CN100479568C - Implementation scheme for secrecy phone of the smart mobile terminal - Google Patents
Implementation scheme for secrecy phone of the smart mobile terminal Download PDFInfo
- Publication number
- CN100479568C CN100479568C CNB2006101696006A CN200610169600A CN100479568C CN 100479568 C CN100479568 C CN 100479568C CN B2006101696006 A CNB2006101696006 A CN B2006101696006A CN 200610169600 A CN200610169600 A CN 200610169600A CN 100479568 C CN100479568 C CN 100479568C
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- intelligent mobile
- data
- code phone
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The disclosed code telephone implementation scheme on intelligent mobile terminal comprises: using SMS to obtain target IP address then certify ID; in speech communication state, reading in speech signal from microphone to compress and encipher and write data into the loudspeaker. Unlike to traditional method, this invention needs no any modification on terminal hardware, just installs software into user terminal, and has well security and compatibility fit to wide application.
Description
Technical field
The present invention relates to moving communicating field, specifically, the present invention has provided a kind of scheme that realizes code phone on intelligent terminal.
Background technology
Developing rapidly of mobile communication pushed people's life to convenience with quick.Yet our free communication is to realize in the communication space of an opening.In this space, except the both sides of communication, such as being not intended to the person, the assailant, third parties such as Virtual network operator are the obtaining communication content equally quickly and easily---and mobile communication has brought convenience with quick to us, but our privacy is made public.
Security work in the tradition mobile communication mainly is divided into following three classes:
1) Virtual network operator employed data encryption in communication protocol.Because the communication protocol of mobile communications network and the opening of communication space make that the fail safe of this mode is not fine;
2) data encryption in device design, carried out of portable terminal manufacturer.The mobile communication terminal manufacturer has carried out data encryption by the mode that hardware is changed, consider from the angle of fail safe, this truly had very big improvement, but it's a pity, this mode is also infeasible on ordinary terminal, can only use special equipment, and cost is higher relatively.
3) third party developer is by bluetooth, and connected modes such as USB are placed on data encryption work on the own hardware module of developing and realize, thereby finish the code phone function.This mode requires the user to be equipped with a third party device, but also requires at any time band at one's side, is not fine on still being convenience from cost.
Mobile communication develops into today, and is more and more universal.In recent years, current collection words, data processing, multi-functional portable terminal such as amusement has been walked close to domestic consumer gradually, Here it is intelligent mobile terminal, its typical case's representative has intelligent intelligent mobile terminal, PDA etc.Intelligent mobile terminal generally possesses recording, playback, video recording, video reproduction, software and hardware conditions such as radio communication also have one group of processor (generally be responsible for the DSP of data processing by one or two, and a high-end ARM who is responsible for control forming) that disposal ability is quite powerful simultaneously, can be competent at voice fully and handle in real time, work such as real-time encrypted grade.
2.5 generation techniques of mobile communications network (GPRS and CDMA) have obtained using widely, its main feature is embodied in the data service---and provide end to end, wireless IP or wirelessly X.25 connect, have real-time online, charge according to quantity, quick login, high-speed transfer, advantage such as switching freely.The speed theoretical peak of GPRS is up to 171.2Kbps, usually also can reach 30-50Kbps under the network condition, and the theoretical speed of CDMA can reach 153.6kbps, measured data speed average out to 80kbps, and the speech code stream of this feasible compression transmits by IP and has very strong feasibility.
Summary of the invention
Based on these, the present invention proposes a kind of code phone scheme that on intelligent mobile terminal, realizes, this scheme is not done any change to the hardware of portable terminal, need not add any third party's hardware yet, is installed on user's the intelligent mobile terminal as long as will realize the software of this scheme, just can carry out secret telephony with the user who has same intelligent mobile terminal, its fail safe is good, realizes easily, and is with low cost, compatible good, have good practical value!
The scheme that on intelligent mobile terminal, realizes code phone that the present invention proposes, utilize the programmable functions of intelligent mobile terminal and powerful processing capacity, obtain the other side's IP address by note, then user both sides are carried out authentication, after entering the voice communication state, read voice signal from Mike, it is carried out compressed encoding, encrypt, pass through mobile communication data business after the packing, form with the IP data sends to the other side, after the other side receives VoP, it is decrypted, decoding, then data are write loud speaker, thereby finish the transmission of maintaining secrecy in real time of voice, realize the code phone function.
More clear for the description that makes scheme, scheme has been constructed following secure voice communications agreement:
1) agreement denotational description:
The PKI identity authorization system that is adopted in the scheme is (M, C, K
Rc, K
Pc, E
Pc, D
Pc), common key cryptosystem is (M, C, K
r, K
p, E
p, D
p), symmetric cryptosystem is (M, C, K
s, E
s, D
s), data compression system is (M, C, E
d, D
d).
A, B represent legal secure communication promoter and recipient respectively; T
a, T
bThe intelligent mobile terminal of representing A and B respectively; IP
a, IP
bThe IP information of representing A and B respectively; I
a, I
aThe identity information of representing A and B respectively; K
Pa, K
Pb, K
PcRepresent A respectively, the PKI of B and the CA of certification authority; K
Ra, K
Rb, K
RcRepresent A respectively, the private key of B and CA; C
a, C
bRepresent that respectively CA is presented to the certificate of A and B, wherein C
a=I
a+ E
Pc(K
Rc, I
a)+E
Pc(K
Rc, K
Pa), C
b=I
b+ E
Pc(K
Rc, I
b)+E
Pc(K
Rc, K
Pb); R
A0And R
B0Represent the checking random number that A and B produce respectively; K
sCommunication symmetric key for scheme; S represents data message;
2) protocol description:
In order to distinguish order bag and general data bag in communication process, scheme has been constructed packet structure shown in Figure 1 (not comprising the Setup bag of initiating communication).First byte of packet is packet packet header, and in order to the correlation properties of expression current data packet, a plurality of bytes of back are the data content of current data packet.
The structure in packet packet header as shown in Figure 2.Packet packet header is with a byte representation, the highest order of this byte is represented the character of current bag: current data packet is order Bao Shiwei 0, current data packet is general data Bao Shiwei 1, the data length (not comprising a byte) of low seven bit representation current data packet, therefore, each packet is the longest to be 129 bytes, and data content is the longest to be 128 bytes.
Setup bag is different with other packet, its form as shown in Figure 3, first byte of bag be a common intelligent mobile terminal in note the character that can not import, the back connects the data content of fixed length.
The communication process of scheme as shown in Figure 4, by authentication, part such as three of key management and voice communications etc. is formed, and specifically describes as follows:
A, authentication agreement:
In order to guarantee to give validated user, the identification authentication mode that scheme has adopted password to combine with certificate the content delivery of secure communication.Simultaneously, for the resistance of raising scheme to Replay Attack, scheme has also adopted random two-way number symmetry authentication policy.Specifically describe as follows:
A) A opens code phone program, T
aRequire input code phone password.If password is correct, then to T
bTransmission is by IP
aAnd C
aThe Setup bag that constitutes is initiated communication;
B) T
bChecking C
aLegitimacy:
I′
a=D
pc(K
pc,E
pc(K
rc,I
a))
If I '
a=I
a, C then
aLegal.Then from C
aThe middle K that extracts
Pa:
K
pa=D
pc(K
pc,E
pc(K
rc,K
pa))
This moment T
bRequire B input code phone password;
C) if the password of B input is correct, T
bGenerate a checking random number R
B0, in order to checking T
aLegitimacy, and use K
PaIt is encrypted:
R
b1=E
p(K
pa,R
b0)
Then with R
B1, IP
bAnd C
bReturn to T together
a
D) T
aChecking C
bLegitimacy:
I′
b=D
pc(K
pc,E
pc(K
rc,I
b))
If I '
b=I
b, C then
bLegal.Then from C
bThe middle K that extracts
Pb:
K
pb=D
pc(K
pc,E
pc(K
rc,K
pb))
And extraction T
bThe checking random number R
B2:
R
b2=D
p(K
ra,R
b1)
Generate a checking random number R simultaneously
A0, in order to checking T
bLegitimacy, and use K
PbTo R
A0And R
B2Encrypt:
R
a1=E
p(K
pb,R
a0)
R
b3=E
p(K
pb,R
b2)
Then with R
A1And R
B3Send to T together
b
E) T
bExtract the checking random number R
B4:
R
b4=D
p(K
rb,R
b3)=D
p(K
rb,E
p(K
pb,D
p(K
ra,E
p(K
pa,R
b0))))
And if only if K
Pa, K
Ra, K
Pb, K
RbWhen all legal, R
B4=R
B0Set up, so far T
bTo T
aLegitimate verification finish.Extract T then
aThe checking random number R
A2:
R
a2=D
p(K
rb,R
a1)
Use K
PaIt is encrypted:
R
a3=E
p(K
pa,R
a2)
And with R
A3Be returned to T
a, T
bEnter the key management state.
F) T
aThe checking random number R
A4:
R
a4=D
p(K
ra,R
a3)=D
p(K
ra,E
p(K
pa,D
p(K
rb,E
p(K
pb,R
a0))))
And if only if K
Pa, K
Ra, K
Pb, K
RbWhen all legal, R
A4=R
A0Set up, so far T
aTo T
bLegitimate verification finish T
aEnter the key management state.
In the authentication process,, all will send " authentication failure " information to the other side, and withdraw from the code phone program if there is any one authentication link to obtain the result who negates.
B, IKMP:
Owing to consider that (key of public key algorithm is not to changing for a long time usually for the arithmetic speed of public key encryption algorithm and the right fail safe of key thereof, if come big data on flows such as voice or image is encrypted with it, can provide a very big ciphertext sample to the assailant, right fail safe is a very big hidden danger to the public key algorithm key for this), scheme has adopted the symmetric cryptographic algorithm of the key of once communicating by letter to come data are encrypted.This just requires the code phone program to have key management functions, comprises two subfunctions of cipher key change and cipher key destruction, specifically describes as follows:
A) T
aProduce the key of a plurality of symmetric cryptographic algorithms at random, and therefrom select the most healthy and the strongest a symmetric key K as this communication
sUse K then
PbIt is encrypted:
K′
s=E
p(K
pb,K
s)
With K '
sPass to T
b, and enter the data-voice communications status.
B) T
bTo K '
sBe decrypted:
K″
s=D
p(K
rb,K′
s)=D
p(K
rb,E
p(K
pb,K
s))=K
s
Thereby obtain K
s, and and T
aInformation that feedback " is obtained the key success " enters the voice communication state then.
C) work as T
aAnd T
bAfter both sides had confirmed this end of conversation, both sides carried out cipher key destruction, did not stay any information relevant with this communication key.Withdraw from the code phone program then.
C, secure voice communication agreement:
After authentication and the cipher key change, the voice communication stage is used for guaranteeing the safe and effective transmission of speech data, and the status of communicating pair is equity fully, specifically describes as follows:
A) both sides have K
sAfterwards, T
aObtain speech data S from upper level applications, data compressed with compression algorithm:
S
c=E
d(S)
Use K
sTo S
cCarry out symmetric cryptography:
S′
c=E
s(K
s,S
c)
Then with S '
cBe transferred to T
b
B) T
bTermination is received T
aAfter the data that transmit, use K
sIt is carried out the symmetry deciphering:
S″
c=D
s(K
s,S′
c)=D
s(K
s,E
s(K
s,S
c))=S
c
Speech data S after promptly obtaining compressing
c, with decompression algorithm data are carried out decompress(ion) again:
S=D
d(S
c)
Thereby obtain speech data S, offer the code phone program;
C) T
aEnd also can be by same mode to T
bTransmitting audio data, thus the code phone function finished.
The content realizing the scheme of code phone on the intelligent mobile terminal that the present invention proposes is: realize and move a software on intelligent mobile terminal, this software is realized the identification and the authentication of communicating pair by the authentication agreement in the secure voice communications agreement, realize both sides' key agreement and cipher key change by the IKMP in the secure voice communications agreement, realize the safe and secret transmission of both sides' voice by the secure voice communication agreement in the secure voice communications agreement, thereby realize whole code phone function.
Description of drawings
Fig. 1 is a packet structure of the present invention.
Fig. 2 is a packet head-coating structure of the present invention.
Fig. 3 is a Setup pack arrangement of the present invention.
Fig. 4 is a communication flow diagram of the present invention.
Embodiment
Because the IP of intelligent mobile terminal is by the network dynamic assignment in terminal entering network, the communication initiator only knows the other side's international mobile subscriber identity IMSI, and do not know its IP address, and the speech data in the scheme is to transmit in the mode of IP bag by GPRS, and this just requires scheme to have the function of obtaining the other side IP.In scheme, initiate the character that the Setup bag of communication can not import in note for the general intelligence portable terminal ' 0x1B ', in order to distinguishing Sctup bag note and normal short message, the data of back are the IP address ips of originating end of communicating by letter
aIn communication process, the Setup bag is realized by note: a note trace routine is installed in the intelligent mobile terminal at two ends, when intelligent mobile terminal receives new note, new message is detected, if current note is a normal short message, then do not operate; If Setup bag note, then the short message reading content sends the IP phone program to, then note is deleted.
Consider that intelligent movable portable terminal disposal ability is limited, adopted algorithm complex relatively low in the scheme, code check be 8kbps G.729A as voice compression algorithm, and it has been carried out the time-optimized of height, satisfying the real-time requirement of compress speech.In addition, public key algorithm and certification authentication algorithm all are RSA, and symmetric cryptographic algorithm is 3DES.The specific implementation step is as follows:
1) the A end subscriber is at T
aOn open the code phone program, the input user password, enter the code phone program;
2) A is at T
aLast input T
bInternational mobile subscriber identity IMSI, the Setup bag that will contain this machine IP and certificate sends to B end intelligent mobile terminal as note, initiates communication;
3) T
bThe note trace routine detect the Setup bag that A end sends after, read the Setup bag, after certificate is wherein verified, take out the PKI of A.Then will be with the checking random number behind the rsa encryption, IP of oneself and certificate send to T
a
4) T
aCertificate to B authenticates, and the organic number of checking of deciphering B generates own checking random number then, with the two with rsa encryption after passback to T
b
5) T
bThe checking random number that checking is beamed back, and after the checking random number deciphering with A, return to T with rsa encryption again
a
6) T
aThe checking random number beamed back of checking generates communication then and uses symmetric key, and sends to T after with RSA it being encrypted
b, enable T simultaneously
aThe ring-back of self, the other side's off-hook is waited in expression;
7) T
bAfter receiving the key information that A sends, it is decrypted, enables T simultaneously with RSA
bThe ring of self." obtain the key success " to A end feedback behind the B end off-hook, enter the voice communication state simultaneously;
8) T
aReceive T
bAfter " obtaining the key success " information of sending, close ring-back, enter the voice communication state;
9) after the either party enters the voice communication state, read in voice messaging from Mike, adopt G.729A that data compression algorithm compresses it, with 3DES packed data is encrypted, the mode by the IP data sends to the other side then; After the other side receives data, with 3DES it is decrypted earlier, uses data decompression algorithm G.729A that it is carried out decompress(ion) again, deliver to loud speaker then;
10) in this process,, then do not enter all packets that a side of voice communication state receives and all will be dropped if wherein the either party does not also enter the voice communication state.Up to both sides' off-hook all, just enter normal voice communication course.
11) if wherein side's on-hook perhaps determines to stop communication, then send an End bag to the other side, the other side also returns an End bag, finishes whole communication process.Right latter two intelligent mobile communication terminal all carries out symmetric key to be destroyed, to guarantee the safety of key.
Claims (7)
1, the code phone implementation method on the intelligent mobile terminal, make full use of the programmable functions of intelligent mobile terminal, powerful processing capacity, data service function and IP data communications function, realize by the code phone software that operates on the intelligent mobile terminal, this software has been realized authentication agreement, IKMP and the secure voice communications agreement in the secure voice communications agreement, and its workflow is as follows:
1) the A end subscriber is at its intelligent mobile terminal T
aOn open code phone software, the input user password enters code phone software, the intelligent mobile terminal T of input B end subscriber
bInternational mobile subscriber identity IMSI, the digital certificate of this machine IP, the PKI that includes A and identity information is sent to T as the Setup bag with the form of note
b, initiate communication;
2) T
bNote detect the Setup bag that software detection sends to the A end after, read the Setup bag, after certificate is wherein verified, the PKI of taking-up A; Then will be with the checking random number behind the rsa encryption, the certificate of the IP of oneself, the PKI that includes B and identity information sends to T
a
3) T
aCertificate to B authenticates, and the checking random number of deciphering B generates own checking random number then, and the checking random number of the checking random number of the B after will decipher again and own generation returns to T after with rsa encryption
b
4) T
bChecking is through T
aThe checking random number of the B that beams back, and after the checking random number deciphering with A, give T with passback behind the rsa encryption
a
5) T
aChecking T
bThe checking random number of the A that beams back generates communication then and uses symmetric key, and sends to T after with RSA it being encrypted
b, enable T simultaneously
aThe ring-back of self, the other side's off-hook is waited in expression;
6) T
bAfter receiving the key information that A sends, it is decrypted, enables T simultaneously with RSA
bThe ring of self; " obtain the key success " to A end feedback behind the B end off-hook, enter the voice communication state simultaneously;
7) T
aReceive T
bAfter " obtaining the key success " information of sending, close ring-back, enter the voice communication state;
8) after the either party enters the voice communication state, read in voice messaging from Mike, adopt G.729A that data compression algorithm compresses it, with 3DES packed data is encrypted, the mode by the IP data sends to the other side then; After the other side receives data, with 3DES it is decrypted earlier, uses data decompression algorithm G.729A that it is carried out decompress(ion) again, deliver to loud speaker then;
9) in this process,, then do not enter all packets that a side of voice communication state receives and all will be dropped if wherein the either party does not also enter the voice communication state; Up to both sides' off-hook all, just enter normal voice communication course;
10) if wherein side's on-hook perhaps determines to stop communication, then send an End bag to the other side, the other side also returns an End bag, finishes whole communication process; Right latter two intelligent mobile communication terminal all carries out symmetric key to be destroyed, to guarantee the safety of key.
2, the code phone implementation method on the intelligent mobile terminal according to claim 1, it is characterized in that: utilize the programmable functions of intelligent mobile terminal and powerful processing capacity, realize the compression and the decompression of speech data, encrypt and decrypt, again by its data service, in the mode of IP data, finish the secret real-time Transmission of voice, realize mobile code phone function.
3, the code phone implementation method on the intelligent mobile terminal according to claim 1, it is characterized in that: this method is finished by the software that operates on the intelligent mobile terminal, the hardware of intelligent mobile terminal is not changed.
4, the code phone implementation method on the intelligent mobile terminal according to claim 1 is characterized in that: designed a kind of secure voice communications agreement for this method special use.
5, the code phone implementation method on the intelligent mobile terminal according to claim 1 is characterized in that: constructed a kind of packet of special use, packet packet header and Setup packet format.
6, the code phone implementation method on the intelligent mobile terminal according to claim 1 is characterized in that: intelligent mobile terminal obtains the other side's IP address by note.
7, the code phone implementation method on the intelligent mobile terminal according to claim 1 is characterized in that: the code phone on the intelligent mobile terminal need not directly realize ip voice communication end to end by third party's private server of communicating by letter.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2006101696006A CN100479568C (en) | 2006-12-25 | 2006-12-25 | Implementation scheme for secrecy phone of the smart mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2006101696006A CN100479568C (en) | 2006-12-25 | 2006-12-25 | Implementation scheme for secrecy phone of the smart mobile terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101009886A CN101009886A (en) | 2007-08-01 |
CN100479568C true CN100479568C (en) | 2009-04-15 |
Family
ID=38697951
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2006101696006A Expired - Fee Related CN100479568C (en) | 2006-12-25 | 2006-12-25 | Implementation scheme for secrecy phone of the smart mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100479568C (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101635919B (en) * | 2009-08-20 | 2012-10-10 | 中兴通讯股份有限公司 | Encryption method and encryption system of IMS conference medium data of IP multimedia system |
WO2013008248A1 (en) * | 2011-05-25 | 2013-01-17 | Madaiah Vinod Kumar | Method and system for exchanging content among communication entities over communication network |
CN102231883A (en) * | 2011-07-11 | 2011-11-02 | 上海柯斯软件有限公司 | Teledata transmission content encrypting system and method based on RFID (radio frequency identification)-SIM (subscriber identity module) card |
CN106161376B (en) * | 2015-04-13 | 2020-01-14 | 中国移动通信集团公司 | End-to-end encrypted communication negotiation method and device |
CN106357940B (en) * | 2016-09-27 | 2019-04-30 | 北京安云世纪科技有限公司 | The method and apparatus of secret telephony |
-
2006
- 2006-12-25 CN CNB2006101696006A patent/CN100479568C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN101009886A (en) | 2007-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN201286113Y (en) | Wireless emission/receiving unit | |
TW435026B (en) | Method for securing over-the-air communication in a wireless system | |
CN104333455A (en) | Secrete communication system and method for smart phone | |
CN101583083B (en) | Implementation method of real-time data service and real-time data service system | |
US7284123B2 (en) | Secure communication system and method for integrated mobile communication terminals comprising a short-distance communication module | |
CN101384042A (en) | Mobile phone ciphering method based on safe digital interface ciphering card | |
CN203279187U (en) | Voice encryption bluetooth earphone with fingerprint identification function | |
CA2347806A1 (en) | Encryption and authentication methods and apparatus for securing telephone communications | |
JP2003522475A (en) | Method, system and mobile terminal for data accuracy check | |
CN101562813A (en) | Method for implementing real-time data service, real-time data service system and mobile terminal | |
CN100365971C (en) | Method for encoding and decoding communication data | |
WO2012024903A1 (en) | Method for encrypting voice calls in mobile communication network, and system, terminal, and network side thereof | |
CN101917711A (en) | Mobile communication system and voice call encryption method thereof | |
CN100479568C (en) | Implementation scheme for secrecy phone of the smart mobile terminal | |
JPWO2011111842A1 (en) | Secret communication method using VPN, system thereof, program thereof, and recording medium of program | |
CN112929339B (en) | Message transmitting method for protecting privacy | |
CN103096304A (en) | Method for encryption and decryption of secure voice tendencies of internet protocol (IP) network communication terminal | |
CN109922047A (en) | A kind of image delivering system and method | |
CN200990610Y (en) | Communication ciphered cell phone | |
CN101026636A (en) | Dual-channel communication terminal and its system, communication method using said terminal and long distance control method | |
CN115348579A (en) | Voice encryption method applied to wireless earphone and encryption type wireless earphone | |
WO2016082401A1 (en) | Conversation method and apparatus, user terminal and computer storage medium | |
WO2012024905A1 (en) | Method, terminal and ggsn for encrypting and decrypting data in mobile communication network | |
CN108390755A (en) | The safe input method of SIM pasting cards based on built-in security chip | |
CN102137394A (en) | Encrypted mobile communication terminal system and method under network access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090415 Termination date: 20100125 |