CN102271333B - Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission - Google Patents

Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission Download PDF

Info

Publication number
CN102271333B
CN102271333B CN201110225383.9A CN201110225383A CN102271333B CN 102271333 B CN102271333 B CN 102271333B CN 201110225383 A CN201110225383 A CN 201110225383A CN 102271333 B CN102271333 B CN 102271333B
Authority
CN
China
Prior art keywords
message
receiving
transmitting
terminal
receiving terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110225383.9A
Other languages
Chinese (zh)
Other versions
CN102271333A (en
Inventor
沈雨祥
胡爱群
刘宏马
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201110225383.9A priority Critical patent/CN102271333B/en
Publication of CN102271333A publication Critical patent/CN102271333A/en
Application granted granted Critical
Publication of CN102271333B publication Critical patent/CN102271333B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a safe receiving and dispatching method for 3G (3rd Generation) messages on the basis of trusted chain transmission. A trusted chain concept is used for realizing the safety from an operation system to an application program and finally to received and dispatched messages; the beginning of the trusted chain is a bottom-layer hardware resource TPM (Trusted Platform Module) module; the technology combining IBE (Identity Based Encryption) and AES (Advanced Encryption Standard) encryption and decryption methods is utilized to encrypt and decrypt messages; firstly, the HASH code of the message is generated; then, a conversion key is randomly generated to encrypt the message added with the HASH code; the conversion key is encrypted with the IBE method according to a receiver ID; the conversion key is randomly generated once the message is dispatched; and thus, a digital certificate is not considered to use. The safe receiving and dispatching method has good functional characteristics comprising instantaneity and safety as well as good openness.

Description

A kind of 3G message safety receiving/transmission method transmitting based on chain-of-trust
Technical field
The invention belongs to field of information security technology, propose a kind of message method of transmitting based on chain-of-trust, is a kind of 3G message safety receiving/transmission method transmitting based on chain-of-trust, communicating pair is sent to the mail and the note that receive and be encrypted, and realizes safe transmission.
Background technology
Along with the high speed development of Internet technology, the safety problem of network communication also becomes study hotspot in the last few years.For wireless communication system, information exchange is crossed electric wave at spacing wireless transmission, faces maximum security threat and is exactly information in transmitting procedure and may be intercepted and captured by third party.Therefore, the safety measure of the sending and receiving end of information just seems particularly important, and this kind of 3G message safety transceiver terminal meets user's demand.
Because wireless transmission channel is open, user cannot guarantee that channel is not ravesdropping, so can not rely on the safety of channel to carry out protection information.In order to ensure information security, suppose that invader can intercept and capture the content of transmitting in channel, but as long as just transmit the cipher-text information after encrypting when transmitting terminal sends, even if third party's intercepting and capturing obtain content in channel, also cannot obtain cleartext information.As shown in Figure 1, transmitting terminal and receiving terminal are held identical key to common Secure Communication Model, and for encryption and decryption information, but third party can receive information not have key just cannot decipher and obtain cleartext information.Under this pattern, key updating is faster, maintains secrecy just more reliable, and meanwhile, the distribution of key need to be carried out with renewal in an other escape way.This needs the resource outside occupying volume, and sometimes even need, by manual delivery key, also has unreliable part in fail safe.
Above-mentioned traditional Secure Communication Model requires the timely safe transfer session key of reliable passage, otherwise, can cause object recipient also cannot decipher and obtain expressly, such communication is nonsensical.Above-mentioned model does not have good solution to man-in-the-middle attack and Replay Attack yet in addition.
Summary of the invention
The problem to be solved in the present invention is: current wireless channel secure communication relies on the key synchronization of receiving-transmitting sides and upgrades, and need the communication resource outside occupying volume to carry out transmission security key, require the timely safe transfer session key of reliable passage, the safety and reliability of transmission of messages cannot guarantee.
Technical scheme of the present invention is: a kind of 3G message safety receiving/transmission method transmitting based on chain-of-trust, described chain-of-trust is information receiving and transmitting link, the starting point that the credible platform module TPM of take is chain-of-trust, message sending end is provided with message and sends application program, receiving terminal is provided with message sink application program, the receiving terminal of transmitting terminal is equipped with TPM and 3G module, and message transfers to receiving terminal by 3G mode by transmitting terminal, after transmitting terminal powers on, TPM carries out system power on to transmitting terminal, message is sent to application program launching integrality and security inspection, message to be sent sends application program by message and automatically calculates HASH code, after described HASH code is attached to expressly, conduct sends message together with expressly, employing is based on identity ciphering IBE technology, according to the ID of receiving terminal, calculate receiving terminal PKI, by AES cryptographic algorithm, to sending message, be encrypted simultaneously, and with the session key using in described public key encryption AES cryptographic algorithm, after session key after encryption is attached to the ciphertext that sends message, obtain E (K pu, K s) || hash (m) || E (K sm||T) ciphertext form, 3G module by transmitting terminal sends, the 3G module resource of the message sink application call receiving terminal of receiving terminal carries out the transparent reception of message, and according to the session key of IBE private key deciphering AES cryptographic algorithm corresponding to receiving terminal self ID, then utilize session key to sending the decrypt ciphertext of message, according to the plaintext decrypting and HASH code comparison test message integrity, finally realize the complete transmission of chain-of-trust and the transparent safety transmitting-receiving of message.
Further, after sending message, add timestamp, timestamp is encrypted transmission together with sending message.
The message of the present invention's transmission is mail or note, and receiving terminal ID corresponds to addresses of items of mail or phone number.
In order to solve the safe transmission problem of existing wireless communications, the inventive method can be received and dispatched safely the 3G message of note and mail, be compared to traditional mobile message sending method, its fail safe is embodied in two aspects: (1) has utilized the unified safety protection technique of mobile network-oriented, guarantees the fail safe of information receiving and transmitting terminal self by credible platform module TPM; (2) utilize encryption technology IBE (the Identity Based Encryption) encrypted session key based on identity, and this key is encrypted message for AES method, IBE cryptographic algorithm does not need key distribution center or certificate, is well suited for the form of message that note, mail etc. cannot carry out two-way authentication.The present invention is the innovation and application in information receiving and transmitting field to prior arts such as TPM and IBE, AES enciphering and deciphering algorithms.
For each module the present invention, there is unique design.Briefly, utilizing TPM trusted module to detect in the fail safe of transmitting terminal and receiving terminal, the present invention utilizes existing credible platform module TPM, to allowing the application software of approval to carry out abstract extraction, obtain its HASH code, and this HASH code is latching in the middle of TPM module, each like this powering on while moving, as long as the software HASH value extracted by contrast of the present invention and deposit HASH value, just can learn whether software was modified, guaranteed the fail safe of transceiver terminal self.For the encryption of the information of transmission, the present invention does not adopt traditional synchronous simple public, private key encryption method, but has adopted a kind of IBE algorithm for encryption information based on authentication, can avoid like this operation of encryption key distribution, thus the fail safe of the information of lifting.Aspect ciphertext tranmission techniques, the present invention adopts MC703 in conjunction with AT instruction, to realize the transmission of note ciphertext; When mail ciphertext transmits, mainly realize Mail Transfer Agent (MTA) and Mail User Agent (MUA). because the configuration of Sendmail is very complicated, the present invention replaces it to realize the function of MTA with MSMTP and MUTT, these two parts have the code of increasing income, after cross compile, for the MUA on upper strata provides the interface calling, just completed the transmitting-receiving of mail.Finally in order to facilitate user, the present invention has designed personalized user friendly type application interface, and the message that non-white list user sends and the repetition message receiving in short-term are fallen in automatic fitration.
The present invention innovates on the basis of existing credible platform module TPM, makes full use of hardware bottom layer trusted module TPM and to the resource of abundant safety provided by the invention, realizes the safe and secret effect of upper layer application.Can find out the trusted module TPM that comes from terminal equipment due to the resource for encrypting, and the function of the owned power-on self-test of terminal guarantees the safety of source self, thereby entered a fail safe that the resource that provides has been provided.
Because terminal of the present invention possesses transmission-receiving function simultaneously, so the framework of receiving terminal is identical with transmitting terminal.In the process of receipt message, terminal also will be carried out power-on self-test operation, unique be not both receiving course to the processing and utilizing of information IBE decryption information.
Beneficial effect of the present invention: the present invention receives for the transmission of the message such as mail and note, there is good functional characteristic: 1) real-time: use the IBE cryptographic algorithm based on identity to carry out the encryption of session key, utilize object receiving terminal identity as IBE PKI, and session key itself is random, produce, without carrying out in advance the distribution of key on another one passage, do not need to carry out in advance loaded down with trivial details repeatedly mutual two-way authentication, thereby increased real-time yet; 2) fail safe: because the identity ID of receiving terminal is unique, can prevent man-in-the-middle attack, add timestamp and can resist Replay Attack after sending message; 3) enciphering and deciphering algorithm of the present invention adopts IBE, AES, session secret key generating module can customize according to application scenarios, encryption/decryption speed depends on encryption and decryption implementation, algorithm, random number obtain and the realization of encryption and decryption can be selected to adjust as required, have strengthened the opening of this safe receiving/transmission method.
Accompanying drawing explanation
Fig. 1 is conventional security traffic model.
Fig. 2 is terminal system structure chart of the present invention.
Fig. 3 is the architecture of trusted end-user mechanism of the present invention.
Fig. 4 is the flow chart of the inventive method.
Fig. 5 is the concrete invoked procedure of application checks of the present invention.
Fig. 6 is the local software indentification protocol of the embodiment of the present invention.
Fig. 7 is system model of the present invention.
Fig. 8 is the integrated bottom hardware figure of the present invention.
Embodiment
The present invention utilizes TPM module to carry out the check of application program, need to send message be encrypted user, then by 3G module, send, recipient by decrypt messages and according to deciphering whether successfully etc. state selectively message is presented to recipient.
Concrete module and job step that the present invention comprises are as follows:
The flow chart of whole method as shown in Figure 4, is introduced the concrete steps of each flow process below in detail:
1.TMP architecture and programmed check:
As shown in Figure 3, what the figure shows is the system configuration after trusted operating system kernel is by checking normal startup in the design of trusted end-user mechanism.
In Fig. 3, four functional blocks are respectively TPM module (TPM), kernel spacing (Kernel Space), user's space (user space) and server (server).
Kernel spacing (Kernel Space) comprises data (Data), program (programs), kernel code (kernel code).With user's space mutual be to drive (char driver for security application) for the character of safety applications.With TPM module mutual be that tpm drives (TPM driver), by USB, drives (USB driver) realization between the two.By integrated authentication control module (IVCM), call sys_execve () function and control the application program (applications) in user's space simultaneously.
Sockets interface (socketinterface) in user's space (User Space) and the security service supplier (SSP) in server communicate, and SSP communicates by the Internet (Internet) and fail-safe software provider (SWP) again.
Trusted mechanism system in Fig. 3 is mainly comprised of TPM module, kernel spacing, user's space and four parts of server.TPM carries out hardware by USB with mobile terminal and is connected.Kernel spacing, corresponding to trusted operating system kernel, comprises that TPM drives, and drives and be responsible for the function code of verification Application program security towards the character type of security service application program.In user's space, comprise other a large number of users program, and be responsible for to control and trigger security protocol flow process and with the security service application program of SSP server communication.Kernel spacing and user's space have formed mobile terminal applied environment jointly.
After system integrity verification is passed through, system control is handed to linux kernel, and chain-of-trust is delivered to operating system.Operating system will be carried out credible control by security module.In progressively starting the process of dynamic Service program and application program, security module can be measured program code execution by the flow process of Fig. 4 the startup of each program.
In upper figure, in dotted line frame, represent the linux kernel that tradition is unmodified, TPM is reliable hardware module, and Measurement Agent can be understood as associated drives etc.Whether cursor arrow represents the flow process of program,, when an application program will start, first will be calculated by credible authentication module the hash code of operation code, then by Agent, by TPM, compare it and conform to certificate record.TPM utilizes PCR to record comparative result simultaneously, generates safety message after being convenient to.
The key that realizes above function is the triggering of integrity checking Integrity Challenge step in figure, and obvious unsafe software is the initiatively inspection to self to operating system application not.So need to add the rigid mechanism of start-up check in linux kernel, requiring all programs to be activated before all must be through checking again.
In linux system, a new program is carried out in sys execve system call.And when specific implementation, credible authentication module can have two kinds of methods to insert verifying application programs legitimacy.Be directly to revise a system call kernel code, another kind is to realize by the Hook Function of Linux security module LSM (Linux Security Modules) by the existing security mechanism of Linux.
Revising system call code comes the method for verifying application programs legitimacy as follows:
Process.c file be in some basic linux programming for the specific implementation of process operation, as produced subprocess, carry out subprocess etc.
In kernel source program, sys_execve realizes in process.c source file, and because the implementation procedure of system call is relevant with hardware, so the sys_execve under different framework realizes, has some differences.But its major function is all to carry out translation and the inspection of user's space transmission of information.After inspection is errorless, sys_execve can call do_execve method, carries out the required job step of doing of concrete application program launching.And do_execve method is irrelevant with hardware structure, so should insert the partial code that ensures that chain-of-trust is transmitted in the method.
In do_execve method, system can check the legitimacy of start-up routine file and authority etc. again.And then realize the resource distribution of new procedures and guide the functions such as startup.And after integrity verification code should be inserted in the file format and scope check that do_execve acquiescence carries out, and position before resource is distributed.Call shal algorithmic code wish startup application program is carried out to integrality calculating, do_shal method can pass to TPM by TPM driver by result of calculation and carry out security inspection, then echo check result.If return to safety, do not interfere the normal startup of program, otherwise the mistake of dishing out before starting as this application assigned address space and memory source, thus stopped the start-up course of this program.
In whole checking, the invoked procedure of each method as shown in Figure 5, has so just completed the verification before all application program launchings and has controlled its function that whether can start.
Application program is sent the request (execute new program request) of execution new procedures and then in the mode of subroutine call, is called step by step, and the integrality of check application program, finally returns to the answer that whether allows application program to carry out.(New?program?running?or?not).
Fig. 6 is local software indentification protocol.Kernel (kernel) first sends key inspection request to TPM module, TPM " return " key" inspection response, and kernel is reported this response to terminal (MT) again.
Terminal inner verifying software legitimacy.
1. kernel kernel captures software startup, stops its operation, obtains software document name soft.name, and this software is done to HASH obtains software HASH value soft.HASH, by its package.
Kernel sends software verification information to TPM:
KT_SOFT_CHK_HEAD|soft.hash
2. TPM receives the software verification information of kernel Kernel, and according to software HASH value, soft.HASH carries out revene lookup to this software in database.If be verified, TPM generates the result flag_soft.
TPM sends software verification result to Kernel:
TK_SOFT_CHK_REZ|flag_soft
3. kernel Kernel receives the software verification result of TPM, if the result is safety, kernel Kernel allows this running software, otherwise forbids this software startup.
Kernel Kernel sends software verification result to MT:
KM_SOFT_CHK_REZ|soft.name|flag_soft
Just because of TPM, can provide so abundant secure resources, so the present invention makes full use of its local software measuring ability, complete terminal self testing, utilize the resources such as random number of its generation further to complete the IBE algorithm for encryption information based on identity.
2. the encryption and decryption of message:
It is the significant process that IBE algorithm is realized that parameter is set up, and this algorithmic procedure is divided into four parts, is respectively setup, extract, encrypt, decrypt.Be responsible for respectively the foundation of system parameters, cipher key-extraction, plain text encryption, decrypt ciphertext function.
First IBE technology is described below, describes the performing step of IBE method in the present invention herein, irrelevant with concrete message, each parameter, label are criterion numeral formal name used at school word or the term in IBE technology, are known technology.
Step 1: select prime P, the super unusual elliptic curve E/GF (P) that looks for a full WDH to suppose safely, the g rank subgroup G of E/GF (p), the generator P of G, bilinear map
Figure BDA0000081660130000061
Step2: get at random calculate P pub=sP.
Step3: select hash function H1:{0,1}* → E/GF (p), H2:GF (p 2) → { 0,1} n, expressly space is M={0,1} n, the cryptogram space is C=E/GF (p) * { 0,1} n.Output system common parameter is π = { p , e ^ , n , P , P pub , H 1 , H 2 , } , , s ∈ Z q * For master key Master Key.
Extract: to given character string Id ∈ { 0,1} *generate key
Step4: calculate Q id=H1 (Id) ∈ E/GF (p).
Step5: getting key is K id=(Q id) s.
Encrypt: original text m ∈ M and PKI Id are encrypted
Step6: calculate Q id=H1 (Id) ∈ E/GF (p).
Step7: get at random the ciphertext of encrypting is: c = < rP , m &CirclePlus; H 2 ( g &prime; Id ) > , Wherein
g Id = e ^ ( Q Id , P pub ) &Element; GF ( p 2 ) .
Decrypt: establish c=<U, V> is that ciphertext is decrypted
Step8: application key K id∈ E/GF (p), calculates original text
Figure BDA0000081660130000072
The transmitting-receiving of mail of take is example:
1), the TPM of transmitting terminal uses Secure Hash Algorithm SHA-1 to generate the expressly HASH code of m, be attached to expressly after;
2), an AES key K of the random generation of the TPM of transmitting terminal sas session key, use this session key to carry out AES cryptographic algorithm, encrypting plaintext and HASH code, obtain sending the ciphertext of message;
3), adopt IBE technology, transmitting terminal calculates receiving terminal PKI K according to receiving terminal addresses of items of mail pu, then use PKI K puencrypted session key K s, and the session key after encryption is attached to after the ciphertext that sends message, after sending message, add timestamp, time stamp T is encrypted transmission together with sending message, obtains E (K pu, K s) || hash (m) || E (K s, ciphertext form m||T);
4), by E (K pu, K s) || hash (m) || E (K s, m||T) by 3G mode, send;
5), after receiving terminal receipt message, the IBE private key Kpr corresponding according to self ID solves session key Ks, then utilize session key Ks to decrypt m expressly and be attached to expressly after HASH code, check HASH is errorless to be received, otherwise deletes mail;
In the send and receive of above-mentioned mail, use msmtp to combine and build Mail Clients with mutt.
Mail send and receive scheme is above used IBE as public key cryptography scheme, and utilize public key distribution traditional secrete key, the functions such as common required secret, complete, resisting denying have been realized, particularly it should be noted that, such scheme is the scheme of real one-time pad, and session key produces at random at every turn and has the other side's public key encryption.And can new private key of regeneration when occurring that private key is lost, and can once key is lost, can not cause object recipient also cannot decipher and obtain plaintext as prior art, so the present invention is a kind of email encryption scheme very likely.
3. information wireless transmit-receive technology:
Mail transmission/reception implementation
Mainly realize Mail Transfer Agent (MTA) and Mail User Agent (MUA). because the configuration of Sendmail is very complicated, the present invention replaces it to realize the function of MTA with MSMTP and MUTT, these two parts have the code of increasing income, after cross compile, for the MUA on upper strata provides the interface calling, just completed the transmitting-receiving of mail.
In MUA on upper strata with Qtopia exploitation, utilize fork () function to create the new process of transmitting-receiving.
Above-mentioned note and the transmitting-receiving of the bottom of mail and higher layer applications realize by file mode.Take note as example, and the application program on upper strata is stored in number and the short message content of user's input respectively in specific file, after IBE encrypts, obtains the short message content of encryption, stores in file equally.In bottom transceiver module, as long as read out the content after number and encryption from these files, add in the AT instruction that needs to send.
Short message receiving-transmitting implementation
In hardware, ARM9 is connected with the Uart interface that 3G module MC703 provides by hardware.Now serial communication only needs three lines, i.e. TXD, RXD and ground wire.ARM, as controller, sends AT instruction to 3G module and completes the operation of transmission note to control it.Generally first the present invention can send AT in use, obtains OK response, guarantees to connect and sets up completely.
Concrete steps are:
1, note memory and note thereof are set and receive the mechanism reporting.
2, send addressee's number and short message content.
3, obtain note and send the sign successfully returning.
Receiving note concrete steps is:
1, according to the note of setting, receive the mechanism reporting, the prompting while obtaining corresponding new message arrival.
2, send the order of short message reading.
3, short message reading content is deleted it after storage from storage container.Code is as follows: (boldface letter represents the response of 3G module)
AT+CPMS=" ME ", " ME ", " ME " // selection note memory
Figure BDA0000081660130000081
AT+CNMI=1,1,0,1,0 // note is set receive the mechanism reporting
Figure BDA0000081660130000082
AT^HCMGS=" telephone number " // send addressee's number
> message content // transmission short message content
0x1A
Figure BDA0000081660130000084
// note sends successfully
While receiving note:
// prompting+CMTI while receiving new short message,
// note can autostore
AT^HCMGR=0 // the read note of corresponding sequence number
AT+CMGD=0 // deleting short message
Figure BDA0000081660130000092
4. application software and interface thereof:
Short message receiving-transmitting software and interface thereof
The present invention obtains executable file after the reception of note is sent to program cross compile, and is built in the middle of hardware, in the interface of design, adds call buttons key.Such as in the interface that sends short breath, interpolation " transmission " key is set, and by the executable file link of the executable file of this button and cryptographic operation, transmission note, after input content, click after this button, first input message content will be encrypted to ciphertext and send by AT instruction.
The present invention has utilized Qtopia developing platform and has designed inbox, outbox, draft and the classification group such as photos and sending messages case; Enter after concrete mailbox subpage frame, interface can show relevant sender/receiver and sending/receiving time.At each, consult interface and have and delete and reply key, carry out real-time operation after facilitating user to read information.Right-hand member at interface is provided with address list, and wherein classification has the classification groups such as whole contact persons, frequent contact, white list.Because this is only the interfacial effect figure that compiling simulates in computer, so the design of some personalizations can not embody completely.But in hardware material object of the present invention, the design of these personalizations has all obtained good displaying.
Mail transmission/reception software and interface thereof
Mail transmission/reception interface and short message receiving-transmitting interface are similar.Mail transmission/reception also needs inbox, the case of posting a letter, draft and these classification of mails of case of having posted a letter.Equally also need conventional contact person's column is set, comprise white list and blacklist setting.Different, in mail transmission/reception, can add and receive or send annex, this just need to add the upload and download function of annex on the basis at original short message receiving-transmitting interface.Design effect figure is as shown in Figure 8:
On the basis of hardware (Hardware), set up kernel spacing (Kernel space).The inside comprises kernel (kernel), system call interfaces (system call interface), security module (Secure Module), security strategy (Security Policy).User's space on it (User space) comprises GNU C storehouse, and strategy is realized (policy utilities), user space application (user space application)
Generally speaking, on the surface, the note of this 3G information receiving and transmitting terminal and the transmission-receiving function of mail are identical with the transmission-receiving function in existing computer cell phone, it is also very similar that user experiences interface, but maximum feature is that information receiving and transmitting terminal of the present invention has unique message encryption decipher function, exactly because this function has guaranteed to receive by this message terminal the fail safe of the note mail sending.
5. entire system hardware configuration:
The fail safe of 3G information receiving and transmitting terminal of the present invention is mainly reflected in host information safety and transmits two aspects of information security.The trusted mechanism that host information safety builds reaches the object of power-on self-test, thereby guarantees fail safe, and it is by adopting a kind of information encryption and authentication method based on user identity to realize that information transmits safety.The present invention is directed to these two features and set up system model as shown in Figure 7.
The needed most hardware resources of message terminal are all provided by bottom trusted module TPM.The LINUX operating system of using in terminal is supported by ARM module.In hardware of the present invention is made, these module integrations have been got up, concrete block diagram as shown in Figure 8.
6. case study on implementation and result:
TMP module, as chain-of-trust starting point, provides system power on, application program launching audit function, and TPM is also responsible for giving information, and the HASH relating in encryption and decryption generates, random number systematic function.Message sends application program and usings the interface of succinct operation interface (comprising message inputting interface) as user's operation, after user carries out message transmit operation, first call encryption function and realize the encryption based on IBE, AES (and adding HASH, timestamp) of message, thereby and then call background information transmission program and realize the operation of bottom 3G module is sent message.Decrypting process is contrary with said process.The form sending after Message Processing is E (K pu, K s) || hash (m) || E (K s, m||T).

Claims (3)

1. the 3G message safety receiving/transmission method transmitting based on chain-of-trust, it is characterized in that described chain-of-trust is information receiving and transmitting link, the starting point that the credible platform module TPM of take is chain-of-trust, message sending end is provided with message and sends application program, receiving terminal is provided with message sink application program, transmitting terminal and receiving terminal are equipped with TPM and 3G module, and message transfers to receiving terminal by 3G mode by transmitting terminal, after transmitting terminal powers on, TPM carries out system power on to transmitting terminal, message is sent to application program launching integrality and security inspection, message expressly sends application program by message and automatically calculates HASH code, after described HASH code is attached to expressly, conduct sends message together with expressly, employing is based on identity ciphering IBE technology, according to the ID of receiving terminal, calculate receiving terminal PKI, by AES cryptographic algorithm, to sending message, be encrypted simultaneously, and with the session key using in described public key encryption AES cryptographic algorithm, after session key after encryption is attached to the ciphertext that sends message, obtain E (K pu, K s) || hash (m) || E (K s, ciphertext form m||T), the 3G module by transmitting terminal sends, wherein K pufor receiving terminal PKI, K sfor session key, m is expressly, T is timestamp, the 3G module resource of the message sink application call receiving terminal of receiving terminal carries out the transparent reception of message, and according to the session key of IBE private key deciphering AES cryptographic algorithm corresponding to receiving terminal self ID, then utilize session key to sending the decrypt ciphertext of message, according to the plaintext decrypting and HASH code comparison test message integrity, finally realize the complete transmission of chain-of-trust and the transparent safety transmitting-receiving of message.
2. a kind of 3G message safety receiving/transmission method transmitting based on chain-of-trust according to claim 1, is characterized in that adding timestamp after sending message, and timestamp is encrypted transmission together with sending message.
3. a kind of 3G message safety receiving/transmission method transmitting based on chain-of-trust according to claim 1 and 2, is characterized in that the message of transmission is mail or note, and receiving terminal ID corresponds to addresses of items of mail or phone number.
CN201110225383.9A 2011-08-08 2011-08-08 Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission Expired - Fee Related CN102271333B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110225383.9A CN102271333B (en) 2011-08-08 2011-08-08 Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110225383.9A CN102271333B (en) 2011-08-08 2011-08-08 Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission

Publications (2)

Publication Number Publication Date
CN102271333A CN102271333A (en) 2011-12-07
CN102271333B true CN102271333B (en) 2014-04-16

Family

ID=45053463

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110225383.9A Expired - Fee Related CN102271333B (en) 2011-08-08 2011-08-08 Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission

Country Status (1)

Country Link
CN (1) CN102271333B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104202736A (en) * 2014-08-26 2014-12-10 东南大学常州研究院 Mobile terminal short message end-to-end encryption method oriented to Android system
CN106487765B (en) 2015-08-31 2021-10-29 索尼公司 Authorized access method and device using the same
CN105450395A (en) * 2015-12-30 2016-03-30 中科创达软件股份有限公司 Information encryption and decryption processing method and system
CN106355085B (en) * 2016-10-25 2020-03-10 公安部第三研究所 Trusted application operation safety control method
CN109246065A (en) * 2017-07-11 2019-01-18 阿里巴巴集团控股有限公司 Network Isolation method and apparatus and electronic equipment
CN107786562A (en) * 2017-11-01 2018-03-09 北京知道创宇信息技术有限公司 Data ciphering method, decryption method and device
CN108924086A (en) * 2018-05-28 2018-11-30 南瑞集团有限公司 A kind of host information acquisition method based on TSM Security Agent
CN109271804B (en) * 2018-08-09 2022-02-22 山东中孚安全技术有限公司 File auditing and protecting method based on Linux security module
CN109492378B (en) * 2018-11-26 2024-06-18 平安科技(深圳)有限公司 Identity verification method based on equipment identification code, server and medium
CN110598424B (en) * 2019-08-07 2021-11-19 王满 Data encryption-decryption system and method based on dynamic monitoring and analysis of cardiac function
CN113890730A (en) * 2021-09-23 2022-01-04 上海华兴数字科技有限公司 Data transmission method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101650764A (en) * 2009-09-04 2010-02-17 瑞达信息安全产业股份有限公司 Creditable calculation password platform and realization method thereof
CN102055760A (en) * 2009-10-30 2011-05-11 国际商业机器公司 Message sending/receiving method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101650764A (en) * 2009-09-04 2010-02-17 瑞达信息安全产业股份有限公司 Creditable calculation password platform and realization method thereof
CN102055760A (en) * 2009-10-30 2011-05-11 国际商业机器公司 Message sending/receiving method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Trusted Computing-Based Security Architecture For 4G Mobile Networks;YU ZHENG ET AL.;《Parallel and Distributed Computing, Applications and Technologies,2005.Sixth International Conference on》;20051230;251-255 *
YU ZHENG ET AL..Trusted Computing-Based Security Architecture For 4G Mobile Networks.《Parallel and Distributed Computing, Applications and Technologies,2005.Sixth International Conference on》.2005,251-255.
秦中元,胡爱群.可信计算系统及其研究现状.《计算机工程》.2006,第32卷(第14期),111-113. *

Also Published As

Publication number Publication date
CN102271333A (en) 2011-12-07

Similar Documents

Publication Publication Date Title
CN102271333B (en) Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission
CN109818749B (en) Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool
CN102006303B (en) Method and terminal for increasing data transmission safety by using multi-encryption method
CN106576043A (en) Virally distributable trusted messaging
CN102118381A (en) Safe mail system based on USBKEY (Universal Serial Bus Key) and mail encrypting-decrypting method
CN104253694A (en) Encrypting method for network data transmission
CN101572678A (en) Mail attachment transparent privacy control method
US9712519B2 (en) Efficient encryption, escrow and digital signatures
CN101964786A (en) Set-top box-based secure information transmission system and method
CN102170419A (en) A secure mail client system and a method thereof
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN113346995B (en) Method and system for preventing falsification in mail transmission process based on quantum security key
CN103905204A (en) Data transmission method and transmission system
CN102740239B (en) The method and system of secure transmission of media information
CN104424446A (en) Safety verification and transmission method and system
CN103078743B (en) E-mail IBE (Internet Booking Engine) encryption realizing method
CN102413064A (en) Browser control-based webmail signing encrypting method
CN103297230B (en) Information encipher-decipher method, Apparatus and system
CN102055685A (en) Method for encrypting webmail information
CN103973713A (en) Transfer method, extraction method and processing system for electronic mail information
CN105592431A (en) Short message encryption method based on iOS system mobile terminal
CN110166403A (en) A kind of safety method of key and ciphertext separated transmission
Orman Encrypted Email: The History and Technology of Message Privacy
JP4781896B2 (en) Encrypted message transmission / reception method, sender apparatus, receiver apparatus, key server, and encrypted message transmission / reception system
CN110061978A (en) Binary Cooperative Security client framework

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140416

Termination date: 20160808