CN102195990A - Application of combined public key (CPK) authentication and encryption method to voice over Internet protocol (VOIP) - Google Patents
Application of combined public key (CPK) authentication and encryption method to voice over Internet protocol (VOIP) Download PDFInfo
- Publication number
- CN102195990A CN102195990A CN2011101757053A CN201110175705A CN102195990A CN 102195990 A CN102195990 A CN 102195990A CN 2011101757053 A CN2011101757053 A CN 2011101757053A CN 201110175705 A CN201110175705 A CN 201110175705A CN 102195990 A CN102195990 A CN 102195990A
- Authority
- CN
- China
- Prior art keywords
- user
- cpk
- application
- machine room
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses the application of a combined public key (CPK) authentication and encryption method to a voice over Internet protocol (VOIP). The encryption level of the voip can be effectively improved. The application is characterized in that: an intra-enterprise office network, an Internet data center (IDC) machine room and a mobile office user are involved, wherein the intra-enterprise office network has an intelligent mobile phone, an office computer, a management terminal and an internal machine room; the internal machine room is provided with a registration management server and an application authorization server; the registration management server issues a master certificate to the application authorization server; the IDC machine room is provided with an address resolution server and a communication forwarding gateway; the application authorization server issues a sub-certificate to the address resolution server; and the IDC machine room performs two-way communication data transmission and exchange, certificate downloading/activation and CPK two-way authentication with the mobile office user.
Description
Technical field
The present invention relates to a kind of CPK authentication encryption method, relate in particular to the application of a kind of CPK authentication encryption method on VOIP.
Background technology
Along with popularizing and the intelligentized continuous development of mobile phone terminal of 3G wireless network, ripe voip technology is introduced the mobile phone terminal platform and substituted existing plain old telephone based on voice-grade channel gradually more and more becomes a kind of trend.But for conversation fail safe aspect, the srtp technology secrecy degree that existing voip scheme is adopted is easy to crack relatively, can't satisfy its particular demands for the client of high privacy requirements.And traditional secret telephony scheme need be built dedicated network and custom terminal, the input cost height, and technology upgrading is slow.
Along with CPK authenticated encryption technology is introduced the VOIP scheme, can effectively improve voip and encrypt level, efficiently solve the reliability of voip secure communication, be a kind of enough reliable and cheap, be easy to realize, be easy to expand and the secret telephony solution of widespread adoption
Summary of the invention
In order to solve the deficiencies in the prior art, the invention provides a kind of application of CPK authentication encryption method on VOIP that can effectively improve voip encryption level.
In order to realize above-mentioned purpose, technical scheme of the present invention is to comprise enterprises office network, IDC machine room and mobile office user; Described enterprises office network has smart mobile phone, Office PC, office terminal and inner machine room, described inner machine room is provided with registration management server and uses authorization server, and described registration management server is provided the main symptom book to described application authorization server; Address analyzing server is set described IDC machine room and gateway is transmitted in communication, and described application authorization server is provided sub-certificate to described address analyzing server; Described IDC machine room and the exchange of described mobile office user transmitted in both directions communication data, certificate download/activation and CPK two-way authentication.
The user of above-mentioned smart mobile phone lands registration by the office terminal, input user profile obtains the main symptom book of described registration management server granting and uses authorization server and provide sub-certificate, the user is online obtain certificate and activate after, just can finish communication with described address analyzing server and described communication forwarding gateway interaction data.
Every communication function of above-mentioned application authorization server leading subscriber, and with described registration management server interaction data.
Above-mentioned CPK two-way authentication is that the user is at described registration management server input personally identifiable information, and generate unique ID, system provides a certificate that contains private key for user based on this ID for the user, the PKI matrix openly is issued to all users, when the user does authentication, at first exchange both sides ID, do compound operation according to ID and PKI matrix and obtain the other side's PKI, test to sign by own private key signature and the other side's PKI and finish verification process.
The invention has the beneficial effects as follows: mainly be to utilize data channel, the CPK authentication method is used at VoIP, realizes the encrypted speech communication of VoIP on the mobile network.Support software and hardware encipher, authenticated encryption is end to end carried out in each conversation, one-time pad or regularly change key, closing speed is fast, and access way is various, can MANET, use the CPK end to end security of conversing, more difficult being cracked.Based on existing platform, highly versatile, the technical foundation maturation, the extensibility height effectively reduces cost.
Description of drawings
Fig. 1 is a structured flowchart of the present invention
Embodiment
The present invention will be further described below in conjunction with drawings and Examples:
Embodiment the present invention includes enterprises office network, IDC machine room and mobile office user as shown in the figure; Described enterprises office network has smart mobile phone, Office PC, office terminal and inner machine room, described inner machine room is provided with registration management server and uses authorization server, and described registration management server is provided the main symptom book to described application authorization server; Address analyzing server is set described IDC machine room and gateway is transmitted in communication, and described application authorization server is provided sub-certificate to described address analyzing server; Described IDC machine room and the exchange of described mobile office user transmitted in both directions communication data, certificate download/activation and CPK two-way authentication.The user of described smart mobile phone lands registration by the office terminal, input user profile obtains the main symptom book of described registration management server granting and uses authorization server and provide sub-certificate, the user is online obtain certificate and activate after, just can transmit every communication function that the gateway interaction data be finished the described application authorization server of communication leading subscriber with described address analyzing server and described communication, and with described registration management server interaction data.Described CPK two-way authentication is that the user is at described registration management server input personally identifiable information, and generate unique ID, system provides a certificate that contains private key for user based on this ID for the user, the PKI matrix openly is issued to all users, when the user does authentication, at first exchange both sides ID, do compound operation according to ID and PKI matrix and obtain the other side's PKI, test to sign by own private key signature and the other side's PKI and finish verification process.
The internal office work network can be the fixed network of mobile radio communication or WIFI router, just can set up secure communication network voluntarily and use.The invention provides two kinds of forms of center mode and center mode, described center mode is arranged is mobile phone to the Sip center two-way by WiFi/WCDMA/GSM carry out called, call out and registration, realize handset call side and the point-to-point safety call of callee.Described no center mode is that mobile phone transmits the data radio station bi-directional data by WiFi, finishes the point-to-point safety call of calling party and callee.Described cellphone subscriber's endpoint registration uses the CPK authentication method that registration content is carried out encryption and decryption during to the Sip server; During calling handset terminal call called mobile phone terminal, use the CPK authentication method to carry out encryption and decryption to calling out interaction content; After calling handset terminal and called mobile phone terminal call were successfully set up, the content of conversation used CPK to carry out encryption and decryption, thereby has realized two-way authentication.The user becomes the sub-certificate of a plurality of application mandates by the main symptom inteilectual by described registration management server granting main symptom book and described application authorization server.The legitimacy of the sub-certificate that the first Authentication Client mandate of described address analyzing server is provided just resolves and lands service then, has avoided replacing and has attacked, and had the ability of resisting DoS attack; The SIP signaling is encrypted, can hide session channel, strengthened penetrability and the fail safe of SIP; Described application authorization server is according to different each user domain that are divided into of user area and institutional framework, can isolate or intersect mandate between the territory, satisfies user's actual needs flexibly; Client obtains by the address resolution service can directly not finish two-way authentication by third party CA, and set up safe SIP session after the partner address.
Claims (4)
1. the application of CPK authentication encryption method on VOIP comprises enterprises office network, IDC machine room and mobile office user; Described enterprises office network has smart mobile phone, Office PC, office terminal and inner machine room, described inner machine room is provided with registration management server and uses authorization server, and described registration management server is provided the main symptom book to described application authorization server; Address analyzing server is set described IDC machine room and gateway is transmitted in communication, and described application authorization server is provided sub-certificate to described address analyzing server; Described IDC machine room and the exchange of described mobile office user transmitted in both directions communication data, certificate download/activation and CPK two-way authentication.
2. according to the application of the described a kind of CPK authentication encryption method of claim 1 on VOIP, it is characterized in that: the user of described smart mobile phone lands registration by the office terminal, input user profile obtains the main symptom book of described registration management server granting and uses authorization server and provide sub-certificate, the user is online obtain certificate and activate after, just can finish communication with described address analyzing server and described communication forwarding gateway interaction data.
3. according to the application of the described a kind of CPK authentication encryption method of claim 1 on VOIP, it is characterized in that: every communication function of described application authorization server leading subscriber, and with described registration management server interaction data.
4. according to the application of the described a kind of CPK authentication encryption method of claim 1 on VOIP, it is characterized in that: described CPK two-way authentication is that the user is at described registration management server input personally identifiable information, and generate unique ID, system provides a certificate that contains private key for user based on this ID for the user, the PKI matrix openly is issued to all users, when the user does authentication, at first exchange both sides ID, do compound operation according to ID and PKI matrix and obtain the other side's PKI, test to sign by own private key signature and the other side's PKI and finish verification process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101757053A CN102195990A (en) | 2011-06-27 | 2011-06-27 | Application of combined public key (CPK) authentication and encryption method to voice over Internet protocol (VOIP) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101757053A CN102195990A (en) | 2011-06-27 | 2011-06-27 | Application of combined public key (CPK) authentication and encryption method to voice over Internet protocol (VOIP) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102195990A true CN102195990A (en) | 2011-09-21 |
Family
ID=44603377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101757053A Pending CN102195990A (en) | 2011-06-27 | 2011-06-27 | Application of combined public key (CPK) authentication and encryption method to voice over Internet protocol (VOIP) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102195990A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104080080A (en) * | 2014-06-05 | 2014-10-01 | 天地融科技股份有限公司 | Data processing system for voice communication |
| CN104753865A (en) * | 2013-12-27 | 2015-07-01 | 全联斯泰克科技有限公司 | Internet communication method and device based on VoIP protocol and CPK protocol |
| CN106559402A (en) * | 2015-09-30 | 2017-04-05 | 展讯通信(上海)有限公司 | The identity identifying method and device of user terminal and its encryption voice telephone service |
| CN107172008A (en) * | 2017-04-01 | 2017-09-15 | 北京芯盾时代科技有限公司 | A kind of system and method for carrying out multisystem certification and synchronization in a mobile device |
| CN109064004A (en) * | 2018-07-27 | 2018-12-21 | 苏州市千尺浪信息技术服务有限公司 | A kind of Intelligent Office space automated system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1829150A (en) * | 2006-04-10 | 2006-09-06 | 北京易恒信认证科技有限公司 | Gateway identification device and method based on CPK |
| CN1832403A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | CPK credibility authorization system |
| CN1859091A (en) * | 2006-06-06 | 2006-11-08 | 南相浩 | Credible link safety verifying system and method based on CPK |
-
2011
- 2011-06-27 CN CN2011101757053A patent/CN102195990A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1829150A (en) * | 2006-04-10 | 2006-09-06 | 北京易恒信认证科技有限公司 | Gateway identification device and method based on CPK |
| CN1832403A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | CPK credibility authorization system |
| CN1859091A (en) * | 2006-06-06 | 2006-11-08 | 南相浩 | Credible link safety verifying system and method based on CPK |
Non-Patent Citations (1)
| Title |
|---|
| 李楠: "《解放军信息工程大学,硕士学位论文》", 18 May 2011 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753865A (en) * | 2013-12-27 | 2015-07-01 | 全联斯泰克科技有限公司 | Internet communication method and device based on VoIP protocol and CPK protocol |
| CN104080080A (en) * | 2014-06-05 | 2014-10-01 | 天地融科技股份有限公司 | Data processing system for voice communication |
| CN104080080B (en) * | 2014-06-05 | 2018-01-16 | 天地融科技股份有限公司 | A kind of data handling system of voice call |
| CN106559402A (en) * | 2015-09-30 | 2017-04-05 | 展讯通信(上海)有限公司 | The identity identifying method and device of user terminal and its encryption voice telephone service |
| CN106559402B (en) * | 2015-09-30 | 2020-06-02 | 展讯通信(上海)有限公司 | User terminal and identity authentication method and device for encrypted voice telephone service thereof |
| CN107172008A (en) * | 2017-04-01 | 2017-09-15 | 北京芯盾时代科技有限公司 | A kind of system and method for carrying out multisystem certification and synchronization in a mobile device |
| CN107172008B (en) * | 2017-04-01 | 2019-10-18 | 北京芯盾时代科技有限公司 | A kind of system and method carrying out multisystem certification and synchronization in a mobile device |
| CN109064004A (en) * | 2018-07-27 | 2018-12-21 | 苏州市千尺浪信息技术服务有限公司 | A kind of Intelligent Office space automated system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100466805C (en) | Method for end-to-end enciphoring voice telecommunication | |
| CN101771535B (en) | Mutual authentication method between terminal and server | |
| KR101438243B1 (en) | Sim based authentication | |
| US20150089220A1 (en) | Technique For Bypassing an IP PBX | |
| CN105025475B (en) | Mobile secrecy terminal realizing method towards android system | |
| CN101207613A (en) | Method, system and apparatus for authentication of striding network area information communication | |
| CN103458400B (en) | A kind of key management method in voice encryption communication system | |
| CN102202299A (en) | Realization method of end-to-end voice encryption system based on 3G/B3G | |
| CN1249588A (en) | Method for updating encrypted shared data in radio communication system | |
| CN102195990A (en) | Application of combined public key (CPK) authentication and encryption method to voice over Internet protocol (VOIP) | |
| CN1249587A (en) | Method for mutual authentication and cryptographic key agreement | |
| CN101485177A (en) | Method of communicating between a first wireless phone and a second wireless phone | |
| JP2012525778A5 (en) | ||
| CN101635924A (en) | CDMA port-to-port encryption communication system and key distribution method thereof | |
| CN103391539A (en) | Internet protocol multimedia subsystem (IMS) account opening method, device and system | |
| CN104683098A (en) | Implementation method, equipment and system of secure communication service | |
| CN207490944U (en) | A kind of safe communication system based on SIP quantum network phones | |
| CN100571133C (en) | The implementation method of media flow security transmission | |
| CN103297940A (en) | Short message encryption communication system and method | |
| HK1081352A1 (en) | Method of secure communications between endpoints | |
| CN105873059A (en) | United identity authentication method and system for power distribution communication wireless private network | |
| CN100544247C (en) | The negotiating safety capability method | |
| CN101540679B (en) | Method for acquiring WLAN authentication and privacy infrastructure certificate and system thereof | |
| CN103546891A (en) | Method for authenticating identities of wireless network access points and equipment | |
| CN108270717B (en) | VoIP communication method, equipment and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100040, 9 floor, Ruida building, No. 74 Lu Gu Road, Beijing, Shijingshan District. M902 Applicant after: Beijing Hufu Technology Co., Ltd. Address before: 100041, building 3, building 3, No. 4074, West well road, Badachu hi tech park, Beijing, Shijingshan District Applicant before: Beijing Hufu Technology Co., Ltd. |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110921 |