WO2012139427A1 - Media message processing method, system and device - Google Patents

Media message processing method, system and device Download PDF

Info

Publication number
WO2012139427A1
WO2012139427A1 PCT/CN2012/070249 CN2012070249W WO2012139427A1 WO 2012139427 A1 WO2012139427 A1 WO 2012139427A1 CN 2012070249 W CN2012070249 W CN 2012070249W WO 2012139427 A1 WO2012139427 A1 WO 2012139427A1
Authority
WO
WIPO (PCT)
Prior art keywords
media
ciphertext
key
message
content
Prior art date
Application number
PCT/CN2012/070249
Other languages
French (fr)
Chinese (zh)
Inventor
卢艳
丁欣
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012139427A1 publication Critical patent/WO2012139427A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption

Definitions

  • the present invention relates to the field of communications, and in particular, to a media message processing method (including encryption and decryption method), system and device (media message transmitting device and media message receiving device).
  • a media message processing method including encryption and decryption method
  • system and device media message transmitting device and media message receiving device.
  • multimedia messaging services such as MMS, (mobile) email, and instant messaging services, have become more widely used.
  • Multimedia messages usually contain multiple media content. Sometimes, some media content is very important and sensitive content (such as text or pictures involving personal privacy or secrets). To prevent sensitive content from being learned by unauthorized objects, media messages can be Implement encryption. However, in some cases, media content affects the speed of encryption and decryption, especially encryption and decryption on mobile phone terminals with limited resources, which will affect the user experience.
  • the technical problem to be solved by the present invention is to provide a media message processing method, system and device, which solves the problem that the encryption and decryption speed is slow.
  • the present invention provides a media message processing method, and the method includes:
  • the sender encrypts one or more media contents in the media message, that is, the local media content, by using a key to obtain a media ciphertext;
  • the recipient decrypts the media ciphertext to obtain local media content.
  • the message header of the media message carries the media ciphertext location parameter value
  • the media body of the media message carries the media ciphertext.
  • the sender encrypts the key with the public key of the receiver to obtain a key ciphertext, and carries the key ciphertext in the media message sent by the sender.
  • the receiver decrypts the key ciphertext by using a private key to obtain a key, and then decrypts the media ciphertext by using the key.
  • the message header of the media message carries the key ciphertext.
  • the content header of the media ciphertext carries the key ciphertext.
  • the present invention also provides a method for encrypting a media message, the method comprising:
  • the sender encrypts the media content by using the key to obtain the media ciphertext, and encrypts the key by using the public key of the receiver to obtain the key ciphertext;
  • the sender sends a media message, where the key ciphertext and the media ciphertext are carried.
  • the media content is one or several media content (Content) to be encrypted in the media message or the media message.
  • Content media content
  • the message header of the media message further carries a media ciphertext location parameter value and a key ciphertext.
  • the key ciphertext is at a content header of the media ciphertext.
  • the present invention also provides a media message processing system, the system comprising:
  • the sender's encryption module is configured to: encrypt the media content by using the key to obtain the media ciphertext content, and encrypt the key by using the recipient public key to obtain the key ciphertext;
  • a sending module of the sending party configured to: send a media message, where the key ciphertext and the media ciphertext are carried;
  • a receiving module of the receiver configured to: receive the media message
  • the decryption module of the receiver is configured to: decrypt the key ciphertext by using its private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
  • the message header of the media message carries the key ciphertext and the media ciphertext location parameter value.
  • the content header of the media ciphertext carries the key ciphertext.
  • the present invention also provides a media message sending device, the device comprising:
  • the encryption module is configured to: encrypt the media content by using a key to obtain a media ciphertext, and encrypt the key by using a public key of the recipient to obtain a key ciphertext;
  • a sending module configured to: send a media message, where the key ciphertext and the media ciphertext are carried.
  • the message header of the media message or the content header of the media ciphertext carries the key ciphertext.
  • the message header of the media message or the content header of the media ciphertext carries an encryption algorithm suite.
  • the present invention also provides a media message receiving apparatus, including:
  • a receiving module configured to: receive a media message; the media message is obtained by encrypting the media content by a key, and the media message includes a key ciphertext obtained by encrypting the key by using a receiving public key;
  • a decryption module configured to: decrypt the key ciphertext by using a private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
  • the message header of the media message carries the key ciphertext and the media ciphertext location parameter value.
  • the content header of the media ciphertext includes a corresponding key ciphertext.
  • the message header of the media message or the content header of the media ciphertext carries an encryption algorithm suite.
  • FIG. 1 is a flowchart of a method for processing a media message according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for encrypting a media message according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a method for decrypting a media message according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of a module of a media message processing system according to an embodiment of the present invention. Preferred embodiment of the invention
  • the media message also contains other insensitive media
  • it is considered to encrypt only the important and sensitive content in the media message, and not encrypt the other content, so in order to improve the encryption and decryption speed, the user is improved.
  • the present invention provides a method of local encryption of media messages.
  • the encryption of local content in media messages can use symmetric encryption and asymmetric encryption.
  • asymmetric encryption since the key does not need to be temporarily agreed by both parties, the public key of the other party can be used to encrypt the local media content.
  • the local media can also be encrypted using the key agreed by both parties.
  • the present invention also provides the following method.
  • the symmetric encryption method encrypts and decrypts faster, but the encryption and decryption use the same key; the asymmetric encryption and decryption uses different keys, the encryption key can be disclosed, and the decryption key can only be hidden by the user and others cannot It is learned that, therefore, public key encryption is relatively more secure than symmetric encryption.
  • the current public key encryption and decryption algorithm is basically an operation between long integers, which involves a large number of modular exponential operations, so the calculation speed is very slow, and the symmetric encryption algorithm basically rotates and confuses the data. Compression and other bit operations, which are fast.
  • the media message processing method of the present invention comprises two parts of encryption and decryption. Obviously, the encrypted part has a correspondence with the decrypted part.
  • the encrypted part has a correspondence with the decrypted part.
  • only the important or sensitive media content that the sender thinks need to be encrypted is encrypted, and at the same time Using symmetric encryption and asymmetric encryption, using the symmetric encryption method to locally encrypt the media message; using the asymmetric encryption method to encrypt the encryption key, while improving the encryption and decryption speed, and reducing the key In the negotiation process, the security of encrypted information is improved.
  • the media message processing method of the present invention includes:
  • Step 101 The sender encrypts the media content by using a key to obtain a media ciphertext, and encrypts the key by using a receiver public key to obtain a key ciphertext;
  • the media content may be one or more media contents included in the media message, and the data format may be original media content or content encoded by the original media content (for example, some encoded data of the media content).
  • the sender encrypts the media content using a symmetric encryption (random) algorithm, and encrypts the key using an asymmetric encryption algorithm and the recipient public key.
  • the key is a random number whose length meets the security requirement.
  • the key length of the AES should be no less than 128 bits, usually 128 bits, 192 bits and 256 bits.
  • the above steps are the processing steps of the sender for the media content, and the sender may have one or more media content to be encrypted, and then process to generate a plurality of media ciphertexts, or the media content includes one or more media that can be processed together. Content (such as multiple pictures), the one or more media content processing generates a media ciphertext.
  • Step 102 The sender sends a media message, where the encryption algorithm suite, the media ciphertext, and the key ciphertext are carried.
  • One or more media ciphertexts can be carried in the media message.
  • the encryption algorithm suite includes the above-mentioned symmetric encryption algorithm and asymmetric encryption algorithm, such as (RSA-AES), where AES is a symmetric encryption algorithm, RSA is an asymmetric encryption algorithm, AES is a symmetric encryption algorithm, and advanced data encryption standard is An upgraded version of DES (Data Encryption Standard), selected by the US NIST publicly, formerly known as Rijndael.
  • RSA-AES asymmetric encryption algorithm
  • AES is a symmetric encryption algorithm
  • advanced data encryption standard is An upgraded version of DES (Data Encryption Standard), selected by the US NIST publicly, formerly known as Rijndael.
  • Step 103 The receiver receives the media message.
  • Step 104 The receiver decrypts the key ciphertext by using its private key to obtain the key, and decrypts the media ciphertext by using the key to obtain the media content.
  • the present invention is disclosed in detail below from the perspective of the sender and the receiver, respectively:
  • the media message encryption method is implemented by the message sender, and the symmetric content is used to encrypt the important content in the media message.
  • the asymmetric encryption method is used to encrypt the encryption key, and the symmetric encryption key is randomly generated.
  • the asymmetric encryption key is The public key of the recipient. As shown in Figure 2, the sender performs the following steps:
  • Step 201 Encrypt the media content M by using the key k to obtain the ciphertext C;
  • the media content M may be the encoded media data obtained by the sender selecting the media content to be encrypted and encoding the media content.
  • Step 202 Encrypt the key k by using a public key of the receiver to obtain a ciphertext k';
  • the sender encrypts k using the recipient's public key kB and a public key cryptographic algorithm (such as RSA), and the key ciphertext is recorded as k'.
  • a public key cryptographic algorithm such as RSA
  • Step 203 Send a media message carrying an encryption algorithm suite (such as RSA-AES), k, C, and other contents of the media message.
  • an encryption algorithm suite such as RSA-AES
  • k a media message carrying an encryption algorithm suite
  • C a media message carrying an encryption algorithm suite
  • the media message decryption method is implemented by the message receiver, and the ciphertext k' is decrypted using the receiver private key to obtain k, and the ciphertext C is decrypted by using k. As shown in FIG. 3, the receiver performs the following steps:
  • Step 301 The receiving party receives the media message, and extracts or separates the media message carrying the encryption algorithm suite (such as RSA-AES), the key ciphertext k', and the media ciphertext C;
  • the encryption algorithm suite such as RSA-AES
  • Step 302 Decrypt k by using the private key of the receiver to obtain k, and the algorithm is the same as the algorithm of the sender encrypting k, such as RSA;
  • Step 303 decrypting C by k to obtain M, and the decryption algorithm is the same as the algorithm of the sender encrypting M, and the ratio is AES;
  • MIME media message package as a specific embodiment, which details the local content of the media message plus The secret method. Specifically, in the foregoing Embodiments 1 to 3, how the media message carries the above encryption algorithm suite, the key ciphertext (k'), the media ciphertext C, and the like, two preferred implementation schemes are given below:
  • Solution 1 The message header of the media message carries the encryption algorithm suite, the key ciphertext and the encrypted media location parameter value, and the location parameter value indicates the location of the encrypted media content (ie, the media ciphertext) in the message.
  • the sender inserts a domain name indicating local encryption (such as Content-Encryption) in the MIME header of the media message to be sent.
  • a domain name indicating local encryption such as Content-Encryption
  • the cipher suite refers to public key cryptography algorithms (such as RSA) and symmetric cryptographic algorithms (such as AES), which are used to encrypt symmetric encryption keys and encrypt important content that needs to be encrypted.
  • public key cryptography algorithms such as RSA
  • AES symmetric cryptographic algorithms
  • the encryption indication information is added to the ciphertext Content header, for example, the content identification number content (Content) is as follows:
  • the header of the content of the encrypted media content includes its corresponding encryption algorithm set. Piece and key ciphertext.
  • the sender inserts information indicating local encryption in the content (Content) of each media ciphertext C (for example, by using an extended field Content-Encryption, or carrying the information as another field, such as a parameter of Content-Type. ).
  • the encryption indication information may be added to the head of the media content of the media ciphertext C.
  • the two schemes have the same effect, but if multiple media content (such as a picture and an audio) are needed, if the scheme one is used, then The picture and audio are encrypted with the same cipher suite. Accordingly, since the encoding method is at the head of the media content, different encoding methods can be used; if the second scheme is used, different encodings can be used.
  • the cipher suite encrypts pictures and audio.
  • the present invention uses MIME media messages as a specific embodiment, the present invention is also applicable to media message partial content encryption in other media formats.
  • the present invention also provides a media message processing system. As shown in FIG. 4, the system includes:
  • the encryption module of the sender is configured to encrypt the media content by using a key to obtain a media ciphertext, and encrypt the key by using a public key of the receiver to obtain a key ciphertext;
  • the sending module of the sender is configured to send a media message, where the key ciphertext is carried, Media ciphertext;
  • an encryption algorithm suite can also be carried.
  • a receiving module of the receiver configured to receive the media message
  • Decrypting module of the receiving party configured to decrypt the key ciphertext by using its private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content;
  • the media message of the present invention is different from the existing media message in that: the message header of the media message carries the ciphertext and the location parameter value.
  • the media message of the present invention is different from the existing media message in that: the content of the content of the media content includes a corresponding encryption algorithm suite and a key ciphertext.
  • the present invention also provides a media message transmitting device (ie, a sender), the device comprising:
  • An encryption module configured to encrypt the media content by using a key to obtain a media ciphertext, and encrypt the key by using a public key of the recipient to obtain a key ciphertext;
  • a sending module configured to send the media message, where the encryption algorithm suite, the key ciphertext, and the media ciphertext are carried.
  • the message header of the media message carries the key ciphertext and the encrypted media location parameter value, and optionally, the encryption algorithm suite.
  • the header of the content in which the media content is located includes its corresponding key ciphertext, and optionally, a corresponding encryption algorithm suite.
  • the present invention also provides a media message receiving device (ie, a receiving party), a receiving module, configured to receive a media message, and a decrypting module, configured to decrypt the encrypted media in the media message;
  • a media message receiving device ie, a receiving party
  • a receiving module configured to receive a media message
  • a decrypting module configured to decrypt the encrypted media in the media message
  • a decryption module configured to decrypt the key ciphertext by using the private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
  • the message header of the media message carries the key ciphertext and the media ciphertext location parameter value, and optionally, the encryption algorithm suite.
  • the header of the content in which the media content is located includes its corresponding key ciphertext, and optionally, a corresponding encryption algorithm suite.
  • the method, system and device of the invention use a symmetric encryption method to localize the media message; use an asymmetric encryption method to encrypt the encryption key, improve the encryption and decryption speed of the media message, and improve the security of the media message. Sexuality makes it impossible for an incorrect recipient to get a partial of a media message.
  • the method, system and apparatus of the present invention employ a symmetric encryption method.
  • the present invention is also applicable to the encryption of entire media messages.
  • the key may not be carried.
  • the cipher suite can also be negotiated by other negotiation mechanisms. The methods and steps will not be described again.
  • the invention can also directly encrypt the media content by using the receiving public key, and the ciphering suite can also adopt other agreed methods. This method is suitable for occasions where the media content is small. The methods and steps are not described again.
  • the cipher suite can also adopt other conventions and conventions, and does not need to be carried in the message.
  • One of ordinary skill in the art will appreciate that all or a portion of the steps described above can be accomplished by a program that instructs the associated hardware, such as a read-only memory, a magnetic disk, or an optical disk.
  • all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits.
  • each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.
  • the method, system, and apparatus of the embodiments of the present invention encrypt only media content that is considered to be encrypted by an important or sensitive sender, and simultaneously uses symmetric encryption and asymmetric encryption, and uses a symmetric encryption method to media messages.

Abstract

The present invention relates to a media message processing method, system and device. The method comprises: a sender using a key to encrypt one or more media contents, that is, partial media contents, in a media message to obtain a media ciphertext; the sender sending a media message carrying the media ciphertext; a receiver receiving the media message; and the receiver decrypting the media ciphertext to obtain the partial media contents. The media message processing method, system and device in the present invention increase the encryption and decryption speed and improve the user experience while improving the security of media messages.

Description

媒体消息处理方法、 系统及装置  Media message processing method, system and device
技术领域 Technical field
本发明涉及通信领域, 尤其涉及一种媒体消息处理方法(包括加密和解 密方法) 、 系统及装置 (媒体消息发送装置及媒体消息接收装置) 。  The present invention relates to the field of communications, and in particular, to a media message processing method (including encryption and decryption method), system and device (media message transmitting device and media message receiving device).
背景技术 Background technique
现如今, 多媒体消息业务, 如彩信、 (移动) 电子邮件、 即时消息业务 得到了原来越广泛的应用。  Nowadays, multimedia messaging services, such as MMS, (mobile) email, and instant messaging services, have become more widely used.
多媒体消息通常包含多个媒体内容, 有时, 某些媒体内容是非常重要而 敏感的内容 (比如涉及到个人隐私或秘密的文本或者图片),为防止敏感内容被 非授权对象获悉, 可以对媒体消息实施加密。 但在某些情况下, 媒体内容较 多影响加密和解密速度, 尤其在资源有限的手机终端上进行加密和解密, 会 影响用户体验。  Multimedia messages usually contain multiple media content. Sometimes, some media content is very important and sensitive content (such as text or pictures involving personal privacy or secrets). To prevent sensitive content from being learned by unauthorized objects, media messages can be Implement encryption. However, in some cases, media content affects the speed of encryption and decryption, especially encryption and decryption on mobile phone terminals with limited resources, which will affect the user experience.
发明内容 Summary of the invention
本发明要解决的技术问题是提供一种媒体消息处理方法、 系统及装置, 已解决加解密速度较慢的问题。  The technical problem to be solved by the present invention is to provide a media message processing method, system and device, which solves the problem that the encryption and decryption speed is slow.
为解决以上技术问题, 本发明提供了一种媒体消息处理方法, 该方法包 括:  To solve the above technical problem, the present invention provides a media message processing method, and the method includes:
发送方利用密钥对媒体消息中的一个或多个媒体内容, 即局部媒体内容 进行加密得到媒体密文;  The sender encrypts one or more media contents in the media message, that is, the local media content, by using a key to obtain a media ciphertext;
所述发送方发送媒体消息, 其中携带所述媒体密文;  Sending, by the sender, a media message, where the media ciphertext is carried;
所述接收方接收所述媒体消息;  Receiving, by the receiver, the media message;
所述接收方解密所述媒体密文得到局部媒体内容。  The recipient decrypts the media ciphertext to obtain local media content.
优选地, 所述媒体消息的消息头携带所述媒体密文位置参数值, 所述媒 体消息的消息体中携带所述媒体密文。 优选地, 所述发送方发送所述媒体消息前, 用接收方公钥加密所述密钥, 得到密钥密文, 并且将密钥密文携带在所述发送方发送的媒体消息中。 Preferably, the message header of the media message carries the media ciphertext location parameter value, and the media body of the media message carries the media ciphertext. Preferably, before sending the media message, the sender encrypts the key with the public key of the receiver to obtain a key ciphertext, and carries the key ciphertext in the media message sent by the sender.
优选地, 所述接收方解密所述媒体密文前, 先利用私钥解密所述密钥密 文, 得到密钥, 再利用所述密钥解密所述媒体密文。  Preferably, before decrypting the media ciphertext, the receiver decrypts the key ciphertext by using a private key to obtain a key, and then decrypts the media ciphertext by using the key.
优选地, 所述媒体消息的消息头携带所述密钥密文。  Preferably, the message header of the media message carries the key ciphertext.
优选地, 所述媒体密文所在内容头部携带所述密钥密文。  Preferably, the content header of the media ciphertext carries the key ciphertext.
为解决以上技术问题, 本发明还提供了一种媒体消息加密的方法, 该方 法包括:  To solve the above technical problem, the present invention also provides a method for encrypting a media message, the method comprising:
发送方对利用密钥对媒体内容进行加密得到媒体密文, 利用接收方公钥 对所述密钥进行加密得到密钥密文;  The sender encrypts the media content by using the key to obtain the media ciphertext, and encrypts the key by using the public key of the receiver to obtain the key ciphertext;
所述发送方发送媒体消息, 其中携带所述密钥密文、 媒体密文。  The sender sends a media message, where the key ciphertext and the media ciphertext are carried.
优选地, 所述媒体内容是媒体消息或者媒体消息中一个或若干个待加密 的媒体内容 ( Content ) 。  Preferably, the media content is one or several media content (Content) to be encrypted in the media message or the media message.
优选地,所述媒体消息的消息头还携带媒体密文位置参数值和密钥密文。 优选地, 所述密钥密文在所述媒体密文所在内容头部。  Preferably, the message header of the media message further carries a media ciphertext location parameter value and a key ciphertext. Preferably, the key ciphertext is at a content header of the media ciphertext.
为解决以上技术问题, 本发明还提供了一种媒体消息处理系统, 该系统 包括:  To solve the above technical problem, the present invention also provides a media message processing system, the system comprising:
发送方的加密模块, 其设置为: 利用密钥对媒体内容进行加密得到媒体 密文内容, 利用接收方公钥对所述密钥进行加密得到密钥密文;  The sender's encryption module is configured to: encrypt the media content by using the key to obtain the media ciphertext content, and encrypt the key by using the recipient public key to obtain the key ciphertext;
发送方的发送模块, 其设置为: 发送媒体消息, 其中携带所述密钥密文、 媒体密文;  a sending module of the sending party, configured to: send a media message, where the key ciphertext and the media ciphertext are carried;
接收方的接收模块, 其设置为: 接收所述媒体消息;  a receiving module of the receiver, configured to: receive the media message;
接收方的解密模块, 其设置为: 利用其私钥解密所述密钥密文得到所述 密钥, 利用所述密钥解密所述媒体密文得到所述媒体内容。  The decryption module of the receiver is configured to: decrypt the key ciphertext by using its private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
优选地, 所述媒体消息的消息头携带所述密钥密文及媒体密文位置参数 值。  Preferably, the message header of the media message carries the key ciphertext and the media ciphertext location parameter value.
优选地, 所述媒体密文所在内容头部携带所述密钥密文。 为解决以上技术问题, 本发明还提供了一种媒体消息发送装置, 该装置 包括: Preferably, the content header of the media ciphertext carries the key ciphertext. In order to solve the above technical problem, the present invention also provides a media message sending device, the device comprising:
加密模块, 其设置为: 利用密钥对媒体内容进行加密得到媒体密文, 利 用接收方公钥对所述密钥进行加密得到密钥密文;  The encryption module is configured to: encrypt the media content by using a key to obtain a media ciphertext, and encrypt the key by using a public key of the recipient to obtain a key ciphertext;
发送模块, 其设置为: 发送媒体消息, 其中携带所述密钥密文、 媒体密 文。  And a sending module, configured to: send a media message, where the key ciphertext and the media ciphertext are carried.
优选地, 所述媒体消息的消息头或者所述媒体密文所在内容头部携带所 述密钥密文。  Preferably, the message header of the media message or the content header of the media ciphertext carries the key ciphertext.
优选地, 所述媒体消息的消息头或者所述媒体密文所在内容头部携带加 密算法套件。  Preferably, the message header of the media message or the content header of the media ciphertext carries an encryption algorithm suite.
本发明还提供了一种媒体消息接收装置, 包括:  The present invention also provides a media message receiving apparatus, including:
接收模块, 其设置为: 接收媒体消息; 所述媒体消息由密钥对媒体内容 加密得到, 且所述媒体消息包含利用接收方公钥对所述密钥进行加密得到的 密钥密文;  a receiving module, configured to: receive a media message; the media message is obtained by encrypting the media content by a key, and the media message includes a key ciphertext obtained by encrypting the key by using a receiving public key;
解密模块, 其设置为: 利用私钥解密所述密钥密文得到所述密钥, 利用 所述密钥解密所述媒体密文得到所述媒体内容。  And a decryption module, configured to: decrypt the key ciphertext by using a private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
优选地, 所述媒体消息的消息头携带所述密钥密文及媒体密文位置参数 值。  Preferably, the message header of the media message carries the key ciphertext and the media ciphertext location parameter value.
优选地, 所述媒体密文所在内容头部包括对应的密钥密文。  Preferably, the content header of the media ciphertext includes a corresponding key ciphertext.
优选地, 所述媒体消息的消息头或者所述媒体密文所在内容头部携带加 密算法套件。  Preferably, the message header of the media message or the content header of the media ciphertext carries an encryption algorithm suite.
本发明实施例的方法、 系统及装置仅对重要的或敏感的发送方认为需要 加密的媒体内容进行加密, 且同时使用对称加密和非对称加密, 釆用对称加 密方法, 对媒体消息的局部加密; 釆用非对称加密方法, 对加密密钥实施加 密, 在提高安全性的同时, 提高了加密和解密速度。 附图概述 图 1本发明实施例为媒体消息处理方法的流程图; The method, system and device of the embodiments of the present invention only encrypt important or sensitive media content that the sender believes need to be encrypted, and simultaneously use symmetric encryption and asymmetric encryption, and use a symmetric encryption method to locally encrypt the media message.釆 Encrypting the encryption key with an asymmetric encryption method improves the encryption and decryption speed while improving security. BRIEF abstract FIG. 1 is a flowchart of a method for processing a media message according to an embodiment of the present invention;
图 2本发明实施例为媒体消息加密方法的流程图;  2 is a flowchart of a method for encrypting a media message according to an embodiment of the present invention;
图 3本发明实施例为媒体消息解密方法的流程图;  FIG. 3 is a flowchart of a method for decrypting a media message according to an embodiment of the present invention;
图 4本发明实施例为媒体消息处理系统的模块结构示意图。 本发明的较佳实施方式  FIG. 4 is a schematic structural diagram of a module of a media message processing system according to an embodiment of the present invention. Preferred embodiment of the invention
考虑到媒体消息中也包含有其它并不敏感的媒体, 此时可考虑只对媒体 消息中的重要而敏感的内容实施加密, 而对其他内容不作加密处理, 因此为 了提高加解密速度, 提高用户体验, 本发明给出了一种媒体消息局部加密的 方法。  Considering that the media message also contains other insensitive media, it is considered to encrypt only the important and sensitive content in the media message, and not encrypt the other content, so in order to improve the encryption and decryption speed, the user is improved. Experience, the present invention provides a method of local encryption of media messages.
对媒体消息中的局部内容加密可以釆用对称加密和非对称加密。 对于非 对称加密, 由于密钥不需要双方临时约定, 可以釆用对方公钥对局部媒体内 容加密。  The encryption of local content in media messages can use symmetric encryption and asymmetric encryption. For asymmetric encryption, since the key does not need to be temporarily agreed by both parties, the public key of the other party can be used to encrypt the local media content.
对于对称加密, 如果另有密钥协议机制, 那么也可以釆用双方约定的密 钥对局部媒体进行加密。 除了上述两种方法外, 本发明还提供了如下方法。  For symmetric encryption, if there is another key agreement mechanism, the local media can also be encrypted using the key agreed by both parties. In addition to the above two methods, the present invention also provides the following method.
众所共知的, 对称加密方法加密解密速度较快, 但加密解密使用同一密 钥; 非对称加密解密所用密钥不同, 加密密钥可以公开, 解密密钥只有用户 一人私藏而其他人无法获悉, 因此相对而言, 公钥加密比对称加密安全性要 高。 但是, 目前的公钥加密解密算法, 基本上是长整数之间的运算, 其中涉 及到大量的模指数运算, 因此计算速度很慢, 而对称加密算法基本是对数据 进行循环移位、 混淆、 压缩等等位操作, 其速度很快。  As is well known, the symmetric encryption method encrypts and decrypts faster, but the encryption and decryption use the same key; the asymmetric encryption and decryption uses different keys, the encryption key can be disclosed, and the decryption key can only be hidden by the user and others cannot It is learned that, therefore, public key encryption is relatively more secure than symmetric encryption. However, the current public key encryption and decryption algorithm is basically an operation between long integers, which involves a large number of modular exponential operations, so the calculation speed is very slow, and the symmetric encryption algorithm basically rotates and confuses the data. Compression and other bit operations, which are fast.
本发明媒体消息处理方法包括加密和解密两个部分, 可理解地, 加密部 分与解密部分具有对应性, 本发明中仅对重要的或敏感的发送方认为需要加 密的媒体内容进行加密, 且同时使用对称加密和非对称加密, 釆用对称加密 方法, 对媒体消息的局部加密; 釆用非对称加密方法, 对加密密钥实施加密, 在提高加密和解密速度的同时, 又精减了密钥协商环节, 提高了加密信息的 安全性。 下文中将结合附图对本发明的实施例进行详细说明。 需要说明的是, 在 不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组合。 The media message processing method of the present invention comprises two parts of encryption and decryption. Obviously, the encrypted part has a correspondence with the decrypted part. In the present invention, only the important or sensitive media content that the sender thinks need to be encrypted is encrypted, and at the same time Using symmetric encryption and asymmetric encryption, using the symmetric encryption method to locally encrypt the media message; using the asymmetric encryption method to encrypt the encryption key, while improving the encryption and decryption speed, and reducing the key In the negotiation process, the security of encrypted information is improved. Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
实施例 1  Example 1
如图 1所示, 本发明媒体消息处理方法包括:  As shown in FIG. 1, the media message processing method of the present invention includes:
步骤 101 : 发送方利用密钥对媒体内容进行加密得到媒体密文, 利用接 收方公钥对所述密钥进行加密得到密钥密文;  Step 101: The sender encrypts the media content by using a key to obtain a media ciphertext, and encrypts the key by using a receiver public key to obtain a key ciphertext;
所述媒体内容可以是媒体消息中所包含的一个或多个媒体 Content ,数据 格式可以是原始媒体内容或原始媒体内容编码后的内容(例如, 对媒体内容 进行某种编码后的数据) 。  The media content may be one or more media contents included in the media message, and the data format may be original media content or content encoded by the original media content (for example, some encoded data of the media content).
发送方釆用对称加密 (随机)算法对媒体内容进行加密, 釆用非对称加 密算法和接收方公钥对密钥进行加密。 优选地, 密钥是长度满足安全要求的 随机数, 比如: AES的密钥长度应不低于 128位, 通常有 128位, 192位及 256位等。  The sender encrypts the media content using a symmetric encryption (random) algorithm, and encrypts the key using an asymmetric encryption algorithm and the recipient public key. Preferably, the key is a random number whose length meets the security requirement. For example, the key length of the AES should be no less than 128 bits, usually 128 bits, 192 bits and 256 bits.
以上步骤是发送方对媒体内容的处理步骤, 发送方可以有一个或多个待 加密处理的媒体内容, 进而处理生成多个媒体密文, 或, 媒体内容包括一个 或多个可以共同处理的媒体内容(如多个图片) , 该一个或多个媒体内容处 理生成一个媒体密文。  The above steps are the processing steps of the sender for the media content, and the sender may have one or more media content to be encrypted, and then process to generate a plurality of media ciphertexts, or the media content includes one or more media that can be processed together. Content (such as multiple pictures), the one or more media content processing generates a media ciphertext.
步骤 102: 所述发送方发送媒体消息, 其中携带所述加密算法套件、 媒 体密文、 密钥密文;  Step 102: The sender sends a media message, where the encryption algorithm suite, the media ciphertext, and the key ciphertext are carried.
媒体消息中可以携带一个或多个媒体密文。  One or more media ciphertexts can be carried in the media message.
加密算法套件包括以上所说的对称加密算法和非对称加密算法, 比如 (RSA-AES), 其中 AES为对称加密算法, RSA为非对称加密算法, AES是对 称加密算法, 高级数据加密标准, 是 DES (数据加密标准) 的升级版, 由美 国 NIST公开选取确定的, 其原名 Rijndael。  The encryption algorithm suite includes the above-mentioned symmetric encryption algorithm and asymmetric encryption algorithm, such as (RSA-AES), where AES is a symmetric encryption algorithm, RSA is an asymmetric encryption algorithm, AES is a symmetric encryption algorithm, and advanced data encryption standard is An upgraded version of DES (Data Encryption Standard), selected by the US NIST publicly, formerly known as Rijndael.
步骤 103: 所述接收方接收所述媒体消息;  Step 103: The receiver receives the media message.
步骤 104: 所述接收方利用其私钥解密所述密钥密文得到所述密钥, 利 用所述密钥解密所述媒体密文得到所述媒体内容。 以下分别从发送方和接收方的角度, 对本发明进行详细揭示: Step 104: The receiver decrypts the key ciphertext by using its private key to obtain the key, and decrypts the media ciphertext by using the key to obtain the media content. The present invention is disclosed in detail below from the perspective of the sender and the receiver, respectively:
实施例 2  Example 2
媒体消息加密方法由消息发送方实施, 釆用对称加密方法对媒体消息中 的重要内容加密, 釆用非对称加密方法对加密密钥实施加密, 对称加密密钥 随机产生, 非对称加密密钥为接收方的公钥。 如图 2所示, 发送方执行以下 步骤:  The media message encryption method is implemented by the message sender, and the symmetric content is used to encrypt the important content in the media message. The asymmetric encryption method is used to encrypt the encryption key, and the symmetric encryption key is randomly generated. The asymmetric encryption key is The public key of the recipient. As shown in Figure 2, the sender performs the following steps:
步骤 201: 利用密钥 k对媒体内容 M进行加密得到密文 C;  Step 201: Encrypt the media content M by using the key k to obtain the ciphertext C;
这里媒体内容 M可以是发送方选择需要加密的媒体内容,对该媒体内容 进行某种编码得到的编码后媒体数据。  Here, the media content M may be the encoded media data obtained by the sender selecting the media content to be encrypted and encoding the media content.
选择加密算法套件 (比如 RSA-AES, 下文以此为例), 并产生一个长度满 足安全要求的随机数 k, 发送方使用密钥 k和对称加密算法 (比如 AES)对 M 实施加密, 得到媒体密文 C。  Select the encryption algorithm suite (such as RSA-AES, exemplified below), and generate a random number k whose length meets the security requirement. The sender encrypts M using the key k and a symmetric encryption algorithm (such as AES) to obtain the media. Ciphertext C.
步骤 202: 利用接收方公钥对所述密钥 k进行加密得到密文 k';  Step 202: Encrypt the key k by using a public key of the receiver to obtain a ciphertext k';
发送方使用接收方的公有密钥 kB和公钥密码算法 (比如 RSA)对 k实施加 密, 密钥密文记为 k'。  The sender encrypts k using the recipient's public key kB and a public key cryptographic algorithm (such as RSA), and the key ciphertext is recorded as k'.
步骤 203: 发送媒体消息, 其中携带加密算法套件 (比如 RSA-AES)、 k,、 C以及媒体消息的其它内容。 实施例 3 媒体消息解密方法由消息接收方实施, 使用接收方私钥对密文 k'实施解 密得到 k, 使用 k对密文 C解密, 如图 3所示, 接收方执行以下步骤:  Step 203: Send a media message carrying an encryption algorithm suite (such as RSA-AES), k, C, and other contents of the media message. Embodiment 3 The media message decryption method is implemented by the message receiver, and the ciphertext k' is decrypted using the receiver private key to obtain k, and the ciphertext C is decrypted by using k. As shown in FIG. 3, the receiver performs the following steps:
步骤 301 : 接收方接收媒体消息, 提取或分离出媒体消息中携带加密算 法套件 (比如 RSA-AES)、 密钥密文 k'和媒体密文 C; ;  Step 301: The receiving party receives the media message, and extracts or separates the media message carrying the encryption algorithm suite (such as RSA-AES), the key ciphertext k', and the media ciphertext C;
步骤 302: 使用接收方的私有密钥解密 k,获得 k, 算法与发送方加密 k 的算法相同, 比如 RSA;  Step 302: Decrypt k by using the private key of the receiver to obtain k, and the algorithm is the same as the algorithm of the sender encrypting k, such as RSA;
步骤 303: 用 k解密 C得到 M, 解密算法与发送方加密 M,的算法相同, 比 ^口 AES;  Step 303: decrypting C by k to obtain M, and the decryption algorithm is the same as the algorithm of the sender encrypting M, and the ratio is AES;
以下以 MIME媒体消息包为具体实施例, 详细介绍媒体消息局部内容加 密的方法。 具体地, 以上实施例 1至 3中, 媒体消息如何携带以上加密算法套件、 密钥密文 (k')、 媒体密文 C等, 以下给出两种优选的实现方案: The following is a MIME media message package as a specific embodiment, which details the local content of the media message plus The secret method. Specifically, in the foregoing Embodiments 1 to 3, how the media message carries the above encryption algorithm suite, the key ciphertext (k'), the media ciphertext C, and the like, two preferred implementation schemes are given below:
方案一: 所述媒体消息的消息头携带所述加密算法套件、 密钥密文及加 密媒体位置参数值, 位置参数值指明加密的媒体内容(即媒体密文)在消息 中的位置。  Solution 1: The message header of the media message carries the encryption algorithm suite, the key ciphertext and the encrypted media location parameter value, and the location parameter value indicates the location of the encrypted media content (ie, the media ciphertext) in the message.
以 MIME媒体消息为例:  Take MIME media messages as an example:
发送方在所要发送的媒体消息 MIME头中,插入表示局部加密的域名(比 如 Content-Encryption) ,  The sender inserts a domain name indicating local encryption (such as Content-Encryption) in the MIME header of the media message to be sent.
消息头举例如下:  An example of the message header is as follows:
Content-Encryption: suite=rsa-aes;ck= 16 UEsDBBQ6AA9AAIAFKAoi7qOMOvLw0AAABWAAAUAAAAtuC0rr/a zaj QxbXE 1 LTC6y5kb2PtXHtwVNUZ81 /+4+kk3IQoAkBkRYQkSgbrKb7IYNEM69wmm6ckG0jCI0boZneTbJJ9sNlAEsdOt Fqd8Z846tQ6PhBl; field=0010: 1110 加密域名至少包含这些数据: 加密算法套件 ( suite=rsa-aes )、 加密密钥  Content-Encryption: suite = rsa-aes; ck 16 UEsDBBQ6AA9AAIAFKAoi7qOMOvLw0AAABWAAAUAAAAtuC0rr / a zaj QxbXE 1 LTC6y5kb2PtXHtwVNUZ81 / + 4 + kk3IQoAkBkRYQkSgbrKb7IYNEM69wmm6ckG0jCI0boZneTbJJ9sNlAEsdOt Fqd8Z846tQ6PhBl =; field = 0010: 1110 encrypted domain contains at least data: cipher suites (suite = rsa-aes), Encryption key
6y5kb2PtXHtwVNUZ81 +4+kk3IQoAffikRYQkSgbrKb7IYNEM69wmm6ckG0jCI0boZneTbJJ9sNlAEsdOtFqd8Z846tQ66y5kb2PtXHtwVNUZ81 +4+kk3IQoAffikRYQkSgbrKb7IYNEM69wmm6ckG0jCI0boZneTbJJ9sNlAEsdOtFqd8Z846tQ6
PhBi ) 、 密文 C所在消息中的位置参数值 ( field=0010:1110 ) , 它们作为参数 值赋给约定的参数符号。 The position parameter values (field=0010:1110) in the message of PhBi) and ciphertext C are assigned as parameter values to the agreed parameter symbols.
加密套件 (suite )指的是公钥加密算法 (比如 RSA)与对称加密算法(比 如 AES ) , 分别用于加密对称加密密钥与加密需要加密的重要内容。  The cipher suite (suite) refers to public key cryptography algorithms (such as RSA) and symmetric cryptographic algorithms (such as AES), which are used to encrypt symmetric encryption keys and encrypt important content that needs to be encrypted.
优选地, 在该密文 Content头部加入加密指示信息, 比如内容标识号码 内容( Content )举例如下:  Preferably, the encryption indication information is added to the ciphertext Content header, for example, the content identification number content (Content) is as follows:
Content-Type: image/pjpeg-encrypted; name=UNKNOWN— PARAMETER— VALUE  Content-Type: image/pjpeg-encrypted; name=UNKNOWN— PARAMETER— VALUE
Content-Disposition: attachment; filename="=?utf-8?B?5rW35bOh5bCB6Z2iMTExLkpQRw==?=" Content-Disposition: attachment; filename="=?utf-8?B?5rW35bOh5bCB6Z2iMTExLkpQRw==?="
Content-ID :0010 Content-ID :0010
C 『注: 此处为媒体密文。 』 方案二: 所述加密媒体内容所在 content的头部包括其对应的加密算法套 件及密钥密文。 具体地, 发送方在每个媒体密文 C所在内容(Content ) 中, 插入表示局 部加密的信息 (比如用扩展字段 Content-Encryption表示, 或者将这些信息作 为其他字段, 如 Content-Type的参数携带)。 另外, 可以在该媒体密文 C的媒 体内容的头部加入加密指示信息。 C 『Note: This is the media ciphertext. Solution 2: The header of the content of the encrypted media content includes its corresponding encryption algorithm set. Piece and key ciphertext. Specifically, the sender inserts information indicating local encryption in the content (Content) of each media ciphertext C (for example, by using an extended field Content-Encryption, or carrying the information as another field, such as a parameter of Content-Type. ). In addition, the encryption indication information may be added to the head of the media content of the media ciphertext C.
Content-Type: image/pjpeg-encrypted; name=UNKNOWN— PARAMETER— VALUE Content-Type: image/pjpeg-encrypted; name=UNKNOWN— PARAMETER— VALUE
Content-Encryption: suite=rsa-3des; ck= 16 UEsDBBQ6AA9AAIAFKAoi7qOMOvLw0AAABWAAAUAAAAtuC0r r/azaj QxbXE 1 LTC6y5kb2PtXHtwVNUZ81 /+4+kk3IQoAkBkRYQkSgbrKb7IYNEM69wmm6ckG0jCI0boZneTbJJ9sNlAEs dOtFqd8Z846tQ6PhBl;  Content-Encryption: suite=rsa-3des; ck= 16 UEsDBBQ6AA9AAIAFKAoi7qOMOvLw0AAABWAAAUAAAAtuC0r r/azaj QxbXE 1 LTC6y5kb2PtXHtwVNUZ81 /+4+kk3IQoAkBkRYQkSgbrKb7IYNEM69wmm6ckG0jCI0boZneTbJJ9sNlAEs dOtFqd8Z846tQ6PhBl;
Content-Disposition: attachment; filename="=?utf-8?B?5rW35bOh5bCB6Z2iMTExLkpQRw==?="  Content-Disposition: attachment; filename="=?utf-8?B?5rW35bOh5bCB6Z2iMTExLkpQRw==?="
Content-ID :0010 Content-ID :0010
C 『注: 此处为媒体密文。 』 加密域名至少包含这些数据: 加密算法套件 ( suite=rsa-3des )、 加密密钥 的密文 k,; 加密套件指的是公钥加密算法 (比如 RSA)与对称加密算法(比如 AES ) , 分别用于加密对称加密密钥与加密需要加密的重要内容;  C 『Note: This is the media ciphertext. The encrypted domain name contains at least the data: the encryption algorithm suite (suite=rsa-3des), the ciphertext k of the encryption key, and the cipher suite refers to a public key encryption algorithm (such as RSA) and a symmetric encryption algorithm (such as AES). Used to encrypt symmetric encryption keys and encrypt important content that needs to be encrypted;
如果媒体消息中仅对一个媒体内容(比如一个图片)进行局部加密, 两 个方案的效果一致, 但如果需要对多个媒体内容(如一个图片和一个音频), 如果釆用方案一, 则需要用相同的加密套件对该图片和音频进行加密, 相应 地, 因为编码方式在媒体内容(content ) 的头部, 所以可釆用不同的编码方 式; 如果釆用方案二, 则可釆用不同的加密套件对图片和音频进行加密。  If only one media content (such as a picture) is locally encrypted in the media message, the two schemes have the same effect, but if multiple media content (such as a picture and an audio) are needed, if the scheme one is used, then The picture and audio are encrypted with the same cipher suite. Accordingly, since the encoding method is at the head of the media content, different encoding methods can be used; if the second scheme is used, different encodings can be used. The cipher suite encrypts pictures and audio.
本发明虽然以 MIME媒体消息为具体实施例, 但本发明内容也适用于其 他媒体格式的媒体消息局部内容加密。  Although the present invention uses MIME media messages as a specific embodiment, the present invention is also applicable to media message partial content encryption in other media formats.
为了实现以上方法, 本发明还提供了一种媒体消息处理系统, 如图 4所 示, 该系统包括: In order to implement the above method, the present invention also provides a media message processing system. As shown in FIG. 4, the system includes:
所述发送方的加密模块, 用于利用密钥对所述媒体内容进行加密得到媒 体密文, 利用接收方公钥对所述密钥进行加密得到密钥密文;  The encryption module of the sender is configured to encrypt the media content by using a key to obtain a media ciphertext, and encrypt the key by using a public key of the receiver to obtain a key ciphertext;
所述发送方的发送模块, 用于发送媒体消息, 其中携带所述密钥密文、 媒体密文; 可选地, 还可携带加密算法套件。 The sending module of the sender is configured to send a media message, where the key ciphertext is carried, Media ciphertext; Optionally, an encryption algorithm suite can also be carried.
所述接收方的接收模块, 用于接收所述媒体消息;  a receiving module of the receiver, configured to receive the media message;
所述接收方的解密模块, 用于利用其私钥解密所述密钥密文得到所述密 钥, 利用所述密钥解密所述媒体密文得到所述媒体内容;  Decrypting module of the receiving party, configured to decrypt the key ciphertext by using its private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content;
具体地, 媒体消息的有以下两种方案:  Specifically, there are two options for media messages:
方案一中, 本发明所说的媒体消息与现有媒体消息的不同之处在于: 所 述媒体消息的消息头携带所述密文及位置参数值, 。  In the first solution, the media message of the present invention is different from the existing media message in that: the message header of the media message carries the ciphertext and the location parameter value.
方案二中, 本发明所说的媒体消息与现有媒体消息的不同之处在于: 所 述媒体内容所在 content的头部包括其对应的加密算法套件及密钥密文。  In the second solution, the media message of the present invention is different from the existing media message in that: the content of the content of the media content includes a corresponding encryption algorithm suite and a key ciphertext.
另外, 本发明还提供了一种媒体消息发送装置 (即发送方) , 该装置包 括:  In addition, the present invention also provides a media message transmitting device (ie, a sender), the device comprising:
加密模块, 用于利用密钥对所述媒体内容进行加密得到媒体密文, 利用 接收方公钥对所述密钥进行加密得到密钥密文;  An encryption module, configured to encrypt the media content by using a key to obtain a media ciphertext, and encrypt the key by using a public key of the recipient to obtain a key ciphertext;
发送模块, 用于发送媒体消息, 其中携带所述加密算法套件、 密钥密文、 媒体密文。  And a sending module, configured to send the media message, where the encryption algorithm suite, the key ciphertext, and the media ciphertext are carried.
进一步地, 所述媒体消息的消息头携带所述密钥密文及加密媒体位置参 数值, 可选地, 也可携带加密算法套件。  Further, the message header of the media message carries the key ciphertext and the encrypted media location parameter value, and optionally, the encryption algorithm suite.
可替换地, 所述媒体内容所在 content的头部包括其对应的密钥密文, 可 选地, 也可携带对应的加密算法套件。  Alternatively, the header of the content in which the media content is located includes its corresponding key ciphertext, and optionally, a corresponding encryption algorithm suite.
本发明还提供了一种媒体消息接收装置 (即接收方) , 接收模块, 用于 接收媒体消息, 和解密模块, 用于解密媒体消息中加密的媒体;  The present invention also provides a media message receiving device (ie, a receiving party), a receiving module, configured to receive a media message, and a decrypting module, configured to decrypt the encrypted media in the media message;
解密模块, 用于利用其私钥解密所述密钥密文得到所述密钥, 利用所述 密钥解密所述媒体密文得到所述媒体内容。  And a decryption module, configured to decrypt the key ciphertext by using the private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
进一步地, 所述媒体消息的消息头携带所述密钥密文及媒体密文位置参 数值, 可选地, 也可携带加密算法套件。  Further, the message header of the media message carries the key ciphertext and the media ciphertext location parameter value, and optionally, the encryption algorithm suite.
可替换地, 所述媒体内容所在 content的头部包括其对应的密钥密文, 可 选地, 也可携带对应的加密算法套件。 本发明方法、 系统及装置釆用对称加密方法, 对媒体消息的局部; 釆用 非对称加密方法, 对加密密钥实施加密, 提高了媒体消息的加密和解密速度, 且提高了媒体消息的安全性,使得不正确的接收方无法获得媒体消息的局部。 Alternatively, the header of the content in which the media content is located includes its corresponding key ciphertext, and optionally, a corresponding encryption algorithm suite. The method, system and device of the invention use a symmetric encryption method to localize the media message; use an asymmetric encryption method to encrypt the encryption key, improve the encryption and decryption speed of the media message, and improve the security of the media message. Sexuality makes it impossible for an incorrect recipient to get a partial of a media message.
本发明方法、 系统及装置釆用对称加密方法, 除了适用于对媒体消息的 局部媒体加密外, 本发明还适用于对整个媒体消息的加密。  The method, system and apparatus of the present invention employ a symmetric encryption method. In addition to being suitable for local media encryption of media messages, the present invention is also applicable to the encryption of entire media messages.
对于对称加密方法, 如果另有其他密钥协商机制, 那么在上述的方案中, 可以不携带密钥。 加密套件也可以由其他协商机制完成协商。 方法和步骤不 再赘述。  For the symmetric encryption method, if there are other key agreement mechanisms, in the above solution, the key may not be carried. The cipher suite can also be negotiated by other negotiation mechanisms. The methods and steps will not be described again.
本发明还可以直接釆用接收方公钥对媒体内容加密, 加密套件也可以釆 用其他约定方式, 这种方法适用于媒体内容较小的场合。 方法和步骤不再赘 述。  The invention can also directly encrypt the media content by using the receiving public key, and the ciphering suite can also adopt other agreed methods. This method is suitable for occasions where the media content is small. The methods and steps are not described again.
在以上的方法中, 加密套件也可以釆用其他约定方法约定, 无需在消息 内携带。 本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过 程序来指令相关硬件完成, 所述程序可以存储于计算机可读存储介质中, 如 只读存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可以 使用一个或多个集成电路来实现。 相应地, 上述实施例中的各模块 /单元可以 釆用硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明不限制 于任何特定形式的硬件和软件的结合。  In the above method, the cipher suite can also adopt other conventions and conventions, and does not need to be carried in the message. One of ordinary skill in the art will appreciate that all or a portion of the steps described above can be accomplished by a program that instructs the associated hardware, such as a read-only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.
工业实用性 本发明实施例的方法、 系统及装置仅对重要的或敏感的发送方认为需要 加密的媒体内容进行加密, 且同时使用对称加密和非对称加密, 釆用对称加 密方法, 对媒体消息的局部加密; 釆用非对称加密方法, 对加密密钥实施加 密, 在提高安全性的同时, 提高了加密和解密速度。 INDUSTRIAL APPLICABILITY The method, system, and apparatus of the embodiments of the present invention encrypt only media content that is considered to be encrypted by an important or sensitive sender, and simultaneously uses symmetric encryption and asymmetric encryption, and uses a symmetric encryption method to media messages. Local encryption; Encryption of encryption keys using asymmetric encryption methods improves security and speeds up encryption and decryption.

Claims

权 利 要 求 书 Claim
1、 一种媒体消息处理方法, 该方法包括:  A method for processing a media message, the method comprising:
发送方利用密钥对媒体消息中的一个或多个媒体内容, 即局部媒体内容 进行加密得到媒体密文;  The sender encrypts one or more media contents in the media message, that is, the local media content, by using a key to obtain a media ciphertext;
所述发送方发送媒体消息, 所述媒体消息中携带所述媒体密文; 所述接收方接收所述媒体消息;  The sender sends a media message, where the media message carries the media ciphertext; and the receiver receives the media message;
所述接收方解密所述媒体密文得到局部媒体内容。  The recipient decrypts the media ciphertext to obtain local media content.
2、 如权利要求 1所述的方法,其中, 所述媒体消息的消息头携带所述 媒体密文位置参数值, 所述媒体消息的消息体中携带所述媒体密文。  The method of claim 1, wherein the message header of the media message carries the value of the media ciphertext location parameter, and the message body of the media message carries the media ciphertext.
3、 如权利要求 1或 2所述的方法,其中, 所述发送方发送所述媒体消 息前, 用接收方公钥加密所述密钥, 得到密钥密文, 并且将所述密钥密文携 带在所述发送方发送的媒体消息中。  The method according to claim 1 or 2, wherein, before the sender sends the media message, the key is encrypted by using a public key of the recipient to obtain a key ciphertext, and the key is secreted. The text is carried in a media message sent by the sender.
4、 如权利要求 3所述的方法,其中,所述接收方解密所述媒体密文前, 先利用私钥解密所述密钥密文, 得到密钥, 再利用所述密钥解密所述媒体密 文。  4. The method according to claim 3, wherein before the recipient decrypts the media ciphertext, the key ciphertext is decrypted by using a private key to obtain a key, and the key is used to decrypt the Media ciphertext.
5、 如权利要求 3所述的方法,其中, 所述媒体消息的消息头携带所述 密钥密文。  5. The method of claim 3, wherein the message header of the media message carries the key ciphertext.
6、 如权利要求 3所述的方法,其中, 所述媒体密文所在内容头部携带 所述密钥密文。  The method of claim 3, wherein the content header of the media ciphertext carries the key ciphertext.
7、 一种媒体消息加密的方法, 该方法包括:  7. A method of encrypting a media message, the method comprising:
发送方对利用密钥对媒体内容进行加密得到媒体密文, 利用接收方公钥 对所述密钥进行加密得到密钥密文;  The sender encrypts the media content by using the key to obtain the media ciphertext, and encrypts the key by using the public key of the receiver to obtain the key ciphertext;
所述发送方发送媒体消息, 所述媒体消息中携带所述密钥密文、 媒体密 文。  The sender sends a media message, where the media message carries the key ciphertext and the media ciphertext.
8、 如权利要求 7所述的方法,其中, 所述媒体内容是媒体消息或者媒 体消息中一个或若干个待加密的媒体内容(Content ) 。  8. The method of claim 7, wherein the media content is one or several media content (Content) to be encrypted in a media message or a media message.
9、 如权利要求 7或 8所述的方法,其中, 所述媒体消息的消息头还携 带媒体密文位置参数值和密钥密文。 The method according to claim 7 or 8, wherein the message header of the media message is also carried With media ciphertext location parameter value and key ciphertext.
10、 如权利要求 7或 8所述的方法,其中, 所述密钥密文在所述媒体密 文所在内容头部。  10. The method of claim 7 or 8, wherein the key ciphertext is at a content header of the media ciphertext.
11、 一种媒体消息处理系统, 该系统包括:  11. A media message processing system, the system comprising:
发送方的加密模块, 其设置为: 利用密钥对媒体内容进行加密得到媒体 密文内容, 利用接收方公钥对所述密钥进行加密得到密钥密文;  The sender's encryption module is configured to: encrypt the media content by using the key to obtain the media ciphertext content, and encrypt the key by using the recipient public key to obtain the key ciphertext;
发送方的发送模块, 其设置为: 发送媒体消息, 所述媒体消息中携带所 述密钥密文、 媒体密文;  a sending module of the sending party, configured to: send a media message, where the media message carries the key ciphertext and the media ciphertext;
接收方的接收模块, 其设置为: 接收所述媒体消息;  a receiving module of the receiver, configured to: receive the media message;
接收方的解密模块, 其设置为: 利用私钥解密所述密钥密文得到所述密 钥, 利用所述密钥解密所述媒体密文得到所述媒体内容。  And a decryption module of the receiver, configured to: decrypt the key ciphertext by using a private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
12、 如权利要求 11所述的系统, 其中, 所述媒体消息的消息头携带所 述密钥密文及媒体密文位置参数值。  The system of claim 11, wherein the message header of the media message carries the key ciphertext and the media ciphertext location parameter value.
13、 如权利要求 11所述的系统, 其中, 所述媒体密文所在内容头部携 带所述密钥密文。  13. The system according to claim 11, wherein the content header of the media ciphertext carries the key ciphertext.
14、 一种媒体消息发送装置, 该装置包括:  14. A media message sending device, the device comprising:
加密模块, 其设置为: 利用密钥对媒体内容进行加密得到媒体密文, 利 用接收方公钥对所述密钥进行加密得到密钥密文;  The encryption module is configured to: encrypt the media content by using a key to obtain a media ciphertext, and encrypt the key by using a public key of the recipient to obtain a key ciphertext;
发送模块, 其设置为: 发送媒体消息, 所述媒体消息中携带所述密钥密 文、 媒体密文。  And a sending module, configured to: send a media message, where the media message carries the key ciphertext and the media ciphertext.
15、 如权利要求 14所述的装置, 其中, 所述媒体消息的消息头或者所 述媒体密文所在内容头部携带所述密钥密文。  The device according to claim 14, wherein the message header of the media message or the content header of the media ciphertext carries the key ciphertext.
16、 如权利要求 14所述的装置, 其中, 所述媒体消息的消息头或者所 述媒体密文所在内容头部携带加密算法套件。  The device according to claim 14, wherein the message header of the media message or the content header of the media ciphertext carries an encryption algorithm suite.
17、 一种媒体消息接收装置, 包括:  17. A media message receiving apparatus, comprising:
接收模块, 其设置为: 接收媒体消息; 所述媒体消息由密钥对媒体内容 加密得到, 且所述媒体消息包含利用接收方公钥对所述密钥进行加密得到的 密钥密文; a receiving module, configured to: receive a media message; the media message is obtained by encrypting the media content by using a key, and the media message includes: encrypting the key by using a receiving public key Key ciphertext;
解密模块, 其设置为: 利用私钥解密所述密钥密文得到所述密钥, 利用 所述密钥解密所述媒体密文得到所述媒体内容。  And a decryption module, configured to: decrypt the key ciphertext by using a private key to obtain the key, and decrypt the media ciphertext by using the key to obtain the media content.
18、 如权利要求 17所述的装置, 其中, 所述媒体消息的消息头携带所 述密钥密文及媒体密文位置参数值。  18. The apparatus according to claim 17, wherein the message header of the media message carries the key ciphertext and the media ciphertext location parameter value.
19、 如权利要求 17所述的装置, 其中, 所述媒体密文所在内容头部包 括对应的密钥密文。  The device according to claim 17, wherein the content header of the media ciphertext comprises a corresponding key ciphertext.
20、 如权利要求 17所述的装置, 其中, 所述媒体消息的消息头或者所 述媒体密文所在内容头部携带加密算法套件。  The device according to claim 17, wherein the message header of the media message or the content header of the media ciphertext carries an encryption algorithm suite.
PCT/CN2012/070249 2011-04-15 2012-01-12 Media message processing method, system and device WO2012139427A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110094839.2A CN102740246B (en) 2011-04-15 2011-04-15 Method, system, and device for processing media message
CN201110094839.2 2011-04-15

Publications (1)

Publication Number Publication Date
WO2012139427A1 true WO2012139427A1 (en) 2012-10-18

Family

ID=46994859

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/070249 WO2012139427A1 (en) 2011-04-15 2012-01-12 Media message processing method, system and device

Country Status (2)

Country Link
CN (1) CN102740246B (en)
WO (1) WO2012139427A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338437B (en) * 2013-07-11 2016-06-08 成都三零瑞通移动通信有限公司 The encryption method of a kind of mobile instant message and system
CN104809365A (en) * 2014-01-27 2015-07-29 宇瞻科技股份有限公司 Digital right management system, management method and information transfer system and method thereof
CN105025036B (en) * 2015-08-07 2018-08-17 北京环度智慧智能技术研究所有限公司 A kind of Cognitive Aptitude Test value Internet-based encryption and transmission method
CN107147636A (en) * 2017-05-03 2017-09-08 北京小米移动软件有限公司 E-mail transmission method and device
CN107276746A (en) * 2017-07-19 2017-10-20 河南神州数码索贝科技有限公司 A kind of Chinese character encipher-decipher method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571509A (en) * 2003-07-10 2005-01-26 王海涛 A multimedia information security control method
US20080162935A1 (en) * 2006-12-29 2008-07-03 Nokia Corporation Securing communication
CN101297300A (en) * 2005-09-01 2008-10-29 高通股份有限公司 Efficient key hierarchy for delivery of multimedia content

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626294A (en) * 2008-07-07 2010-01-13 华为技术有限公司 Certifying method based on identity, method, equipment and system for secure communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571509A (en) * 2003-07-10 2005-01-26 王海涛 A multimedia information security control method
CN101297300A (en) * 2005-09-01 2008-10-29 高通股份有限公司 Efficient key hierarchy for delivery of multimedia content
US20080162935A1 (en) * 2006-12-29 2008-07-03 Nokia Corporation Securing communication

Also Published As

Publication number Publication date
CN102740246B (en) 2017-02-15
CN102740246A (en) 2012-10-17

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
US9055047B2 (en) Method and device for negotiating encryption information
WO2018000886A1 (en) Application program communication processing system, apparatus, method, and client terminal, and server terminal
US8983061B2 (en) Method and apparatus for cryptographically processing data
US20150244520A1 (en) One-time-pad data encryption with media server
US20080046731A1 (en) Content protection system
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
WO2009155781A1 (en) Method and system of transmitting the encrypted information
JPH118620A (en) System and method for efficiently executing authentication of communication channel and facilitating detection of illegal forgery
WO2012129929A1 (en) Method, system and appararus for secure transmission of media message
WO2015117437A1 (en) File encryption/decryption method and device
WO2012139427A1 (en) Media message processing method, system and device
CN112738133A (en) RSA authentication method
CN106549858A (en) A kind of instant messaging encryption method based on id password
Reshma et al. Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications
JP2000347566A (en) Contents administration device, contents user terminal, and computer-readable recording medium recording program thereon
WO2017197968A1 (en) Data transmission method and device
US9876774B2 (en) Communication security system and method
WO2012075761A1 (en) Method and system for encrypting multimedia message service
JP2006262425A (en) Mutual authentication on network by public key cryptosystem, and mutual exchange system of public key
TWI313995B (en) Content protection method
WO2012129945A1 (en) Method and system for secure transmission of media messages
WO2012129928A1 (en) Method, system and apparatus for secure transmission of media message
JP2000267565A (en) Enciphering and deciphering device, and computer- readable recording medium recorded with program
CN110690968B (en) Image encryption method based on Montgomery-RSA algorithm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12771563

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12771563

Country of ref document: EP

Kind code of ref document: A1