CN103986579A - Data processing system for voice communication - Google Patents
Data processing system for voice communication Download PDFInfo
- Publication number
- CN103986579A CN103986579A CN201410208562.5A CN201410208562A CN103986579A CN 103986579 A CN103986579 A CN 103986579A CN 201410208562 A CN201410208562 A CN 201410208562A CN 103986579 A CN103986579 A CN 103986579A
- Authority
- CN
- China
- Prior art keywords
- call
- authorization code
- call terminal
- user
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
The invention provides a data processing system for voice communication. The data processing system for voice communication comprises a first output module, a second output module, a first safety chip, a first play module, a first prompt module, a first safety chip, a second safety chip, a second play module and a second prompt module. The first output module is used for outputting a first authorization code. The second output module is used for outputting a second authorization code. The first safety chip is used for receiving second encrypted data, decrypting the second encrypted data and obtaining second decrypted data. The first play module is used for playing the second decrypted data. The first prompt module is used for prompting confirmation on the second decrypted data. The first safety chip is further used for receiving a first confirmation instruction and starting the encryption and decryption operation. The second safety chip is used for receiving first encrypted data, decrypting the first encrypted data and obtaining first decrypted data. The second play module is used for playing the first encrypted data. The second prompt module is used for prompting confirmation on the first encrypted data. The second safety chip is further used for receiving a second confirmation instruction and starting the encryption and decryption operation.
Description
Technical field
The present invention relates to electronic technology field, relate in particular to a kind of data handling system of voice call.
Background technology
In prior art, there is monitored possibility in the voice call between user, and therefore current voice call exists security risk.For security risk, the mode of available technology adopting be call key by storing in the TF card on mobile phone to voice encryption, realize the protection to voice call.But in actual applications, if call terminal has been installed Malware, hacker can steal the call key in TF card by Malware, and then crack the voice messaging after encryption, the risk that causes the speech data of call terminal to leak, therefore how safety to carry out voice encryption operation be technical problem urgently to be resolved hurrily; In addition, in prior art voice call exist monitored may, therefore reduce voice call monitored may be technical problem urgently to be resolved hurrily equally.
Summary of the invention
The invention provides a kind of data handling system of voice call, main purpose is one of to solve the problems of the technologies described above.
The invention provides a kind of data handling system of voice call, this system comprises: the first safety chip, for generating the first negotiation information, and sends the first negotiation information to the first call terminal by the first communication interface; Wherein, the first safety chip is arranged in the first safety means, and the first safety means are connected with the first call terminal, and is independent of the first call terminal; The second safety chip, for generating the second negotiation information, and sends the second negotiation information to the second call terminal by second communication interface; Wherein, the second safety chip is arranged in the second safety means, and the second safety means are connected with the second call terminal, and is independent of the second call terminal; The first safety chip, the second negotiation information also sending for receive the first call terminal by the first communication interface; The second safety chip, the first negotiation information also sending for receive the second call terminal by second communication interface; The first safety chip, also, for the first negotiation information and the second negotiation information are calculated, obtains the first call key; Wherein, the first call key is for carrying out encryption and decryption operation to the user's of the first call terminal voice call; The second safety chip, also, for the first negotiation information and the second negotiation information are calculated, obtains the second call key; Wherein, the second call key is for carrying out encryption and decryption operation to the user's of the second call terminal voice call; The first output module, for exporting the first authorization code; Wherein, wherein the first authorization code is that the first safety chip generates according to the first call key, and the first output module is arranged in the first safety means, or, be arranged in the first call terminal; The first reminding module, reads aloud the first authorization code for prompting; Wherein, the first reminding module is arranged in the first safety means, or, be arranged in the first call terminal; The first safety chip, also, for obtaining the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information; Utilize the first call key to be encrypted the first acoustic information, obtain the first enciphered data, and send the first enciphered data by the first communication interface; The second output module, for exporting the second authorization code; Wherein, the second authorization code is that the second safety chip generates according to the second call key, and the second output module is arranged in the second safety means, or, be arranged in the second call terminal; The second reminding module, reads aloud the second authorization code for prompting; Wherein, the second reminding module is arranged in the second safety means, or, be arranged in the second call terminal; The second safety chip, also, for obtaining the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information; Utilize the second call key to be encrypted the second acoustic information, obtain the second enciphered data, and send the second enciphered data by second communication interface; The first safety chip, also for receiving after the second enciphered data by the first communication interface, utilizes the first call key to be decrypted the second enciphered data, obtains the second data decryption; The first playing module, for playing the second data decryption; Wherein, the first playing module is arranged in the first safety means, or, be arranged in the first call terminal; The first reminding module, also confirms the second data decryption playing out for pointing out according to the first authorization code; The first safety chip, also for after the second data decryption playing out being confirmed according to the first authorization code in the first reminding module prompting, if the first safety chip receives the first confirmation instruction, start and utilize the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; Or, in startup, utilize the first call key to carry out after encryption and decryption operation the user's of the first call terminal voice call, if the first safety chip receives the first confirmation instruction, utilize the first call key to proceed encryption and decryption operation to the user's of the first call terminal voice call; The second safety chip, also for receiving after the first enciphered data by second communication interface, utilizes the second call key to be decrypted the first enciphered data, obtains the first data decryption; The second playing module, for playing the first data decryption; Wherein, the second playing module is arranged in the second safety means, or, be arranged in the second call terminal; The second reminding module, also plays after the first data decryption for export the second authorization code and the second playing module at the second output module, and prompting is confirmed the first data decryption playing out according to the second authorization code; The second safety chip, also for after the first data decryption playing out being confirmed according to the second authorization code in the second reminding module prompting, if the second safety chip receives the second confirmation instruction, start and utilize the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call; Or, in startup, utilize the second call key to carry out after encryption and decryption operation the user's of the second call terminal voice call, if the second safety chip receives the second confirmation instruction, utilize the second call key to proceed encryption and decryption operation to the user's of the second call terminal voice call.
In addition, the first output module, specifically for converting the first authorization code to acoustic information, obtains the acoustic information of the first authorization code, and plays the acoustic information of the first authorization code; Or, show the first authorization code.
In addition, the second output module, specifically for converting the second authorization code to acoustic information, obtains the acoustic information of the second authorization code, and plays the acoustic information of the second authorization code; Or, show the second authorization code.
In addition, the first safety chip, also when the user's of the first call terminal voice call being detected at the first safety chip and finish, deletes the first call key; And/or the second safety chip, also when the user's of the second call terminal voice call being detected at the second safety chip and finish, deletes the second call key.
In addition, this system also comprises: the first voice acquisition module, for gathering the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information, and send first sound message breath; Wherein, the first voice acquisition module is arranged in the first safety means, or, be arranged in the first call terminal; The first safety chip, the first acoustic information sending specifically for obtaining the first voice acquisition module.
In addition, this system also comprises: the second voice acquisition module, for gathering the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information, and send rising tone message breath; Wherein, the second voice acquisition module is arranged in the second safety means, or, be arranged in the second call terminal; The second safety chip, the second acoustic information sending specifically for obtaining the second voice acquisition module.
In addition, the length of the first authorization code is less than the length of the first call key, and/or the length of the second authorization code is less than the length of the second call key.
In addition, the first authorization code is for unique identification the first call key, and/or the second authorization code is for unique identification the second call key.
In addition, the first reminding module, specifically for prompting, to whether the authorization code in the second data decryption and the first authorization code be consistent, confirm, and in the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms; Wherein, first confirms that instruction is consistent with the first authorization code for confirming the authorization code in the second data decryption, and the sound characteristic instruction consistent with the user's of the second call terminal sound characteristic of reading aloud authorization code in the second data decryption.
In addition, the second reminding module, specifically for prompting, to whether the authorization code in the first data decryption and the second authorization code be consistent, confirm, and in the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms; Wherein, second confirms that instruction is consistent with the second authorization code for confirming the authorization code in the first data decryption, and the sound characteristic instruction consistent with the user's of the first call terminal sound characteristic of reading aloud authorization code in the first data decryption.
That the mode generating on TF card is compared with the key of conversing in prior art, system embodiment provided by the invention generates call key by being independent of on the safety means of call terminal, reduced in voice encryption process by malware attacks on call terminal may; And be generated by the safety chip in safety means, the high security based on safety chip, has reduced the possibility of call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in safety chip inside, with call key, encrypt, the key that makes to converse is called at a security context, guarantees the safe handling of call key.
In voice encryption communication process, safety means are by playing the data decryption from call opposite end, prompting is confirmed the data decryption playing out according to authorization code, the confirmation of realization to the identity information of call opposite end, whether someone monitors to make user determine this call, improved and in voice call, identified the success rate that the 3rd people monitors, thereby reduce the monitored possibility of voice call, and when user determines that this voice call exists the 3rd people to monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of transfer of data in voice call.
Further, on safety means, play the data decryption from call opposite end, reduced the attack of Malware on call terminal, guaranteed voice call safety.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the structural representation of the data handling system of voice call provided by the invention;
Fig. 2 is the schematic diagram of the first subsystem of the embodiment of the present invention one;
Fig. 3 is the another kind of schematic diagram of the first subsystem of the embodiment of the present invention one;
Fig. 4 is the schematic diagram of the second subsystem of the embodiment of the present invention one;
Fig. 5 is the another kind of schematic diagram of the second subsystem of the embodiment of the present invention one.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment mono-
Fig. 1 is the structural representation of the data handling system embodiment of a kind of voice call provided by the invention.In system shown in Figure 1, the first safety means are connected with the first call terminal by the first communication interface, and the first call terminal is connected with the second call terminal by communication network, and the second call terminal is connected with the second safety means by second communication interface.Wherein, the first safety chip is arranged in the first safety means, and the second safety chip is arranged in the second safety means.Structure based on system shown in Figure 1, provides following embodiment to elaborate to system shown in Figure 1 below, and this system comprises:
The first safety chip, for generating the first negotiation information, and sends the first negotiation information to the first call terminal by the first communication interface; Wherein, the first safety chip is arranged in the first safety means, and the first safety means are connected with the first call terminal, and is independent of the first call terminal;
The second safety chip, for generating the second negotiation information, and sends the second negotiation information to the second call terminal by second communication interface; Wherein, the second safety chip is arranged in the second safety means, and the second safety means are connected with the second call terminal, and is independent of the second call terminal;
The first safety chip, the second negotiation information also sending for receive the first call terminal by the first communication interface;
The second safety chip, the first negotiation information also sending for receive the second call terminal by second communication interface;
The first safety chip, also, for the first negotiation information and the second negotiation information are calculated, obtains the first call key; Wherein, the first call key is for carrying out encryption and decryption operation to the user's of the first call terminal voice call;
The second safety chip, also, for the first negotiation information and the second negotiation information are calculated, obtains the second call key; Wherein, the second call key is for carrying out encryption and decryption operation to the user's of the second call terminal voice call;
The first output module, for exporting the first authorization code; Wherein, wherein the first authorization code is that the first safety chip generates according to the first call key, and the first output module is arranged in the first safety means, or, be arranged in the first call terminal;
The first reminding module, reads aloud the first authorization code for prompting; Wherein, the first reminding module is arranged in the first safety means, or, be arranged in the first call terminal;
The first safety chip, also, for obtaining the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information; Utilize the first call key to be encrypted the first acoustic information, obtain the first enciphered data, and send the first enciphered data by the first communication interface;
The second output module, for exporting the second authorization code; Wherein, the second authorization code is that the second safety chip generates according to the second call key, and the second output module is arranged in the second safety means, or, be arranged in the second call terminal;
The second reminding module, reads aloud the second authorization code for prompting; Wherein, the second reminding module is arranged in the second safety means, or, be arranged in the second call terminal;
The second safety chip, also, for obtaining the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information; Utilize the second call key to be encrypted the second acoustic information, obtain the second enciphered data, and send the second enciphered data by second communication interface;
The first safety chip, also for receiving after the second enciphered data by the first communication interface, utilizes the first call key to be decrypted the second enciphered data, obtains the second data decryption;
The first playing module, for playing the second data decryption; Wherein, the first playing module is arranged in the first safety means, or, be arranged in the first call terminal;
The first reminding module, also confirms the second data decryption playing out for pointing out according to the first authorization code;
The first safety chip, also for after the second data decryption playing out being confirmed according to the first authorization code in the first reminding module prompting, if the first safety chip receives the first confirmation instruction, start and utilize the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; Or, in startup, utilize the first call key to carry out after encryption and decryption operation the user's of the first call terminal voice call, if the first safety chip receives the first confirmation instruction, utilize the first call key to proceed encryption and decryption operation to the user's of the first call terminal voice call;
The second safety chip, also for receiving after the first enciphered data by second communication interface, utilizes the second call key to be decrypted the first enciphered data, obtains the first data decryption;
The second playing module, for playing the first data decryption; Wherein, the second playing module is arranged in the second safety means, or, be arranged in the second call terminal;
The second reminding module, also plays after the first data decryption for export the second authorization code and the second playing module at the second output module, and prompting is confirmed the first data decryption playing out according to the second authorization code;
The second safety chip, also for after the first data decryption playing out being confirmed according to the second authorization code in the second reminding module prompting, if the second safety chip receives the second confirmation instruction, start and utilize the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call; Or, in startup, utilize the second call key to carry out after encryption and decryption operation the user's of the second call terminal voice call, if the second safety chip receives the second confirmation instruction, utilize the second call key to proceed encryption and decryption operation to the user's of the second call terminal voice call.
Wherein, the first reminding module, specifically for prompting, to whether the authorization code in the second data decryption and the first authorization code be consistent, confirm, and in the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms; First confirms that instruction is consistent with the first authorization code for confirming the authorization code in the second data decryption, and the sound characteristic instruction consistent with the user's of the second call terminal sound characteristic of reading aloud authorization code in the second data decryption.
Wherein, the second reminding module, specifically for prompting, to whether the authorization code in the first data decryption and the second authorization code be consistent, confirm, and in the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms; Second confirms that instruction is consistent with the second authorization code for confirming the authorization code in the first data decryption, and the sound characteristic instruction consistent with the user's of the first call terminal sound characteristic of reading aloud authorization code in the first data decryption.
That the mode generating on TF card is compared with the key of conversing in prior art, system embodiment provided by the invention generates call key by being independent of on the safety means of call terminal, reduced in voice encryption process by malware attacks on call terminal may; And be generated by the safety chip in safety means, the high security based on safety chip, has reduced the possibility of call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in safety chip inside, with call key, encrypt, the key that makes to converse is called at a security context, guarantees the safe handling of call key.
In voice encryption communication process, safety means are by playing the data decryption from call opposite end, prompting is confirmed the data decryption playing out according to authorization code, the confirmation of realization to the identity information of call opposite end, whether someone monitors to make user determine this call, improved and in voice call, identified the success rate that the 3rd people monitors, thereby reduce the monitored possibility of voice call, and when user determines that this voice call exists the 3rd people to monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of transfer of data in voice call.
Further, on safety means, play the data decryption from call opposite end, reduced the attack of Malware on call terminal, guaranteed voice call safety.
Above to describe based on system shown in Figure 1, with user's the angle of the first call terminal and the user's of the second call terminal angle, corresponding module and the second call terminal one side corresponding module in system in system of the first call terminal one side in the system of embodiment mono-is described further:
For ease of describing, below the first call terminal one side structure that corresponding module forms in system is called to the first subsystem, the second call terminal one side structure that corresponding module forms in system is called to the second subsystem.
First
The first subsystem in the system of embodiment mono-is described:
One, the first safety means and the first call terminal are described:
The first safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, be integrated in wearable device; Certainly, the first safety means can be also the intelligent cipher key equipments that intelligent cipher key equipment USB Key, the intelligent cipher key equipment of supporting audio interface with USB interface, the intelligent cipher key equipment with function of Bluetooth communication etc. can communicate with call terminal, or, be integrated in the intelligent cipher key equipment that can communicate with call terminal.With respect to the first call terminal, the first safety means are autonomous devices, are not integrated on the first call terminal.
The first communication interface can be wireless connections interface, can be also wired connection interface.If the first communication interface is wireless connections interface, in the first safety means, be built-in with wireless communication module, can be Wi-Fi module, Wi-Fi Direct module, NFC module, bluetooth module or infrared module, for example the first safety means are bluetooth earphone; If the first communication interface is wired connection interface, the first safety means can have data line, and the interface of data line can be audio interface or USB interface, and for example the first safety means are line control earphone.Certainly, the first safety means also can have two kinds of functions of wireless connections and wired connection simultaneously, and the first safety means are built-in with wireless communication module, and are externally connected to data line.
If be built-in with wireless communication module in the first safety means, the first safety means can be connected with the first call terminal by wireless connections; If the first communication interface is wired connection interface, the first safety means can be connected with the first call terminal by wired connection.
Wherein, the first call terminal is the terminal with voice call ability, can be traditional verbal system, as landline telephone and cell phone, can be also the terminal with function of network phone, as PC, notebook computer and panel computer etc.
Two, the first negotiation information and the second negotiation information are described:
The first negotiation information is that the first safety chip in the first safety means generates, with in prior art, by the first call terminal itself, carry out key agreement and compare, the first safety means that utilization is independent of the first call terminal complete negotiation, reduced key agreement operation by malware attacks in the first call terminal may, and the first safety chip in the first safety means to generate the first negotiation information more safe and reliable.
The first safety chip, after generating the first negotiation information, sends to the first call terminal by the first communication interface, and the first call terminal sends to the second call terminal by communication network.
The second negotiation information be by the first call terminal after receiving the second negotiation information that the second call terminal sends, by the first communication interface, send to the first safety chip.
The first safety chip sends the operation of the first negotiation information and receives operating on execution sequence of the second negotiation information does not have obvious precedence relationship, can carry out simultaneously, can successively carry out according to order yet.Wherein, the parameter information particular content in the first negotiation information and the second negotiation information can arrange with reference to cipher key agreement algorithm of the prior art, for example, and cipher key agreement algorithm ZRTP.
Three, the first call key is described:
The first call cipher key calculation can be obtained referring to the account form of cipher key agreement algorithm of the prior art, for example, and ZRTP.Wherein, the first call key can be kept in the first safety chip, to guarantee the storage security of the first call key;
For the first call key, the first safety chip in the first safety means is after obtaining the first call key, can use the first call key to guarantee the safety of voice call between the first safety means and the second safety means, be equivalent to, on voice call basis in the prior art, between the first safety means and the second safety means, set up voice encryption passage.
Wherein, voice encryption passage provided by the invention is the passage being based upon between the first safety means and the second safety means, for the first safety means, voice encryption passage has passed through the first safety means, the first verbal system, the second verbal system and the second safety means, system configuration shown in Figure 1 successively.This shows, voice encryption passage of the present invention is based upon between safety means, therefore, at the first call terminal and the second call terminal, in call, set up to the whole process of end of conversation, the first call terminal and the second call terminal play the effect of transparent data, reduce the possibility of malware attacks on call terminal, improved the safety of transfer of data.
The first safety chip, after also finishing for the voice call the user of the first call terminal being detected, deletes the first call key.
After end of conversation, the first safety chip destroy the first call key that this voice call used and can reduce by the first call key and be stolen after by irrational utilization may, guarantee the security of operation of the first safety chip, equally effectively utilized the memory space of the first safety chip.
Four, the first output module and the first reminding module are described:
1, the first output module being exported to the prompting of the first authorization code and the first reminding module reads aloud and describes the first authorization code:
The first output module, specifically for converting the first authorization code to acoustic information, obtains the acoustic information of the first authorization code, and plays the acoustic information of the first authorization code; Or, show the first authorization code.
Wherein, the first output module can be the module with playing function, for example, and loud speaker or loudspeaker.
The first safety chip sends to the first voice conversion module by the digital signal of the first authorization code, the first voice conversion module converts the digital signal of the first authorization code to acoustic information, obtain the acoustic information of the first authorization code, and the acoustic information of the first authorization code is sent to the first output module, the first output module is play the acoustic information of the first authorization code.Wherein, the first voice conversion module is arranged in the first safety means, or, be arranged in the first call terminal.
By the first authorization code is changed, obtain the acoustic information of the first authorization code, by playing the acoustic information of the first authorization code, reach the object of output the first authorization code.
Certainly, the first output module can also be the module with Presentation Function, for example display screen.
The first safety chip sends to the first output module by the digital signal of the first authorization code, and the first output module shows the first authorization code.
By showing the first authorization code, reach the object of output the first authorization code.
Wherein, the first reminding module can be the module with playing function, for example, and loud speaker or loudspeaker; Can also be the module with Presentation Function, for example display screen.The first reminding module and the first output module are same modules physically, also can be two modules independently, and during for two modules independently, can all be arranged in the first safety means at the first reminding module and the first output module, or in the first call terminal; Also can one of them be arranged in the first safety means, another is arranged in the first call terminal.
Wherein, the first reminding module prompting is read aloud and can be exported the first authorization code with the first output module and carry out simultaneously the first authorization code, for example, output " please read aloud authorization code XXX ", wherein, XXX represents the content of the first authorization code.Wherein the way of output can adopt broadcast mode or display mode.
Certainly, the first reminding module prompting is read aloud and can be exported the first authorization code with the first output module and separate and carry out the first authorization code, for example, first export the information of " please read aloud authorization code ", export again the information of " authorization code is XXX ", or, first export the information of " authorization code is XXX ", then export the information of " please read aloud authorization code ".Wherein the way of output of above-mentioned two information can adopt broadcast mode or display mode to export, and wherein the way of output of above-mentioned two information can be identical, also can be different.
On the first call terminal the first output module of comparing is exported the information that the first authorization code and/or the prompting of the first reminding module are read aloud the first authorization code, on the first safety means, the first authorization code exported by the first output module and/or the first reminding module is pointed out the information that the first authorization code is read aloud, can reduce the possibility of malware attacks on the first call terminal, improve the safety of transfer of data.
Wherein, the length of the first authorization code is less than the length of the first call key, and for unique identification the first call key.
When the first reminding module prompting is read aloud the first authorization code, because the content of reading aloud is the first authorization code, not the first call key itself, has reduced lawless person and when user reads aloud, has stolen the possible of the first call key; In addition, the first authorization code generates according to the first call key, and can unique identification the first call key, so whether communicating pair consistent by the content of comparison authorization code, determines that whether the call key that communicating pair uses consistent; Because the figure place of the first call key is longer, the first call key handling is become to the first authorization code, make the length of the first authorization code short compared with the length of the first call key, reduce the content that user reads aloud, user-friendly.
The explanation of the step of 2, the first reminding module prompting being confirmed the second data decryption playing out according to the first authorization code:
The implementation that the first reminding module prompting is confirmed the second data decryption playing out according to the first authorization code is similar to the implementation that the first reminding module prompting is read aloud the first authorization code, repeats no more herein.
Five, the first safety chip being obtained to the first acoustic information describes:
The first safety chip obtains the first acoustic information following two kinds of modes:
Mode A: system also comprises: the first voice acquisition module, for gathering the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information, and send first sound message breath; Wherein, the first voice acquisition module is arranged in the first safety means;
The first safety chip, specifically for obtaining the first acoustic information that on the first safety means, the first voice acquisition module sends.
In mode A, the first voice acquisition module can be Mike, gather to the first authorization code read aloud result time, adopt the first voice acquisition module on the first safety means to gather, can reduce the possibility of malware attacks on the first call terminal, guarantee the fail safe of data acquisition.For example, when the first safety means are bluetooth earphone, can directly utilize the Mike of bluetooth earphone to reading aloud result collection.
Mode B: system also comprises: the first voice acquisition module, for gathering the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information, and send first sound message breath; Wherein, the first voice acquisition module is arranged in the first call terminal;
The first safety chip, specifically for receiving the first acoustic information that on the first call terminal, the first voice acquisition module sends by the first communication interface.
Utilize the existing Mike of the first call terminal to realize reading aloud the collection of result, it is convenient to realize, and without realizing reading aloud obtaining of result the hardware modification of the first safety means, has reduced the hardware cost of the first safety means.
Wherein, the sound of user being read aloud to the first authorization code gathers, and obtains the first acoustic information, is actually two parts information that collects, one is the content of the first authorization code of the first safety means output, and another one is to read aloud the user's of the first authorization code sound characteristic.
Wherein the sound characteristic in this first acoustic information is the user of the first call terminal this user's self while directly reading aloud this first authorization code sound characteristic, identifies the content sources of the first authorization code in this first acoustic information in the user of the first call terminal; It not the sound characteristic that the sounding effect by the user of this first call terminal of speech simulation software simulation obtains.
The sound characteristic that the sound characteristic going out due to speech simulation software simulation obtains while directly reading aloud with user is different, therefore when playing above-mentioned two sound characteristics, listener can be according to entrained customized informations such as tone color, tone and the tone of two sound characteristics etc., whether be the user's of real first call terminal sound, thereby identify the acoustic information that carries authorization code, whether come from the first call terminal if identifying.
Six, the first safety chip encryption and decryption operation is described:
1, the first safety chip becomes the implementation of the first enciphered data as follows first sound message encryption for information:
The first voice acquisition module sends to the first voice conversion module by the first acoustic information, the first voice conversion module is processed into digital signal by the first acoustic information, obtain data to be verified, and data to be verified are sent to the first safety chip, the first safety chip utilizes the first call key to treat verification msg and is encrypted, obtain the first enciphered data, and send the first enciphered data by the first communication interface.
Wherein, the effect of the first voice conversion module converts analog signal to digital signal, makes the first acoustic information to carry out transfer of data at voice encryption passage.Wherein, the first voice acquisition module and the first voice conversion module are same modules physically, also can be two modules independently, and in the first voice acquisition module and the first voice conversion module during for two modules independently, can all be arranged in the first safety means, or in the first call terminal; Also can one of them be arranged in the first safety means, another is arranged in the first call terminal.
Certainly, if the communication network between the first call terminal and the second call terminal is supported the direct transmission of analog signal, the first acoustic information is being processed in the process of the first enciphered data, this system does not comprise the first voice conversion module.
Wherein, the first safety chip is sending after the first enciphered data by the first communication interface, and the first call terminal receives the first enciphered data by the first communication interface, and sends to the second call terminal by communication network.
2, the implementation that the first safety means are processed into the second data decryption broadcasting by the second enciphered data is as follows:
If the second enciphered data is digital signal, the first safety chip utilizes the first call key to be decrypted the second enciphered data, obtains the second data decryption; The first safety chip sends the second data decryption to the first voice conversion module, the first voice conversion module converts the second data decryption to acoustic information, obtain the transformation result of the second data decryption, and the transformation result of the second data decryption is sent to the first playing module, the first playing module is play the transformation result of the second data decryption;
If the second enciphered data is analog signal, the first safety chip utilizes the first call key to be decrypted the second enciphered data, obtain the second data decryption, the second data decryption is sent to the first playing module, the first playing module is play the second data decryption.
Wherein, the second enciphered data is by communication network, to send to the first call terminal by the second call terminal, and by the first communication interface, sends to the first safety chip by the first call terminal.
Wherein, the first playing module is play the second data decryption and the first output module and is exported between the first authorization code and there is no obvious sequencing, can carry out simultaneously, also can successively carry out according to order.
Seven, the first safety chip being carried out to encryption and decryption operation to voice call describes:
From to utilize the first call key to be encrypted by the first call terminal in prior art different, the main body of carrying out cryptographic operation in the present invention is the first safety chip.By the first safety chip, voice call is encrypted, can reduces the possibility of malware attacks on the first call terminal, improved the safety of transfer of data.
And the first safety chip utilizes the first call key self producing to be encrypted the voice messaging obtaining, and has improved call safety.Specifically:
(1) executive agent of voice encryption is the first safety chip, because the first safety chip is inner at the first safety means, the first safety means are independent of the first call terminal, have reduced in voice encryption process by the possibility of malware attacks on the first call terminal; In addition, the processor of earphone in the prior art of comparing, the executive agent that carries out voice encryption in the present invention in the first safety means is the first safety chip, because the computing that voice are encrypted and are deciphered completes in the first safety chip inside, just, by encrypted result and decrypted result output, avoided data to be cracked, therefore, processor more of the prior art, the voice encryption intensity of the first safety chip is higher.
(2) the first call key that voice encryption is used is that the first safety chip produces, and it is inner that the first safety chip is kept at the first safety chip by the first call key, the possibility that has reduced by the first call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in the first safety chip inside, with the first call key, encrypt, it is called at a security context making the first call key, guarantees the safe handling of the first call key.
(3) cryptographic object is the first voice acquisition module collection on the first safety means.The present invention utilizes the first safety means to carry out voice collecting, and the first safety means are independent of the first call terminal, has reduced in voice collecting process by the possibility of malware attacks on the first call terminal.
As seen from the above, when voice encryption, whole cryptographic operation is all completed by the first safety means, without the equipment with outside, carries out alternately, having guaranteed the fail safe of cryptographic operation.
Certainly, the voice that the first safety means are encrypted also can be gathered by the first call terminal, and obtain by the first communication interface the voice that collect.
In summary it can be seen, in the system of embodiment mono-, the first subsystem at least comprises as lower module: the first safety chip, the first output module, the first reminding module, the first playing module and the first voice acquisition module.
The first output module can be for having the module of broadcasting or Presentation Function, and the first reminding module also can be for having the module of broadcasting or Presentation Function, and the first playing module is the module with playing function.
If the first output module and the first reminding module are all used playing function, the function of the first output module and the first reminding module can be completed by the first playing module, therefore the first output module and the first reminding module are not necessary module in the first subsystem of embodiment mono-, it is optional module, the first subsystem that is embodiment mono-at least comprises as lower module: the first safety chip, the first playing module and the first voice acquisition module, the hardware that wherein the first playing module is corresponding can be loudspeaker or loud speaker, the first voice acquisition module can be Mike.Because the first playing module and the first voice acquisition module all can be arranged in the first safety means, or, the first playing module and the first voice acquisition module are all arranged in the first call terminal, can also one of them module be arranged in the first safety means, another one module is arranged in the first call terminal, so the structure of the first subsystem of embodiment mono-can have following several realization:
S1: the first safety means comprise the first safety chip; The first call terminal comprises the first playing module and the first voice acquisition module; Concrete system configuration shown in Figure 2.Fig. 2 is the schematic diagram of the first subsystem of the embodiment of the present invention one.The first subsystem shown in this Fig. 2 can directly utilize the Mike of the first call terminal and loudspeaker to complete when realizing, and without the hardware of the first safety means and the first call terminal is done to any change, hardware cost is lower, realizes simple.
S2: the first safety means comprise the first safety chip, the first playing module and the first voice acquisition module; Concrete system configuration shown in Figure 3.Fig. 3 is the another kind of schematic diagram of the first subsystem of the embodiment of the present invention one.Shown in this Fig. 3, the first subsystem is when realizing, due to gather the first call terminal user voice and to play the second data decryption be all to carry out being independent of on the first safety means of the first call terminal, reduced the attack of Malware on the first call terminal, the fail safe that has improved data;
S3: the first safety means comprise the first safety chip and the first playing module; The first call terminal comprises the first voice acquisition module.
S4: the first safety means comprise the first safety chip and the first voice acquisition module; The first call terminal comprises the first playing module.
If at least one uses Presentation Function in the first output module and the first reminding module, using the module of Presentation Function is essential at the first subsystem of embodiment mono-, and not using the module of Presentation Function is optional at the first subsystem of embodiment mono-.For example, the first reminding module is used Presentation Function, in the first subsystem of embodiment mono-, at least comprises the first safety chip, the first reminding module, the first playing module and the first voice acquisition module; The first output module and the first reminding module are all used Presentation Function, in the first subsystem of embodiment mono-, at least comprise the first safety chip, the first output module, the first reminding module, the first playing module and the first voice acquisition module.
That the mode generating on TF card is compared with the key of conversing in prior art, the first subsystem that the embodiment of the present invention one provides generates the first call key by being independent of on the safety means of the first call terminal, reduced in voice encryption process by malware attacks on the first call terminal may; And be generated by the first safety chip in the first safety means, the high security based on the first safety chip, has reduced the possibility of the first call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in the first safety chip inside, with the first call key, encrypt, it is called at a security context making the first call key, guarantees the safe handling of the first call key.
In addition, in voice encryption communication process, the first safety means are by playing the second data decryption from the second call terminal, prompting is confirmed the second data decryption playing out according to the first authorization code, the confirmation of realization to the identity information of the second call terminal, whether someone monitors to make user determine this call, improved and in voice call, identified the success rate that the 3rd people monitors, thereby reduce the monitored possibility of voice call, and when user determines that this voice call exists the 3rd people to monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of transfer of data in voice call.
Further, on the first safety means, play the second data decryption from the second call terminal, reduced the attack of Malware on the first call terminal, guaranteed voice call safety.
Second portion
The second subsystem in embodiment mono-is described:
One, the second safety means and the second call terminal are described:
Wherein, the second safety chip, after generating the second negotiation information, sends to the second call terminal by second communication interface, and the second call terminal sends to the first call terminal by communication network.
Wherein, the second safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, be integrated in wearable device, certainly, the second safety means can be also the intelligent cipher key equipments that intelligent cipher key equipment USB Key, the intelligent cipher key equipment of supporting audio interface with USB interface, the intelligent cipher key equipment with function of Bluetooth communication etc. can communicate with call terminal, or, be integrated in the intelligent cipher key equipment that can communicate with call terminal; With respect to the second call terminal, the second safety means are autonomous devices, are not integrated on the second call terminal.
Wherein, second communication interface can be wireless connections interface, can be also wired connection interface.If second communication interface is wireless connections interface, in the second safety means, be built-in with wireless communication module, can be Wi-Fi module, Wi-Fi Direct module, NFC module, bluetooth module or infrared module, for example the second safety means are bluetooth earphone; If second communication interface is wired connection interface, the second safety means can have data line, and the interface of data line can be audio interface or USB interface, and for example the second safety means are line control earphone.Certainly, the second safety means also can have two kinds of functions of wireless connections and wired connection simultaneously, and the second safety means are built-in with wireless communication module, and are externally connected to data line.
If be built-in with wireless communication module in the second safety means, the second safety means can be connected with the second call terminal by wireless connections; If second communication interface is wired connection interface, the second safety means can be connected with the second call terminal by wired connection.
Wherein, the second call terminal is the terminal with voice call ability, can be traditional verbal system, as landline telephone and cell phone, can be also the terminal with function of network phone, as PC, notebook computer and panel computer etc.
Two, the first negotiation information and the second negotiation information are described:
The second negotiation information is that the second safety chip in the second safety means generates, with in prior art, by the second call terminal itself, carry out key agreement and compare, the second safety means that utilization is independent of the second call terminal complete negotiation, reduced key agreement operation by malware attacks in the second call terminal may, and the second safety chip in the second safety means to generate the second negotiation information more safe and reliable.
The first negotiation information be by the second call terminal after receiving the first negotiation information that the first call terminal sends, by second communication interface, send to the second safety chip.
The second safety chip sends the operation of the second negotiation information and receives operating on execution sequence of the first negotiation information does not have obvious precedence relationship, can carry out simultaneously, can successively carry out according to order yet.Wherein, the parameter information particular content in the first negotiation information and the second negotiation information can arrange with reference to cipher key agreement algorithm of the prior art, for example, and cipher key agreement algorithm ZRTP.
Three, the second call key is described:
The second call cipher key calculation can be obtained referring to the account form of cipher key agreement algorithm of the prior art, for example, and ZRTP.Wherein, the second call key can be kept in the second safety chip, to guarantee the storage security of the second call key;
For the second call key, the second safety chip in the second safety means is after obtaining the second call key, can use the second call key to guarantee the safety of voice call between the first safety means and the second safety means, be equivalent to, on voice call basis in the prior art, between the first safety means and the second safety means, set up voice encryption passage.
Wherein, voice encryption passage provided by the invention is the passage being based upon between the first safety means and the second safety means, for the second safety means, voice encryption passage has passed through the second safety means, the second verbal system, the first verbal system and the first safety means, system configuration shown in Figure 1 successively.This shows, voice encryption passage of the present invention is based upon between safety means, therefore, at the first call terminal and the second call terminal, in call, set up to the whole process of end of conversation, the first call terminal and the second call terminal play the effect of transparent data, reduce the possibility of malware attacks on call terminal, improved the safety of transfer of data.
The second safety chip, after also finishing for the voice call the user of the second call terminal being detected, deletes the second call key.
After end of conversation, the second safety chip destroy the second call key that this voice call used and can reduce by the second call key and be stolen after by irrational utilization may, guarantee the security of operation of the second safety chip, equally effectively utilized the memory space of the second safety chip.
Four, the second output module and the second reminding module are described:
1, the second output module being exported to the prompting of the second authorization code and the second reminding module reads aloud and describes the second authorization code:
The second output module, specifically for converting the second authorization code to acoustic information, obtains the acoustic information of the second authorization code, and plays the acoustic information of the second authorization code; Or, show the second authorization code.
Wherein, the second output module can be the module with playing function, for example, and loud speaker or loudspeaker.
The second safety chip sends to the second voice conversion module by the digital signal of the second authorization code, the second voice conversion module converts the digital signal of the second authorization code to acoustic information, obtain the acoustic information of the second authorization code, and the acoustic information of the second authorization code is sent to the second output module, the second output module is play the acoustic information of the second authorization code.Wherein, the second voice conversion module is arranged in the second safety means, or, be arranged in the second call terminal.
By the second authorization code is changed, obtain the acoustic information of the second authorization code, by playing the acoustic information of the second authorization code, reach the object of output the second authorization code.
Certainly, the second output module can also be the module with Presentation Function, for example display screen.
The second safety chip sends to the second output module by the digital signal of the second authorization code, and the second output module shows the second authorization code.
By showing the second authorization code, reach the object of output the second authorization code.
At the second output module, export after the second authorization code, the second reminding module and the second safety chip will be carried out following operation:
The second reminding module, for after output the second authorization code, prompting is read aloud the second authorization code;
The second safety chip, also, for obtaining the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information; Utilize the second call key to be encrypted the second acoustic information, obtain the second enciphered data, and send the second enciphered data by second communication interface.
Wherein, the second reminding module can be the module with playing function, for example, and loud speaker or loudspeaker; Can also be the module with Presentation Function, for example display screen.The second reminding module and the second output module can be same modules physically, also can be two modules independently, and during for two modules independently, can all be arranged in the second safety means at the second reminding module and the second output module, or in the second call terminal; Also can one of them be arranged in the second safety means, another is arranged in the second call terminal.
Wherein, the second reminding module prompting is read aloud and can be exported the second authorization code with the second output module and carry out simultaneously the second authorization code, for example, output " please read aloud authorization code XXX ", wherein, XXX represents the content of the second authorization code.Wherein the way of output can adopt broadcast mode or display mode.
Certainly, the second reminding module prompting is read aloud and can be exported the second authorization code with the second output module and separate and carry out the second authorization code, for example, first export the information of " please read aloud authorization code ", export again the information of " authorization code is XXX ", or, first export the information of " authorization code is XXX ", then export the information of " please read aloud authorization code ".Wherein the way of output of above-mentioned two information can adopt broadcast mode or display mode to export, and wherein the way of output of above-mentioned two information can be identical, also can be different.
On the second call terminal the second output module of comparing is exported the information that the second authorization code and/or the prompting of the second reminding module are read aloud the second authorization code, on the second safety means, the second authorization code exported by the second output module and/or the second reminding module is pointed out the information that the second authorization code is read aloud, can reduce the possibility of malware attacks on the second call terminal, improve the safety of transfer of data.
Wherein, the length of the second authorization code is less than the length of the second call key, and for unique identification the second call key.
When the second reminding module prompting is read aloud the second authorization code, because the content of reading aloud is the second authorization code, not the second call key itself, has reduced lawless person and when user reads aloud, has stolen the possible of the second call key; In addition, the second authorization code generates according to the second call key, and can unique identification the second call key, so whether communicating pair consistent by the content of comparison authorization code, determines that whether the call key that communicating pair uses consistent; Because the figure place of the second call key is longer, the second call key handling is become to the second authorization code, make the length of the second authorization code short compared with the length of the second call key, reduce the content that user reads aloud, user-friendly.
2, the second reminding module prompting is confirmed to describe to the first data decryption playing out according to the second authorization code:
So the second reminding module, specifically for prompting, to whether the authorization code in the first data decryption and the second authorization code be consistent, confirm, and in the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms;
Wherein, second confirms that instruction is consistent with the second authorization code for confirming the authorization code in the first data decryption, and the sound characteristic instruction consistent with the user's of the first call terminal sound characteristic of reading aloud authorization code in the first data decryption.
In like manner, the implementation that the second reminding module prompting is confirmed the first data decryption playing out according to the second authorization code is similar to the implementation that the second reminding module prompting is read aloud the second authorization code, repeats no more herein.
Five, the second safety chip being obtained to the second acoustic information describes:
The second safety chip obtains the second acoustic information following two kinds of modes:
Mode A: system also comprises: the second voice acquisition module, for gathering the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information, and send rising tone message breath; Wherein, the second voice acquisition module is arranged in the second safety means;
The second safety chip, specifically for obtaining the second acoustic information that on the second safety means, the second voice acquisition module sends.
In mode A, the second voice acquisition module can be Mike, gather to the second authorization code read aloud result time, adopt the second voice acquisition module on the second safety means to gather, can reduce the possibility of malware attacks on the second call terminal, guarantee the fail safe of data acquisition.For example, when the second safety means are bluetooth earphone, can directly utilize the Mike of bluetooth earphone to reading aloud result collection.
Mode B: system also comprises: the second voice acquisition module, for gathering the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information, and send rising tone message breath; Wherein, the second voice acquisition module is arranged in the second call terminal;
The second safety chip, specifically for receiving the second acoustic information that on the second call terminal, the second voice acquisition module sends by second communication interface.
Utilize the existing Mike of the second call terminal to realize reading aloud the collection of result, it is convenient to realize, and without realizing reading aloud obtaining of result the hardware modification of the second safety means, has reduced the hardware cost of the second safety means.
Wherein, the sound of user being read aloud to the second authorization code gathers, and obtains the second acoustic information, is actually two parts information that collects, one is the content of the second authorization code of the second safety means output, and another one is to read aloud the user's of the second authorization code sound characteristic.
Wherein the sound characteristic in this second acoustic information is the user of the second call terminal this user's self while directly reading aloud this second authorization code sound characteristic, identifies the content sources of the second authorization code in this second acoustic information in the user of the second call terminal; It not the sound characteristic that the sounding effect by the user of this second call terminal of speech simulation software simulation obtains.
The sound characteristic that the sound characteristic going out due to speech simulation software simulation obtains while directly reading aloud with user is different, therefore when playing above-mentioned two sound characteristics, listener can be according to entrained customized informations such as tone color, tone and the tone of two sound characteristics etc., whether be the user's of real second call terminal sound, thereby identify the acoustic information that carries authorization code, whether come from the second call terminal if identifying.
Six, the second safety chip encryption and decryption operation is described:
1, the second safety chip becomes the implementation of the second enciphered data as follows rising tone message encryption for information:
The second voice acquisition module sends to the second voice conversion module by the second acoustic information, the second voice conversion module is processed into digital signal by the second acoustic information, obtain data to be verified, and data to be verified are sent to the second safety chip, the second safety chip utilizes the second call key to treat verification msg and is encrypted, obtain the second enciphered data, and send the second enciphered data by second communication interface.
Wherein, the effect of the second voice conversion module converts analog signal to digital signal, makes the second acoustic information to carry out transfer of data at voice encryption passage.Wherein, the second voice acquisition module and the second voice conversion module are same modules physically, also can be two modules independently, and in the second voice acquisition module and the second voice conversion module during for two modules independently, can all be arranged in the second safety means, or in the second call terminal; Also can one of them be arranged in the second safety means, another is arranged in the second call terminal.
Certainly, if the communication network between the second call terminal and the first call terminal is supported the direct transmission of analog signal, the second acoustic information is being processed in the process of the second enciphered data, this system does not comprise the second voice conversion module.
Wherein, the second safety chip is sending after the second enciphered data by second communication interface, and the second call terminal receives the second enciphered data by second communication interface, and sends to the first call terminal by communication network.
2, the implementation that the second safety means are processed into the first data decryption broadcasting by the first enciphered data is as follows:
If the first enciphered data is digital signal, the second safety chip utilizes the second call key to be decrypted the first enciphered data, obtains the first data decryption; The second safety chip sends the first data decryption to the second voice conversion module, the second voice conversion module converts the first data decryption to acoustic information, obtain the transformation result of the first data decryption, and the transformation result of the first data decryption is sent to the second playing module, the second playing module is play the transformation result of the first data decryption;
If the first enciphered data is analog signal, the second safety chip utilizes the second call key to be decrypted the first enciphered data, obtain the first data decryption, the first data decryption is sent to the second playing module, the second playing module is play the first data decryption.
Wherein, the first enciphered data is by communication network, to send to the second call terminal by the first call terminal, and by second communication interface, sends to the second safety chip by the second call terminal.
Wherein, the second playing module is play the first data decryption and the second output module and is exported between the second authorization code and there is no obvious sequencing, can carry out simultaneously, also can successively carry out according to order.
Seven, the second safety chip being carried out to encryption and decryption operation to voice call describes:
From to utilize the second call key to be encrypted by the second call terminal in prior art different, the main body of carrying out cryptographic operation in the present invention is the second safety chip.By the second safety chip, voice call is encrypted, can reduces the possibility of malware attacks on the second call terminal, improved the safety of transfer of data.
And the second safety chip utilizes the second call key self producing to be encrypted the voice messaging obtaining, and has improved call safety.Specifically:
(1) executive agent of voice encryption is the second safety chip, because the second safety chip is inner at the second safety means, the second safety means are independent of the second call terminal, have reduced in voice encryption process by the possibility of malware attacks on the second call terminal; In addition, the processor of earphone in the prior art of comparing, the executive agent that carries out voice encryption in the present invention in the second safety means is the second safety chip, because the computing that voice are encrypted and are deciphered completes in the second safety chip inside, just, by encrypted result and decrypted result output, avoided data to be cracked, therefore, processor more of the prior art, the voice encryption intensity of the second safety chip is higher.
(2) the second call key that voice encryption is used is that the second safety chip produces, and it is inner that the second safety chip is kept at the second safety chip by the second call key, the possibility that has reduced by the second call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in the second safety chip inside, with the second call key, encrypt, it is called at a security context making the second call key, guarantees the safe handling of the second call key.
(3) cryptographic object is the second voice acquisition module collection on the second safety means.The present invention utilizes the second safety means to carry out voice collecting, and the second safety means are independent of the second call terminal, has reduced in voice collecting process by the possibility of malware attacks on the second call terminal.
As seen from the above, when voice encryption, whole cryptographic operation is all completed by the second safety means, without the equipment with outside, carries out alternately, having guaranteed the fail safe of cryptographic operation.
Certainly, the voice that the second safety means are encrypted also can be gathered by the second call terminal, and obtain by second communication interface the voice that collect.
In summary it can be seen, the second subsystem in embodiment mono-at least comprises as lower module: the second safety chip, the second output module, the second reminding module, the second playing module and the second voice acquisition module.
The second output module can be for having the module of broadcasting or Presentation Function, and the second reminding module also can be for having the module of broadcasting or Presentation Function, and the second playing module is the module with playing function.
If the second output module and the second reminding module are all used playing function, the function of the second output module and the second reminding module can be completed by the second playing module, therefore in the second output module and second subsystem of the second reminding module in embodiment mono-, be not necessary module, it is optional module, be that the second subsystem in embodiment mono-at least comprises as lower module: the second safety chip, the second playing module and the second voice acquisition module, the hardware that wherein the second playing module is corresponding can be loudspeaker or loud speaker, the second voice acquisition module can be Mike.Because the second playing module and the second voice acquisition module all can be arranged in the second safety means, or, the second playing module and the second voice acquisition module are all arranged in the second call terminal, can also one of them module be arranged in the second safety means, another one module is arranged in the second call terminal, so the structure of the second subsystem in embodiment mono-can have following several realization:
S1: the second safety means comprise the second safety chip; The second call terminal comprises the second playing module and the second voice acquisition module; Concrete system configuration shown in Figure 4.Fig. 4 is the schematic diagram of the second subsystem of the embodiment of the present invention one.The second subsystem shown in this Fig. 4 can directly utilize the Mike of the second call terminal and loudspeaker to complete when realizing, and without the hardware of the second safety means and the second call terminal is done to any change, hardware cost is lower, realizes simple.
S2: the second safety means comprise the second safety chip, the second playing module and the second voice acquisition module; Concrete system configuration shown in Figure 5.Fig. 5 is the another kind of schematic diagram of the second subsystem of the embodiment of the present invention one.Shown in this Fig. 5, the second subsystem is when realizing, due to gather the second call terminal user voice and to play the first data decryption be all to carry out being independent of on the second safety means of the second call terminal, reduced the attack of Malware on the second call terminal, the fail safe that has improved data;
S3: the second safety means comprise the second safety chip and the second playing module; The second call terminal comprises the second voice acquisition module.
S4: the second safety means comprise the second safety chip and the second voice acquisition module; The second call terminal comprises the second playing module.
If at least one uses Presentation Function in the second output module and the second reminding module, second subsystem of the module of using Presentation Function in embodiment mono-is essential, and second subsystem of the module of not using Presentation Function in embodiment mono-is optional.For example, the second reminding module is used Presentation Function, in the second subsystem in embodiment mono-, at least comprises the second safety chip, the second reminding module, the second playing module and the second voice acquisition module; The second output module and the second reminding module are all used Presentation Function, in the second subsystem in embodiment mono-, at least comprise the second safety chip, the second output module, the second reminding module, the second playing module and the second voice acquisition module.
That the mode generating on TF card is compared with the key of conversing in prior art, the second subsystem in the embodiment of the present invention one generates call key by being independent of on the safety means of the second call terminal, reduced in voice encryption process by malware attacks on call terminal may; And be generated by the second safety chip in the second safety means, the high security based on safety chip, has reduced the possibility of call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in the second safety chip inside, with call key, encrypt, the key that makes to converse is called at a security context, guarantees the safe handling of call key.
In addition, in voice encryption communication process, the second safety means are by playing the first data decryption from the first call terminal, prompting is confirmed the first data decryption playing out according to the second authorization code, the confirmation of realization to the identity information of the first call terminal, whether someone monitors to make user determine this call, improved and in voice call, identified the success rate that the 3rd people monitors, thereby reduce the monitored possibility of voice call, and when user determines that this voice call exists the 3rd people to monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of transfer of data in voice call.
Further, on the second safety means, play the first data decryption from the first call terminal, reduced the attack of Malware on the second call terminal, guaranteed voice call safety.
Because the obtain manner of the first confirmation instruction and reception all exist two kinds of situations opportunity, therefore in actual applications,, may there is following different application scenarios in the system providing based on embodiment mono-:
C1: the authorization code of the first safety chip in confirming the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; And, the authorization code of the second safety chip in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation;
C2: the authorization code of the second safety chip in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation, and send the second confirmation instruction to the first safety chip; The first safety chip, after receiving the second confirmation instruction, obtains the first confirmation instruction according to the second confirmation instruction, according to the first confirmation instruction, starts the user's of the first call terminal voice call is carried out to encryption and decryption operation;
C3: the first safety chip, after obtaining the first call key, starts the user's of the first call terminal voice call is carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, point out and confirm that the authorization code in the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation; And, the authorization code of the second safety chip in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation;
C4: the authorization code of the second safety chip in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation, and send the second confirmation instruction to the first safety chip; The first safety chip, after obtaining the first call key, starts the user's of the first call terminal voice call is carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, the first safety chip is after receiving the second confirmation instruction, according to the second confirmation instruction, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation;
C5: the authorization code of the first safety chip in confirming the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; And the second safety chip, after obtaining the second call key, starts the user's of the second call terminal voice call is carried out to encryption and decryption operation; In startup, the user's of the second call terminal voice call is carried out after encryption and decryption operation, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation;
C6: the second safety chip carries out after encryption and decryption operation the user's of the second call terminal voice call in startup, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation, and send the second confirmation instruction to the first safety chip; The first safety chip, after receiving the second confirmation instruction, obtains the first confirmation instruction according to the second confirmation instruction, according to the first confirmation instruction, starts the user's of the first call terminal voice call is carried out to encryption and decryption operation;
C7: the first safety chip, after obtaining the first call key, starts the user's of the first call terminal voice call is carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, point out and confirm that the authorization code in the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation; And, the second safety chip carries out after encryption and decryption operation the user's of the second call terminal voice call in startup, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation;
C8: the second safety chip carries out after encryption and decryption operation the user's of the second call terminal voice call in startup, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation, and send the second confirmation instruction to the first safety chip; The first safety chip, after obtaining the first call key, starts the user's of the first call terminal voice call is carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, the first safety chip is after receiving the second confirmation instruction, according to the second confirmation instruction, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation.
In the system of describing at embodiment mono-, the first safety chip is being confirmed the content and all consistent rear encryption and decryption operations of carrying out voice call of sound characteristic of reading aloud authorization code of authorization code, certainly, processing scheme when embodiment mono-also provides the first safety chip at least one is inconsistent in confirming the content of authorization code and reading aloud the sound characteristic of authorization code, specifically comprises:
When the user of the first call terminal judges that authorization code and the first authorization code in the second data decryption are inconsistent, and/or, the sound characteristic of reading aloud the sound characteristic of authorization code and the user of the second call terminal in the second data decryption is inconsistent, and the user of the first call terminal can finish this voice call on the first call terminal or the first safety means.
In like manner, in embodiment mono-the second safety chip the content of confirming authorization code with read aloud the sound characteristic of authorization code at least one processing scheme when inconsistent similar to the processing scheme of the first safety chip in embodiment mono-, there is identical operation, repeat no more herein.
Above described the first call key, the second call key, the first authorization code and the second authorization code are remarked additionally, specific as follows:
At the first call terminal and the second call terminal, do not exist under the prerequisite of the 3rd people's monitoring, the first call key is identical with the second call key.On the contrary, when the first call terminal and the second call terminal exist the 3rd people to monitor, the second call key that the first call key that the user of the first call terminal uses and the user of the second call terminal use is different.Why the first call key is different with the second call key, reason is: the first call key is that the first call terminal and the 3rd people's call terminal is consulted to obtain, the second call key is that the second call terminal and the 3rd people's call terminal is consulted to obtain, and is not that the first call terminal and the second call terminal are directly consulted to obtain.
At the first call terminal and the second call terminal, do not exist under the prerequisite of the 3rd people's monitoring, the first authorization code is identical with the second authorization code.On the contrary, when the first call terminal and the second call terminal exist the 3rd people to monitor, the second call key that the first call key that the user of the first call terminal uses and the user of the second call terminal use is different, therefore the first authorization code, generating according to the first call key is also different with the second authorization code generating according to the second call key.Whether user, by the comparison content of the first authorization code and the content of the second authorization code, can judge and exist the 3rd people to monitor.
The first safety chip utilizes the first call key to be decrypted the second enciphered data, obtain the second data decryption and be owing to not existing the 3rd people to monitor between the first call terminal and the second call terminal, the first call key and the second call key are identical, therefore can utilize the first call key to successfully being deciphered by the encrypted result after the second call secret key encryption.
But, although can utilize the first call key to successfully being deciphered by the encrypted result after the second call secret key encryption, whether but can not judge accordingly between the first call terminal and the second call terminal exists the 3rd people to monitor, reason is because the first call terminal and the second call terminal are while existing the 3rd people to monitor, the first call key that the first call terminal and the 3rd people's call terminal is consulted to obtain, the second call key that the second call terminal and the 3rd people's call terminal is consulted to obtain, the first call key is different with the second call key.The data that the 3rd people can send the first call terminal are utilized after the first call secret key decryption, re-using the second call key is encrypted, and send to the second call terminal, now the second call terminal still can be used the second call key to be successfully decrypted the enciphered data receiving, but now, at the first call terminal and the second call terminal, be to exist the 3rd people to monitor, therefore cannot be according to whether the enciphered data receiving is successfully deciphered and judged whether to exist the 3rd people to monitor.
For solving above-mentioned technological deficiency, in embodiment provided by the invention, introduced the concept of authorization code, and by authorization code is read aloud, and obtain and read aloud after result, and send the mode read aloud result and judge whether to exist the 3rd people to monitor, concrete implementation detail, referring to associated description above, further explains herein.
In the present embodiment, to the second data decryption, adopt the mode of playing to export to user, because include two parts information in the second data decryption, a part means the particular content of the authorization code that the second safety means of the second call terminal generate, another part means the user's of the second call terminal sound characteristic, by playing the second data decryption, can be so that the user of the first call terminal directly gets above-mentioned two parts information, and then, the user who makes the first call terminal on the one hand can be by judging the whether consistent authenticity of confirming the content of carrying in the second data decryption of authorization code in the second data decryption and the first authorization code, can in the second data decryption, read aloud the sound characteristic of authorization code and the whether consistent legitimacy of confirming the source of the second data decryption of the user's of the second call terminal sound characteristic by judging on the other hand, namely can judge and whether have the 3rd people.
And, if the mode of above-mentioned broadcasting the second data decryption is replaced to the mode that shows the second data decryption, the user of the first call terminal receives after the second data decryption, only can be by judging the whether consistent authenticity of confirming the content of carrying in the second data decryption of authorization code in the second data decryption and the first authorization code, and cannot confirm the legitimacy in the source of the second data decryption, namely cannot judge and whether have the 3rd people.
Owing to not existing under the prerequisite of the 3rd people's monitoring at the first call terminal and the second call terminal, the first authorization code and the second authorization code are identical, and the first authorization code can unique identification the first call key, the second authorization code can be unique sign the second call key, thereby, when judging the first authorization code, the user of the first call terminal when identical, can learn that the first call key and the second call key are identical with the second authorization code.
The concrete application scenarios of take below describes as example:
User A and user B carry out normal talking, do not exist while being monitored by third party, and the negotiation that user A and user B directly converse key, the key X that obtains conversing, the voice call between user A and user B also directly adopts call key X to carry out encryption and decryption.
Between user A and user B, carry out in communication process, if exist the 3rd people user C to monitor, user A and user B will consult call key with the 3rd people user C respectively, after negotiation completes, the call key that user C and user A consult to obtain is M, and the call key that user C and user B consult to obtain is N.At user A, send in the call voice process of user B, user C intercepts the call voice A that user A sends to user B, after use call key M deciphers call voice A, obtains expressly A, re-uses after call key N is encrypted plaintext A and sends to user B.Because can utilizing call key N to send ciphertext to user C, user B is decrypted, thereby user B can get the voice of user A, in like manner, at user B, send in the call voice process of user A, user C intercepts the call voice B that user B sends to user A, after using call key N to call voice B deciphering, obtain expressly B, re-use after call key M is encrypted plaintext B and send to user A.Because user A can utilize call key M to send ciphertext to user C, be decrypted, thereby user A can get the voice of user B.Because user A and user B all can get the voice of call opposite end, therefore, between user A and user B, can carry out voice call, but in fact the Correspondent Node user of user A and user B is user C, namely this call voice of user A and user B is monitored by user C.
Corresponding, when the system that adopts the embodiment of the present invention to provide is carried out voice call, if there is the monitoring of user C, the call key M that the safety means utilization of user A and the user C of Correspondent Node consult so, obtain an authorization code m, and read aloud authorization code m by user A, obtain audio files m, in audio files m, include the content of sound and the authorization code m of user A, after user C deciphers audio files m, utilize call key N to be encrypted and to issue user B audio files m, when user B hears after audio files m, hear it is the sound of user A, the source of clear and definite audio files m is user A, but the safety means of user B also can utilize the call password N consulting with the user C of Correspondent Node to obtain an authorization code n, the authorization code m that the audio files m that user B comparison is heard carries and the local authorization code n generating, find that authorization code m is not identical with authorization code n, can learn in this call exists the 3rd people to monitor.
Certainly, user C cracks and obtains audio files m, audio files is replaced to the audio files that comprises authorization code n (authorization code being generated by call key N), but because audio files is not to be read aloud by user A, the sound characteristic that does not comprise user A, audio files is called to audio files m ', and audio files m ' comprises the content of authorization code n and from the sound characteristic that is not user A; User B is after the audio files m ' hearing, can find that the middle authorization code of audio files m ' is exported with the safety means of oneself consistent, but the sound characteristic in audio files m ' is not the sound characteristic of user A, so user B just can determine that this exists the 3rd people to monitor in conversing.
This shows, audio files comprises the content of sound characteristic and the authorization code of reading aloud authorization code, makes user to judge in communication process whether have the 3rd people to monitor according to these two information, has guaranteed the safety of call.
The mode of key agreement based on ZRTP being obtained to call key and authorization code is below described further, and idiographic flow is as follows:
One, the generation of call key:
F1: the first safety means send Hello message to the second safety means, Hello message comprises user's the session identification ID1 of version number, key agreement type, key algorithm and the first call terminal of the ZRTP that the first safety means use; Wherein the key agreement type of ZRTP agreement comprises pre-shared model, media stream pattern and Diffie-Hellman (DH) pattern;
F2: the second safety means send the response message of Hello message to the first safety means;
F3: the second safety means send Hello message to the first safety means, Hello message comprises user's the session identification ID2 of version number, key agreement type, key algorithm and the second call terminal of the ZRTP that the second safety means use; Wherein the key agreement type of ZRTP agreement comprises pre-shared model, media stream pattern and Diffie-Hellman (DH) pattern;
F4: the first safety means send the response message of Hello message to the second safety means;
F5: the second safety means, after receiving the response message of Hello message, send to the first safety means key agreement type and the key algorithm that both sides support, this key agreement type of sentencing selection is that DH pattern is example;
F6, the first safety means send local the first function information generating to the second safety means, and wherein the first function information is a power function, and wherein power function can be g^x, x=svrmodp wherein, wherein svr represents respondent's secret value, and mod is for rounding algorithm, and p is integer;
F7, the second safety means send local the second function information generating to the first safety means, and wherein the second function information is also a power function, and wherein power function can be g^y, y=svimodp wherein, wherein svi represents promoter's secret value, and mod is for rounding algorithm, and p is integer;
Wherein, g^x is the first negotiation information mentioned above, and g^y is the second negotiation information mentioned above.
And in this example, the first safety chip, according to g^x and g^y, can obtain the first call key g^xy; , the second safety chip, according to g^x and g^y, can obtain the second call key g^xy.
F8, the first safety means send the first verification message to the second safety means, and the first check information is to obtaining after following information checking, comprising: whether this locality discloses the first call key, local the first call key etc. of whether destroying after call; The key that wherein verification is used obtains according to the first call key, specifically, the first call key g^xy, session identification ID1, session identification ID2 and a string character string are processed, obtained a key S0, wherein character string is one section of open character string for representation function; Key derivation algorithm in recycling ZRTP agreement is processed key S0, obtains the key calculating for verification; Wherein, key derivation algorithm can be hmac algorithm;
F9, the second safety means are after complete to the first verification message verification, to the first safety means, send the second verification message, the second verification message is to obtaining after following information checking, comprising: whether this locality discloses the second call key, local the second call key etc. of whether destroying after call; The key that wherein verification is used obtains according to the second call key, specifically, the second call key g^xy, session identification ID1, session identification ID2 and a string character string are processed, obtained a key S0, wherein character string is one section of open character string for representation function; Key derivation algorithm in recycling ZRTP agreement is processed key S0, obtains the key calculating for verification; Wherein, key derivation algorithm can be hmac algorithm;
F10, the first safety means, after the second verification message verification is completed, send acknowledge message to the second safety means, have completed key agreement.
Two: the producing method of authorization code:
This sentences the first safety means, and to generate the first authorization code be that example describes:
After obtaining key S0, utilize key derivation algorithm to process S0, obtain one section of character string M;
From character string M, get front 32 bits and obtain a string character string m;
To the character string m processing of encoding, character string m is encoded into visual character, using visual character as the first authorization code.
That the mode generating on TF card is compared with the key of conversing in prior art, system embodiment provided by the invention generates call key by being independent of on the safety means of call terminal, reduced in voice encryption process by malware attacks on call terminal may; And be generated by the safety chip in safety means, the high security based on safety chip, has reduced the possibility of call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in safety chip inside, with call key, encrypt, the key that makes to converse is called at a security context, guarantees the safe handling of call key.
In voice encryption communication process, safety means are by playing the data decryption from call opposite end, prompting is confirmed the data decryption playing out according to authorization code, the confirmation of realization to the identity information of call opposite end, whether someone monitors to make user determine this call, improved and in voice call, identified the success rate that the 3rd people monitors, thereby reduce the monitored possibility of voice call, and when user determines that this voice call exists the 3rd people to monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of transfer of data in voice call.
Further, on safety means, play the data decryption from call opposite end, reduced the attack of Malware on call terminal, guaranteed voice call safety.
In flow chart or any process of otherwise describing at this or method describe and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of the step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in memory and by software or the firmware of suitable instruction execution system execution.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: have for data-signal being realized to the discrete logic of the logic gates of logic function, the application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, described program, when carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module usings that the form of software function module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of described embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or feature can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (10)
1. a data handling system for voice call, is characterized in that, described system comprises:
The first safety chip, for generating the first negotiation information, and sends described the first negotiation information to the first call terminal by the first communication interface; Wherein, the first safety chip is arranged in the first safety means, and described the first safety means are connected with described the first call terminal, and is independent of described the first call terminal;
The second safety chip, for generating the second negotiation information, and sends described the second negotiation information to described the second call terminal by second communication interface; Wherein, the second safety chip is arranged in the second safety means, and described the second safety means are connected with described the second call terminal, and is independent of described the second call terminal;
Described the first safety chip, described the second negotiation information also sending for receive described the first call terminal by described the first communication interface;
Described the second safety chip, described the first negotiation information also sending for receive described the second call terminal by described second communication interface;
Described the first safety chip, also, for described the first negotiation information and described the second negotiation information are calculated, obtains the first call key; Wherein, described the first call key is for carrying out encryption and decryption operation to the user's of described the first call terminal voice call;
Described the second safety chip, also, for described the first negotiation information and described the second negotiation information are calculated, obtains the second call key; Wherein, described the second call key is for carrying out encryption and decryption operation to the user's of described the second call terminal voice call;
The first output module, for exporting the first authorization code; Wherein, wherein said the first authorization code is that described the first safety chip generates according to described the first call key, and described the first output module is arranged in described the first safety means, or, be arranged in described the first call terminal;
The first reminding module, reads aloud described the first authorization code for prompting; Wherein, described the first reminding module is arranged in described the first safety means, or, be arranged in described the first call terminal;
Described the first safety chip, also, for obtaining the read aloud result of the user of described the first call terminal to described the first authorization code, obtains the first acoustic information; Utilize described the first call key to be encrypted described the first acoustic information, obtain the first enciphered data, and send described the first enciphered data by described the first communication interface;
The second output module, for exporting the second authorization code; Wherein, described the second authorization code is that described the second safety chip generates according to described the second call key, and described the second output module is arranged in described the second safety means, or, be arranged in described the second call terminal;
The second reminding module, reads aloud described the second authorization code for prompting; Wherein, described the second reminding module is arranged in described the second safety means, or, be arranged in described the second call terminal;
Described the second safety chip, also, for obtaining the read aloud result of the user of described the second call terminal to described the second authorization code, obtains the second acoustic information; Utilize described the second call key to be encrypted described the second acoustic information, obtain described the second enciphered data, and send described the second enciphered data by described second communication interface;
Described the first safety chip, also for receiving after described the second enciphered data by described the first communication interface, utilizes described the first call key to be decrypted described the second enciphered data, obtains described the second data decryption;
The first playing module, for playing described the second data decryption; Wherein, described the first playing module is arranged in described the first safety means, or, be arranged in described the first call terminal;
Described the first reminding module, also confirms described the second data decryption playing out for pointing out according to described the first authorization code;
Described the first safety chip, also for after described the second data decryption playing out being confirmed according to described the first authorization code in described the first reminding module prompting, if described the first safety chip receives the first confirmation instruction, start and utilize described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call; Or, in startup, utilize described the first call key to carry out after encryption and decryption operation the user's of described the first call terminal voice call, if described the first safety chip receives the first confirmation instruction, utilize described the first call key to proceed encryption and decryption operation to the user's of described the first call terminal voice call;
Described the second safety chip, also for receiving after described the first enciphered data by described second communication interface, utilizes described the second call key to be decrypted described the first enciphered data, obtains the first data decryption;
The second playing module, for playing described the first data decryption; Wherein, described the second playing module is arranged in described the second safety means, or, be arranged in described the second call terminal;
Described the second reminding module, also plays after described the first data decryption for export the second authorization code and described the second playing module at described the second output module, and prompting is confirmed described the first data decryption playing out according to described the second authorization code;
Described the second safety chip, also for after described the first data decryption playing out being confirmed according to described the second authorization code in described the second reminding module prompting, if described the second safety chip receives the second confirmation instruction, start and utilize described the second call key to carry out encryption and decryption operation to the user's of described the second call terminal voice call; Or, in startup, utilize described the second call key to carry out after encryption and decryption operation the user's of described the second call terminal voice call, if described the second safety chip receives the second confirmation instruction, utilize described the second call key to proceed encryption and decryption operation to the user's of described the second call terminal voice call.
2. system according to claim 1, is characterized in that,
Described the first output module, specifically for converting described the first authorization code to acoustic information, obtains the acoustic information of described the first authorization code, and plays the acoustic information of described the first authorization code; Or, show described the first authorization code.
3. system according to claim 1 and 2, is characterized in that,
Described the second output module, specifically for converting described the second authorization code to acoustic information, obtains the acoustic information of described the second authorization code, and plays the acoustic information of described the second authorization code; Or, show described the second authorization code.
4. according to the system described in claims 1 to 3 any one, it is characterized in that,
Described the first safety chip, while also finishing for the voice call that the user of described the first call terminal detected at described the first safety chip, deletes described the first call key; And/or,
Described the second safety chip, while also finishing for the voice call that the user of described the second call terminal detected at described the second safety chip, deletes described the second call key.
5. according to the system described in claim 1 to 4 any one, it is characterized in that,
Described system also comprises:
The first voice acquisition module, for gathering the read aloud result of the user of described the first call terminal to described the first authorization code, obtains the first acoustic information, and sends described the first acoustic information; Wherein, described the first voice acquisition module is arranged in described the first safety means, or, be arranged in described the first call terminal;
Described the first safety chip, described the first acoustic information sending specifically for obtaining described the first voice acquisition module.
6. according to the system described in claim 1 to 5 any one, it is characterized in that,
Described system also comprises:
The second voice acquisition module, for gathering the read aloud result of the user of described the second call terminal to described the second authorization code, obtains the second acoustic information, and sends described the second acoustic information; Wherein, described the second voice acquisition module is arranged in described the second safety means, or, be arranged in described the second call terminal;
Described the second safety chip, described the second acoustic information sending specifically for obtaining described the second voice acquisition module.
7. according to the system described in claim 1 to 6 any one, it is characterized in that, the length of described the first authorization code is less than the length of described the first call key, and/or the length of described the second authorization code is less than the length of described the second call key.
8. according to the system described in claim 1 to 7 any one, it is characterized in that, described the first authorization code is for the first call key described in unique identification, and/or described the second authorization code is for the second call key described in unique identification.
9. according to the system described in claim 1 to 8 any one, it is characterized in that,
Described the first reminding module, specifically for prompting, the authorization code in described the second data decryption is confirmed with whether described the first authorization code is consistent, and in described the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of described the second call terminal sound characteristic is consistent confirms;
Wherein, described first confirms that instruction is consistent with described the first authorization code for confirming the authorization code in described the second data decryption, and the sound characteristic instruction consistent with the user's of described the second call terminal sound characteristic of reading aloud authorization code in described the second data decryption.
10. according to the system described in claim 1 to 9 any one, it is characterized in that,
Described the second reminding module, specifically for prompting, the authorization code in described the first data decryption is confirmed with whether described the second authorization code is consistent, and in described the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of described the first call terminal sound characteristic is consistent confirms;
Wherein, described second confirms that instruction is consistent with described the second authorization code for confirming the authorization code in described the first data decryption, and the sound characteristic instruction consistent with the user's of described the first call terminal sound characteristic of reading aloud authorization code in described the first data decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410208562.5A CN103986579B (en) | 2014-05-16 | 2014-05-16 | A kind of data handling system of voice call |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410208562.5A CN103986579B (en) | 2014-05-16 | 2014-05-16 | A kind of data handling system of voice call |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103986579A true CN103986579A (en) | 2014-08-13 |
| CN103986579B CN103986579B (en) | 2017-07-21 |
Family
ID=51278406
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410208562.5A Active CN103986579B (en) | 2014-05-16 | 2014-05-16 | A kind of data handling system of voice call |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103986579B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1183685A (en) * | 1996-06-28 | 1998-06-03 | 株式会社东芝 | Encryption decoding method. record reproduction device and record medium |
| CN101228770A (en) * | 2005-07-27 | 2008-07-23 | 国际商业机器公司 | Systems and method for secure delivery of files to authorized recipients |
| CN101236581A (en) * | 2007-02-01 | 2008-08-06 | 北京华大信安科技有限公司 | Information safety apparatus and its processing method |
| CN101420303A (en) * | 2008-12-12 | 2009-04-29 | 广州杰赛科技股份有限公司 | Communication method for audio data and apparatus thereof |
| CN102098159A (en) * | 2010-07-28 | 2011-06-15 | 胡旭光 | Secret key device and method for mobile phone |
| CN202231733U (en) * | 2011-09-06 | 2012-05-23 | 信雅达系统工程股份有限公司 | Earphone shield with earphone function |
| CN102497465A (en) * | 2011-10-26 | 2012-06-13 | 潘铁军 | High-secrecy mobile information safety system and safety method for distributed secret keys |
| CN102592091A (en) * | 2011-12-28 | 2012-07-18 | 潘铁军 | Digital rights management system and security method based on distributed key |
| CN102609641A (en) * | 2011-12-28 | 2012-07-25 | 潘铁军 | DRM (digital rights management) system based on distributed keys |
| CN102647275A (en) * | 2011-02-22 | 2012-08-22 | 深圳市文鼎创数据科技有限公司 | KEY for mobile terminal |
| CN103457729A (en) * | 2012-05-31 | 2013-12-18 | 阿里巴巴集团控股有限公司 | Safety equipment, service terminal and encryption method |
-
2014
- 2014-05-16 CN CN201410208562.5A patent/CN103986579B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1183685A (en) * | 1996-06-28 | 1998-06-03 | 株式会社东芝 | Encryption decoding method. record reproduction device and record medium |
| CN101228770A (en) * | 2005-07-27 | 2008-07-23 | 国际商业机器公司 | Systems and method for secure delivery of files to authorized recipients |
| CN101236581A (en) * | 2007-02-01 | 2008-08-06 | 北京华大信安科技有限公司 | Information safety apparatus and its processing method |
| CN101420303A (en) * | 2008-12-12 | 2009-04-29 | 广州杰赛科技股份有限公司 | Communication method for audio data and apparatus thereof |
| CN102098159A (en) * | 2010-07-28 | 2011-06-15 | 胡旭光 | Secret key device and method for mobile phone |
| CN102647275A (en) * | 2011-02-22 | 2012-08-22 | 深圳市文鼎创数据科技有限公司 | KEY for mobile terminal |
| CN202231733U (en) * | 2011-09-06 | 2012-05-23 | 信雅达系统工程股份有限公司 | Earphone shield with earphone function |
| CN102497465A (en) * | 2011-10-26 | 2012-06-13 | 潘铁军 | High-secrecy mobile information safety system and safety method for distributed secret keys |
| CN102592091A (en) * | 2011-12-28 | 2012-07-18 | 潘铁军 | Digital rights management system and security method based on distributed key |
| CN102609641A (en) * | 2011-12-28 | 2012-07-25 | 潘铁军 | DRM (digital rights management) system based on distributed keys |
| CN103457729A (en) * | 2012-05-31 | 2013-12-18 | 阿里巴巴集团控股有限公司 | Safety equipment, service terminal and encryption method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103986579B (en) | 2017-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103973696A (en) | Data processing method of voice communication | |
| US10038676B2 (en) | Call encryption systems and methods | |
| US20100227549A1 (en) | Apparatus and Method for Pairing Bluetooth Devices by Acoustic Pin Transfer | |
| CN104393994B (en) | Audio data secure transmission method, system and terminal | |
| CN104065648B (en) | A kind of data processing method of voice call | |
| CN103974243A (en) | Data processing system of voice communication | |
| CN112182624A (en) | Encryption method, encryption device, storage medium and electronic equipment | |
| CN107426521A (en) | A kind of video call method and terminal | |
| CN103986711A (en) | Data processing method for voice communication | |
| CN103974242A (en) | Data processing method of voice communication | |
| WO2021109668A1 (en) | Security authentication method, apparatus, and electronic device | |
| CN204761537U (en) | Implement mobile communication anti -eavesdrop system of encryption and decryption in bluetooth headset end | |
| CN104038932B (en) | A kind of safety equipment | |
| CN103986712A (en) | Data processing method for voice communication | |
| CN104065649B (en) | A kind of data processing method of voice call | |
| CN106331282A (en) | Mobile phone communication anti-eavesdropping system for implementing encryption and decryption on Bluetooth earphone side | |
| CN104080080B (en) | A kind of data handling system of voice call | |
| CN104065650A (en) | Data processing system for voice communication | |
| CN104184873A (en) | Information security attachment device for voice communication and information security method | |
| CN103986579A (en) | Data processing system for voice communication | |
| CN103987036A (en) | Data processing system for voice communication | |
| CN103997732A (en) | Data processing system in voice communication | |
| CN112242977A (en) | Data transmission method and data transmission system | |
| KR20210104337A (en) | Encryption communication device equipped with quantum encryption chip based a quantum random number and method of providing encryption communication service using the same | |
| CN104952467A (en) | Mobile terminal and audio file playing method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |