled described portable terminal described data service message is carried out encrypt/decrypt.
Wherein, described device identity code is the cryptographic Hash of the public key certificate of this portable terminal.
Wherein, described data service message is short message, Multimedia Message or Email.
Pass through the embodiment of the invention; even make the mistrustful recipient of transmitting terminal receive MMS or EMAIL also can't read MMS and EMAIL; and pass through data service message and common message differentiating and processing; both important messages is carried out necessary protection, guaranteed the transmitting efficiency of common message again.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer,, the embodiment of the invention is described in further details below in conjunction with embodiment and accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
It is a kind of that the embodiment of the invention provides.Followingly the embodiment of the invention is elaborated with reference to accompanying drawing.
Embodiment one
With reference to Fig. 1, the guard method of the data service message of the portable terminal of the detailed description embodiment of the invention.Described portable terminal is an example with the mobile phone, comprises that PKI and private key certificate are right.The guard method of the data service message of this portable terminal comprises:
Step S101, when transmitting terminal sends data service MMS or EMAIL, the private key certificate of use equipment is given the data division signature of this data service MMS or EMAIL, in information header, add the device identity code (DEVICEID) of transmitting terminal then, then this data service MMS or EMAIL are sent to receiving equipment.Wherein, this device identity code is the HASH value of the public key certificate of transmitting terminal.
Described data service MMS and EMAIL that step S102, receiving terminal receiving end/sending end send with encrypted private key.
Step S103, receiving terminal is searched the certificate PKI that whether has transmitting terminal according to DEVICEID in its certificate pond the inside, if having then enter step S104, obtains data and end operation otherwise can not open message file.
Step S104, receiving terminal use the PKI decoding in the certificate to open message and obtain data.
In a preferred embodiment, also comprise the public key certificate of step to transmitting terminal request transmitting terminal.
So receiving terminal must have the public key certificate of transmitting terminal, if there is no just can not read this data service MMS or EMAIL.The user who has only transmitting terminal to trust just may obtain the equipment public key certificate of transmitting terminal from transmitting terminal, obtain the mode of its public key certificate from transmitting terminal, it can be the receiving terminal that the prior receiving end/sending end of receiving terminal initiatively offers its trust, and be stored in this receiving terminal, also can be after receiving terminal is received data service message, to this public key certificate of transmitting terminal request, when transmitting terminal confirms that receiving terminal is the receiving terminal of its trust, send this public key certificate to receiving terminal.Even inventor's inventive concept just is not have the portable terminal of the public key certificate of transmitting terminal to receive above-mentioned data service message, also can't open this message.Data service message wherein is short message, Multimedia Message or Email.
Even embodiments of the invention can make the mistrustful recipient of transmitting terminal receive important data service MMS or EMAIL also can't read described MMS and EMAIL.
Embodiment two
With reference to Fig. 2, the guard method of the data service message of the portable terminal of the detailed description embodiment of the invention two.Described portable terminal is an example with the mobile phone, comprises that PKI and private key certificate are right.The guard method of the data service message of this portable terminal comprises:
Step S201, transmitting terminal difference MMS and EMAIL are data service MMS and EMAIL or common MMS and EMAIL, then enter step S203 if not data service MMS and EMAIL, if not then entering step S202;
Step S202, transmitting terminal uses the private key certificate of equipment to give the data division signature of this data service MMS or EMAIL, in information header, add the device identity code (DEVICEID) of transmitting terminal then, then this data service MMS or EMAIL are sent to reception at one's side.Hash (HASH) value of the certificate PKI that this equipment identities indication code is a transmitting terminal.
Step S203, transmitting terminal sends message to receiving terminal.
Step S204, receiving terminal receives message file.
Whether step S205 has the device identity code of transmitting terminal in the information header of receiving terminal detect-message file, if there is no the DEVICEID header field enters step S207.If have DEVICEID then enter step S206.
Step S206, receiving terminal is searched the certificate PKI that whether has transmitting terminal according to DEVICEID in its certificate pond the inside, if having then enter step S207, obtains data and end operation otherwise can not open message file.
Step S207 opens message file.Wherein, need be for the data service message file with opening after the public key certificate deciphering.
Data service message wherein is short message, Multimedia Message or Email.
The embodiment of the invention can realize data service message and common message differentiating and processing had both been carried out necessary protection to important messages, has guaranteed the transmitting efficiency of common message again.
Embodiment three
See also Fig. 3, Fig. 3 is the mobile terminal structure schematic diagram of the embodiment of the invention.
The embodiment of the invention provides a kind of portable terminal, and as shown in Figure 3, this portable terminal comprises at least:
Receiver module is connected with central controller.Transmitting terminal adds device identity code at the information header of data service message, then data service message is used the private key certificate encrypting and transmitting, the encrypted data traffic message of this receiver module receiving end/sending end.
Deciphering module is connected with central controller, searches the public key certificate that whether has described transmitting terminal according to described device identity code, if having, then deciphers described data service message with this public key certificate.
In the present embodiment, transmitting terminal adds the equipment identities identification code in the message header of data service message, if receiving terminal have described equipment identities identification code could be with the data service message deciphering that receives, thereby reach the purpose of data protection.
Embodiment four
See also Fig. 4, Fig. 4 is the mobile terminal structure schematic diagram of another embodiment of the present invention.
The embodiment of the invention provides a kind of portable terminal, and as shown in Figure 4, the portable terminal of present embodiment is compared with embodiment three, except comprising receiver module and deciphering module, also comprises:
Sending module is connected with central controller, is used for sending with private key certificate ciphered data service message, comprises device identity code in the information header of described data service message.
Memory module is connected with central controller, is used to store the PKI of this portable terminal and the private key certificate public key certificate to, other portable terminals.
Judge module is connected with central controller, is used to judge whether message to be sent is data service message, if, then this portable terminal with private key certificate ciphered data service message, otherwise message is signed without the private key certificate of this portable terminal.
Control module is connected with central controller, utilizes PKI in the memory module and private key certificate that the data service message of transmission/reception is controlled described portable terminal described data service message is carried out encrypt/decrypt.
When sending data service message, control module is called the private key certificate of this portable terminal the data service message is signed, in the information header of described data service message, add the device identity code of this portable terminal, send the data encrypted service message by sending module then; When receiving data service message, control module is searched the public key certificate that whether has the portable terminal that sends message, if having then utilize the public key certificate of the portable terminal of this transmission message to decipher described data service message and open message.Described device identity code is the cryptographic Hash of the public key certificate of this portable terminal.Described data service message is short message, Multimedia Message or Email.
Even embodiments of the invention can make the mistrustful recipient of transmitting terminal receive important data service MMS or EMAIL also can't read described MMS and EMAIL, reach the purpose of data protection.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.