CN103986711A

CN103986711A - Data processing method for voice communication

Info

Publication number: CN103986711A
Application number: CN201410208563.XA
Authority: CN
Inventors: 李东声
Original assignee: Tendyron Technology Co Ltd
Current assignee: Tendyron Technology Co Ltd
Priority date: 2014-05-16
Filing date: 2014-05-16
Publication date: 2014-08-13
Anticipated expiration: 2034-05-16
Also published as: CN103986711B; HK1199986A1

Abstract

The invention provides a data processing method for voice communication. The method includes the steps that a first safety chip outputs a first authorization code and prompts reading of the first authorization code; a first safety device obtains a reading result on the first authorization code and obtains a first voice message; the first safety chip encrypts the first voice message, obtains first encrypted data and sends the first encrypted data; after a first confirmation instruction is received, the first safety chip encrypts and decrypts voice communication of a user of a first communication terminal; a second safety chip outputs a second authorization code, and decrypts the first encrypted data after receiving the first encrypted data to obtain first decrypted data; a second safety device plays the first decrypted data and prompts confirmation on the played first decrypted data according to the second authorization code.

Description

A kind of data processing method of voice call

Technical field

The present invention relates to electronic technology field, relate in particular to a kind of data processing method of voice call.

Background technology

In prior art, there is monitored possibility in the voice call between user, and therefore current voice call exists security risk.For described security risk, the mode of available technology adopting be call key by storing in the TF card on mobile phone to voice encryption, realize the protection to voice call.But in actual applications, if call terminal has been installed Malware, hacker can steal the call key in TF card by described Malware, and then crack the voice messaging after encryption, the risk that causes the speech data of call terminal to leak, therefore how safety to carry out voice encryption operation be technical problem urgently to be resolved hurrily; In addition, in prior art voice call exist monitored may, therefore reduce voice call monitored may be technical problem urgently to be resolved hurrily equally.

Summary of the invention

The invention provides a kind of data processing method of voice call, main purpose is one of to solve the problems of the technologies described above.

The invention provides data processing method in a kind of voice call, the method comprises: the first safety chip of the first safety means generates the first negotiation information, and send the first negotiation information to the first call terminal by the first communication interface of the first safety means, the first safety means are connected with the first call terminal, and are independent of the first call terminal; And, the second safety chip of the second safety means generates the second negotiation information, and sending the second negotiation information to the second call terminal by the second communication interface of the second safety means, the second safety means are connected with the second call terminal, and are independent of the second call terminal; The first safety chip receives by the first communication interface the second negotiation information that the first call terminal sends; And the second safety chip receives by second communication interface the first negotiation information that the second call terminal sends; The first safety chip calculates the first negotiation information and the second negotiation information, obtains the first call key, and the first call key is for carrying out encryption and decryption operation to the user's of the first call terminal voice call; And the second safety chip calculates the first negotiation information and the second negotiation information, obtain the second call key, the second call key is for carrying out encryption and decryption operation to the user's of the second call terminal voice call; The first safety means are exported the first authorization code, and wherein the first authorization code generates according to the first call key, and prompting is read aloud the first authorization code; The first safety means obtain the read aloud result of the user of the first call terminal to the first authorization code, obtain the first acoustic information; The first safety chip utilizes the first call key to be encrypted the first acoustic information, obtains the first enciphered data, and sends the first enciphered data by the first communication interface; After obtaining the first confirmation instruction, the first safety chip startup utilizes the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; The second safety chip is exported the second authorization code, and wherein the second authorization code generates according to the second call key; And the second safety chip is receiving after the first enciphered data by second communication interface, utilize the second call key to be decrypted the first enciphered data, obtain the first data decryption; The second safety means are play the first data decryption; The second safety means are after output the second authorization code and broadcasting the first data decryption, and prompting is confirmed the first data decryption playing out according to the second authorization code; The second safety chip, after obtaining the second confirmation instruction, starts and utilizes the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call.

The invention provides data processing method in a kind of voice call, the method comprises: the first safety chip of the first safety means generates the first negotiation information, and send the first negotiation information to the first call terminal by the first communication interface of the first safety means, the first safety means are connected with the first call terminal, and are independent of the first call terminal; And, the second safety chip of the second safety means generates the second negotiation information, and sending the second negotiation information to the second call terminal by the second communication interface of the second safety means, the second safety means are connected with the second call terminal, and are independent of the second call terminal; The first safety chip receives by the first communication interface the second negotiation information that the first call terminal sends; And the second safety chip receives by second communication interface the first negotiation information that the second call terminal sends; The first safety chip calculates the first negotiation information and the second negotiation information, obtains the first call key, and the first call key is for carrying out encryption and decryption operation to the user's of the first call terminal voice call; And the second safety chip calculates the first negotiation information and the second negotiation information, obtain the second call key, the second call key is for carrying out encryption and decryption operation to the user's of the second call terminal voice call; The first safety means are exported the first authorization code, prompting is read aloud the first authorization code, and obtain the read aloud result of the user of the first call terminal to the first authorization code, and obtain the first acoustic information, wherein the first authorization code is that the first safety chip generates according to the first call key; Utilize the first call key to be encrypted the first acoustic information, obtain the first enciphered data, and send the first enciphered data by the first communication interface; After obtaining the first confirmation instruction, the first safety chip startup utilizes the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; After obtaining the second call key, the second safety chip startup utilizes the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call; Wherein, at the second safety chip, start and to utilize after the second call key carries out encryption and decryption operation to the user's of the second call terminal voice call, the method also comprises: the second safety means receive the authentication triggering command to the user of the first call terminal; The second safety means, after receiving the user's of the first call terminal authentication triggering command, are exported the second authorization code, and wherein the second authorization code is that the second safety chip generates according to the second call key; And the second safety chip is receiving after the first enciphered data by second communication interface, utilize the second call key to be decrypted the first enciphered data, obtain the first data decryption; The second safety means are play the first data decryption; After output the second authorization code and broadcasting the first data decryption, the second safety means prompting is confirmed the first data decryption playing out according to the second authorization code; The second safety chip, after obtaining the second confirmation instruction, utilizes the second call key to proceed encryption and decryption operation to the user's of the second call terminal voice call.

In addition, the second safety means prompting is confirmed the first data decryption playing out according to the second authorization code, comprise: the second safety means prompting confirms whether the authorization code in the first data decryption and the second authorization code be consistent, and in the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms; Wherein, second confirms that instruction is consistent with the second authorization code for confirming the authorization code in the first data decryption, and the sound characteristic instruction consistent with the user's of the first call terminal sound characteristic of reading aloud authorization code in the first data decryption.

In addition, after obtaining the first confirmation instruction, the first safety chip startup utilizes the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call, comprise: A, the first safety chip are after the second confirmation instruction that receives the second call terminal transmission, according to the second confirmation instruction, obtain the first confirmation instruction, start and utilize the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; Or B, the first safety chip are receiving after the second enciphered data by the first communication interface, utilize the first call key to be decrypted the second enciphered data, obtain the second data decryption; The first safety means are play the second data decryption, and prompting is confirmed the second data decryption playing out according to the first authorization code; The first safety chip obtains the first confirmation instruction, and startup utilizes the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; Wherein the second enciphered data obtains in the following way: the second safety means are after output the second authorization code, and prompting is read aloud the second authorization code; The second safety chip obtains the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information; The second safety chip utilizes the second call key to be encrypted the second acoustic information, obtains the second enciphered data, and sends the second enciphered data by second communication interface.

In addition, the first safety means prompting is confirmed to comprise to the second data decryption playing out according to described the first authorization code: the first safety means are pointed out and confirmed whether the authorization code in the second data decryption and the first authorization code be consistent, and in the second data decryption, reads aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms; Wherein, first confirms that instruction is consistent with the first authorization code for confirming the authorization code in the second data decryption, and the sound characteristic instruction consistent with the user's of the second call terminal sound characteristic of reading aloud authorization code in the second data decryption.

The invention provides data processing method in a kind of voice call, the method comprises: the first safety chip of the first safety means generates the first negotiation information, and send the first negotiation information to the first call terminal by the first communication interface of the first safety means, the first safety means are connected with the first call terminal, and are independent of the first call terminal; And, the second safety chip of the second safety means generates the second negotiation information, and sending the second negotiation information to the second call terminal by the second communication interface of the second safety means, the second safety means are connected with the second call terminal, and are independent of the second call terminal; The first safety chip receives by the first communication interface the second negotiation information that the first call terminal sends; And the second safety chip receives by second communication interface the first negotiation information that the second call terminal sends; The first safety chip calculates the first negotiation information and the second negotiation information, obtains the first call key, and the first call key is for carrying out encryption and decryption operation to the user's of the first call terminal voice call; And the second safety chip calculates the first negotiation information and the second negotiation information, obtain the second call key, the second call key is for carrying out encryption and decryption operation to the user's of the second call terminal voice call; After obtaining the first call key, the first safety chip startup utilizes the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; Wherein, at the first safety chip, start and to utilize after the first call key carries out encryption and decryption operation to the user's of the first call terminal voice call, the method also comprises: the first safety means receive the authentication triggering command to the user of the second call terminal; The first safety means are after receiving the user's of the second call terminal authentication triggering command, and output the first authorization code, points out the first authorization code is read aloud; The first safety chip obtains the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information, and wherein the first authorization code is that the first safety chip generates according to the first call key; The first safety chip utilizes the first call key to be encrypted the first acoustic information, obtains the first enciphered data, and sends the first enciphered data by the first communication interface; After obtaining the first confirmation instruction, the first safety chip utilizes the first call key to proceed encryption and decryption operation to the user's of the first call terminal voice call; The second safety chip is exported the second authorization code, and wherein the second authorization code generates according to the second call key; And the second safety chip is receiving after the first enciphered data by second communication interface, utilize the second call key to be decrypted the first enciphered data, obtain the first data decryption; The second safety means are play the first data decryption; The second safety means are after output the second authorization code and broadcasting the first data decryption, and the first data decryption that prompting plays out according to the second authorization code is confirmed; The second safety chip, after obtaining the second confirmation instruction, starts and utilizes the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call.

The invention provides data processing method in a kind of voice call, the method comprises: the first safety chip of the first safety means generates the first negotiation information, and send the first negotiation information to the first call terminal by the first communication interface of the first safety means, the first safety means are connected with the first call terminal, and are independent of the first call terminal; And, the second safety chip of the second safety means generates the second negotiation information, and sending the second negotiation information to the second call terminal by the second communication interface of the second safety means, the second safety means are connected with the second call terminal, and are independent of the second call terminal; The first safety chip receives by the first communication interface the second negotiation information that the first call terminal sends; And the second safety chip receives by second communication interface the first negotiation information that the second call terminal sends; The first safety chip calculates the first negotiation information and the second negotiation information, obtains the first call key, and the first call key is for carrying out encryption and decryption operation to the user's of the first call terminal voice call; And the second safety chip calculates the first negotiation information and the second negotiation information, obtain the second call key, the second call key is for carrying out encryption and decryption operation to the user's of the second call terminal voice call; After obtaining the first call key, the first safety chip startup utilizes the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call; Wherein, at the first safety chip, start and to utilize after the first call key carries out encryption and decryption operation to the user's of the first call terminal voice call, the method also comprises: the first safety means receive the authentication triggering command to the user of the second call terminal; The first safety means are after receiving the user's of the second call terminal authentication triggering command, and output the first authorization code, points out the first authorization code is read aloud; The first safety chip obtains the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information, and wherein the first authorization code is that the first safety chip generates according to the first call key; The first safety chip utilizes the first call key to be encrypted the first acoustic information, obtains the first enciphered data, and sends the first enciphered data by the first communication interface; After obtaining the first confirmation instruction, the first safety chip utilizes the first call key to proceed encryption and decryption operation to the user's of the first call terminal voice call; After obtaining the second call key, the second safety chip startup utilizes the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call; Wherein, at the second safety chip, start and to utilize after the second call key carries out encryption and decryption operation to the user's of the second call terminal voice call, the method also comprises: the second safety means receive the authentication triggering command to the user of the first call terminal; The second safety means, after receiving the user's of the first call terminal authentication triggering command, are exported the second authorization code, and wherein the second authorization code is that the second safety chip generates according to the second call key; And the second safety chip is receiving after the first enciphered data by second communication interface, utilize the second call key to be decrypted the first enciphered data, obtain the first data decryption; The second safety means are play the first data decryption; The second safety means are after output the second authorization code and broadcasting the first data decryption, and prompting is confirmed the first data decryption playing out; The second safety chip, after obtaining the second confirmation instruction, utilizes the second call key to proceed encryption and decryption operation to the user's of the second call terminal voice call.

In addition, the second safety means prompting is confirmed the first data decryption playing out, comprise: the second safety means prompting confirms whether the authorization code in the first data decryption and the second authorization code be consistent, and in the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms; The second safety chip, after obtaining the second confirmation instruction, starts and utilizes the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call; Wherein, second confirms that instruction is consistent with the second authorization code for confirming the authorization code in the first data decryption, and the sound characteristic instruction consistent with the user's of the first call terminal sound characteristic of reading aloud authorization code in the first data decryption.

In addition, after obtaining the first confirmation instruction, the first safety chip utilizes the first call key to proceed encryption and decryption operation to the user's of the first call terminal voice call, comprise: A, the first safety chip are after the second confirmation instruction that receives the second call terminal transmission, according to the second confirmation instruction, obtain the first confirmation instruction, the first safety chip utilizes the first call key to proceed encryption and decryption operation to the user's of the first call terminal voice call; And/or B, the first safety chip are receiving after the second enciphered data by the first communication interface, utilize the first call key to be decrypted the second enciphered data, obtain the second data decryption; The first safety means are play the second data decryption, and prompting is confirmed the second data decryption playing out according to the first authorization code; The first safety chip obtains the first confirmation instruction, and utilizes the first call key to proceed encryption and decryption operation to the user's of the first call terminal voice call; Wherein the second enciphered data obtains in the following way: the second safety chip is after output the second authorization code, and prompting is read aloud the second authorization code; The second safety chip obtains the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information; The second safety chip utilizes the second call key to be encrypted the second acoustic information, obtains the second enciphered data, and sends the second enciphered data by second communication interface.

In addition, the first safety means prompting is confirmed the second data decryption playing out according to the first authorization code, comprise: the first safety means prompting confirms whether the authorization code in the second data decryption and the first authorization code be consistent, and in the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms; Wherein, first confirms that instruction is consistent with the first authorization code for confirming the authorization code in the second data decryption, and the sound characteristic instruction consistent with the user's of the second call terminal sound characteristic of reading aloud authorization code in the second data decryption.

In addition, the first safety means are exported the first authorization code, comprising: A, the first safety means convert the first authorization code to acoustic information, obtain the acoustic information of the first authorization code, and play the acoustic information of the first authorization code; Or B, the first safety means show the first authorization code.

In addition, the second safety means are exported the second authorization code, comprising: A, the second safety means, by the acoustic information that converts to of the second authorization code, obtain the acoustic information of the second authorization code, and play the acoustic information of the second authorization code; Or B, the second safety means show the second authorization code.

In addition, the method also comprises: if the first safety chip detects the user's of the first call terminal voice call, finish, the first safety chip is deleted the first call key; And/or, if detecting the user's of the second call terminal voice call, finishes the second safety chip, the second safety chip is deleted the second call key.

In addition, the first safety chip obtains the read aloud result of the user of the first call terminal to the first authorization code, obtaining the first acoustic information comprises: the read aloud result of the user of the first call terminal of voice collecting unit collection that A, the first safety chip obtain the first safety means to the first authorization code, obtains the first acoustic information; Or the read aloud result of B, the first safety chip receive the first call terminal collection user of the first call terminal by the first communication interface to the first authorization code, obtains the first acoustic information.

In addition, the second safety chip obtains the read aloud result of the user of the second call terminal to the second authorization code, obtaining the second acoustic information comprises: the read aloud result of the user of the second call terminal of voice collecting unit collection that A, the second safety chip obtain the second safety means to the second authorization code, obtains the second acoustic information; Or the read aloud result of B, the second safety chip receive the second call terminal collection user of the second call terminal by second communication interface to the second authorization code, obtains the second acoustic information.

In addition, the length of the first authorization code is less than the length of the first call key, and/or the length of the second authorization code is less than the length of the second call key.

In addition, the first authorization code is for unique identification the first call key, and/or the second authorization code is for unique identification the second call key.

That the mode generating on TF card is compared with the key of conversing in prior art, embodiment of the method provided by the invention generates call key by being independent of on the safety means of call terminal, reduced in voice encryption process by malware attacks on call terminal may; And be generated by the safety chip in safety means, the high security based on safety chip, has reduced the possibility of call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in safety chip inside, with call key, encrypt, the key that makes to converse is called at a security context, guarantees the safe handling of call key.

In addition, in voice encryption communication process, the second safety means are by playing the first data decryption from the first call terminal, prompting is confirmed the first data decryption playing out according to the second authorization code, the confirmation of realization to the identity information of the first call terminal, whether someone monitors to make user determine this call, improved and in voice call, identified the success rate that the 3rd people monitors, thereby reduce the monitored possibility of voice call, and when user determines that this voice call exists the 3rd people to monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of transfer of data in voice call.

Further, on the second safety means, play the first data decryption from the first call terminal, reduced the attack of Malware on the second call terminal, guaranteed voice call safety.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.

Fig. 1 is the schematic flow sheet of data processing method embodiment in a kind of voice call provided by the invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Fig. 1 is the schematic flow sheet of the data processing method embodiment of a kind of voice call provided by the invention.Shown in Fig. 1, embodiment of the method comprises:

Step 01, the first safety means and the second safety means generate respectively negotiation information and send:

The first safety chip of step 011, the first safety means generates the first negotiation information, and send the first negotiation information to the first call terminal by the first communication interface of the first safety means, wherein the first negotiation information comprises for generating the parameter information of the first call key, the first call key is for carrying out encryption and decryption operation to the user's of the first call terminal voice call, the first safety means are connected with the first call terminal, and are independent of the first call terminal;

Wherein, the first safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, be integrated in wearable device; Certainly, the first safety means can be also the intelligent cipher key equipments that intelligent cipher key equipment USB Key, the intelligent cipher key equipment of supporting audio interface with USB interface, the intelligent cipher key equipment with function of Bluetooth communication etc. can communicate with call terminal, or, be integrated in the intelligent cipher key equipment that can communicate with call terminal.With respect to the first call terminal, the first safety means are autonomous devices, are not integrated on the first call terminal.

Wherein, the first communication interface can be wireless connections interface, can be also wired connection interface.If the first communication interface is wireless connections interface, in the first safety means, be built-in with wireless communication module, can be Wi-Fi module, Wi-Fi Direct module, NFC module, bluetooth module or infrared module, for example the first safety means are bluetooth earphone; If the first communication interface is wired connection interface, the first safety means can have data line, and the interface of data line can be audio interface or USB interface, and for example the first safety means are line control earphone.Certainly, the first safety means also can have two kinds of functions of wireless connections and wired connection simultaneously, and the first safety means are built-in with wireless communication module, and are externally connected to data line.

If be built-in with wireless communication module in the first safety means, the first safety means can be connected with the first call terminal by wireless connections; If the first communication interface is wired connection interface, the first safety means can be connected with the first call terminal by wired connection.

Wherein, the first call terminal is the terminal with voice call ability, can be traditional verbal system, as landline telephone and cell phone, can be also the terminal with function of network phone, as PC, notebook computer and panel computer etc.

Wherein, the first negotiation information is that the first safety chip in the first safety means generates, with in prior art, by the first call terminal itself, carry out key agreement and compare, the first safety means that utilization is independent of the first call terminal complete negotiation, reduced key agreement operation by malware attacks in the first call terminal may, and the first safety chip in the first safety means to generate the first negotiation information more safe and reliable.

Wherein, the first safety chip, after generating the first negotiation information, sends to the first call terminal by the first communication interface, and the first call terminal sends to the second call terminal by communication network.

The second safety chip of step 012, the second safety means generates the second negotiation information, and send the second negotiation information to the second call terminal by the second communication interface of the second safety means, wherein the second negotiation information comprises for generating the parameter information of the second call key, the second call key is for carrying out encryption and decryption operation to the user's of the second call terminal voice call, the second safety means are connected with the second call terminal, and are independent of the second call terminal;

Wherein, the second safety chip, after generating the second negotiation information, sends to the second call terminal by second communication interface, and the second call terminal sends to the first call terminal by communication network.

Wherein, the second safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, be integrated in wearable device; Certainly, the second safety means can be also the intelligent cipher key equipments that intelligent cipher key equipment USB Key, the intelligent cipher key equipment of supporting audio interface with USB interface, the intelligent cipher key equipment with function of Bluetooth communication etc. can communicate with call terminal, or, be integrated in the intelligent cipher key equipment that can communicate with call terminal.With respect to the second call terminal, the second safety means are autonomous devices, are not integrated on the second call terminal.

Wherein, second communication interface can be wireless connections interface, can be also wired connection interface.If second communication interface is wireless connections interface, in the second safety means, be built-in with wireless communication module, can be Wi-Fi module, Wi-Fi Direct module, NFC module, bluetooth module or infrared module, for example the second safety means are bluetooth earphone; If second communication interface is wired connection interface, the second safety means can have data line, and the interface of data line can be audio interface or USB interface, and for example the second safety means are line control earphone.Certainly, the second safety means also can have two kinds of functions of wireless connections and wired connection simultaneously, and the second safety means are built-in with wireless communication module, and are externally connected to data line.

If be built-in with wireless communication module in the second safety means, the second safety means can be connected with the second call terminal by wireless connections; If second communication interface is wired connection interface, the second safety means can be connected with the second call terminal by wired connection.

Wherein, the second call terminal is the terminal with voice call ability, can be traditional verbal system, as landline telephone and cell phone, can be also the terminal with function of network phone, as PC, notebook computer and panel computer etc.

Wherein, the second negotiation information is that the second safety chip in the second safety means generates, with in prior art, by the second call terminal itself, carry out key agreement and compare, the second safety means that utilization is independent of the second call terminal complete negotiation, reduced key agreement operation by malware attacks in the second call terminal may, and the second safety chip in the second safety means to generate the second negotiation information more safe and reliable.

Between step 011 and step 012, there is no obvious sequencing, can carry out simultaneously, can successively carry out according to order yet.

Step 02: the first safety chip and the second safety chip all receive negotiation information and generate call key:

Step 021, the first safety chip receive by the first communication interface the second negotiation information that the first call terminal sends, and the first negotiation information and the second negotiation information are calculated, and obtain the first call key;

Wherein, the second negotiation information be by the first call terminal after receiving the second negotiation information that the second call terminal sends, by the first communication interface, send to the first safety chip.

Step 022, the second safety chip receive by second communication interface the first negotiation information that the second call terminal sends, and the first negotiation information and the second negotiation information are calculated, and obtain the second call key;

Wherein, the first negotiation information be by the second call terminal after receiving the first negotiation information that the first call terminal sends, by second communication interface, send to the second safety chip.

Wherein, in step 011, send and in the operation of the first negotiation information and step 021, receive operating on execution sequence of the second negotiation information and do not have obvious precedence relationship, can carry out simultaneously, also can successively carry out according to order.In like manner, in step 012, send and in the operation of the second negotiation information and step 022, receive operating on execution sequence of the first negotiation information and do not have obvious precedence relationship, can carry out simultaneously, also can successively carry out according to order.

Wherein, the parameter information particular content in the first negotiation information and the second negotiation information can arrange with reference to cipher key agreement algorithm of the prior art, for example, and cipher key agreement algorithm ZRTP.

Wherein, the calculating of the first call key and the second call key can be obtained referring to the account form of cipher key agreement algorithm of the prior art, for example, and ZRTP.Wherein, the first call key can be kept in the first safety chip, to guarantee the storage security of the first call key; In like manner, the second call key can be kept in the second safety chip, to guarantee the storage security of the second call key.

At the first call terminal and the second call terminal, do not exist under the prerequisite of the 3rd people's monitoring, the first call key is identical with the second call key.On the contrary, when the first call terminal and the second call terminal exist the 3rd people to monitor, the second call key that the first call key that the user of the first call terminal uses and the user of the second call terminal use is different.Why the first call key is different with the second call key, reason is: the first call key is that the first call terminal and the 3rd people's call terminal is consulted to obtain, the second call key is that the second call terminal and the 3rd people's call terminal is consulted to obtain, and is not that the first call terminal and the second call terminal are directly consulted to obtain.

Between step 021 and step 022, there is no obvious sequencing, can carry out simultaneously, can successively carry out according to order yet.

Step 03: the first safety means and the second safety means are all exported authorization code and sent:

Step 031, the first safety means are exported the first authorization code, and wherein the first authorization code is that the first safety chip generates according to the first call key, and prompting is read aloud the first authorization code; The first safety chip obtains the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information; The first safety chip utilizes the first call key to be encrypted the first acoustic information, obtains the first enciphered data, and sends the first enciphered data by the first communication interface;

Wherein, the first safety chip is sending after the first enciphered data by the first communication interface, and the first call terminal receives the first enciphered data by the first communication interface, and sends to the second call terminal by communication network.

Step 032, the second safety means are exported the second authorization code, and wherein the second authorization code is that the second safety chip generates according to the second call key; And prompting is read aloud the second authorization code; The second safety chip obtains the read aloud result of the user of the second call terminal to the second authorization code, obtains the second acoustic information; The second safety chip utilizes the second call key to be encrypted the second acoustic information, obtains the second enciphered data, and sends the second enciphered data by second communication interface.

Wherein, the second safety chip is sending after the second enciphered data by second communication interface, and the second call terminal receives the second enciphered data by second communication interface, and sends to the first call terminal by communication network.

Herein, the example that is embodied as with step 031 describes:

For the first call key, the first safety chip in the first safety means is after obtaining the first call key, can use the first call key can guarantee the safety of voice call between the first safety means and the second safety means, be equivalent to, on voice call basis in the prior art, between the first safety means and the second safety means, set up voice encryption passage.

Wherein, voice encryption passage provided by the invention is the passage being based upon between the first safety means and the second safety means, for the first safety means, voice encryption passage has passed through the first safety means, the first verbal system, the second verbal system and the second safety means successively.This shows, voice encryption passage of the present invention is based upon between safety means, therefore, at the first call terminal and the second call terminal, in call, set up to the whole process of end of conversation, the first call terminal and the second call terminal play the effect of transparent data, reduce the possibility of malware attacks on call terminal, improved the safety of transfer of data.

Wherein, the first safety means are exported the first authorization code, comprising: A, the first safety means convert the first authorization code to acoustic information, obtain the acoustic information of the first authorization code, and play the acoustic information of the first authorization code; Or B, the first safety means show the first authorization code.

Specifically, the way of output of the first authorization code can be that the broadcast unit by the first safety means plays back, and for example, loud speaker or loudspeaker, also can be shown by the display unit of the first safety means.Specifically:

First kind of way, the first safety chip sends to the digital signal of the first authorization code the speech conversion unit of the first safety means, speech conversion unit converts the digital signal of the first authorization code to acoustic information, obtain the acoustic information of the first authorization code, and the acoustic information of the first authorization code being sent to the broadcast unit of the first safety means, broadcast unit is play the acoustic information of the first authorization code.

In first kind of way, the information of the first authorization code is changed, obtain the acoustic information of the first authorization code, by playing the acoustic information of the first authorization code, reach the object of output the first authorization code.

The second way, the first safety chip sends to the digital signal of the first authorization code the display unit of the first safety means, and display unit shows the first authorization code.

In the second way, by showing the first authorization code, reach the object of output the first authorization code.

Wherein, for pointing out the information that the information of the first authorization code is read aloud to export together with the first authorization code, for example, and output " please read aloud authorization code XXX ", wherein, XXX represents the content of the first authorization code.Wherein the way of output can adopt broadcast mode or display mode.

Certainly, for pointing out the information that the information of the first authorization code is read aloud also can separate and export with the first authorization code, for example, first export the information of " please read aloud authorization code ", export again the information of " authorization code is XXX ", or, first export the information of " authorization code is XXX ", then export the information of " please read aloud authorization code ".Wherein the way of output of above-mentioned two information can adopt broadcast mode or display mode to export, and wherein the way of output of above-mentioned two information can be identical, also can be different.

Wherein, the first authorization code and for pointing out the information that the information of the first authorization code is read aloud also can export by the first call terminal, for example, exports by display mode, or, by broadcast mode, export.

Compare and on the first call terminal, export the first authorization code and for pointing out the mode of the information that the information of the first authorization code is read aloud, by the first safety means, export the first authorization code and for pointing out the mode of the information that the information of the first authorization code is read aloud, can reduce the possibility of malware attacks on the first call terminal, improve the safety of transfer of data.

Wherein, when prompting is read aloud the first authorization code, because the content of reading aloud is the first authorization code, not the first call key itself, has reduced lawless person and when user reads aloud, has stolen the possible of the first call key; In addition, the first authorization code generates according to the first call key, and can unique identification the first call key, so whether communicating pair consistent by the content of comparison authorization code, determines that whether the call key that communicating pair uses consistent; Because the figure place of the first call key is longer, the first call key handling is become to the first authorization code, make the length of the first authorization code short compared with the length of the first call key, reduce the content that user reads aloud, user-friendly.

Wherein, the first safety chip obtains the read aloud result of the user of the first call terminal to the first authorization code, obtains the first acoustic information, can adopt following two kinds of modes:

The read aloud result of mode A, the first safety chip receive the first call terminal collection user of the first call terminal by the first communication interface to the first authorization code, obtains the first acoustic information.

In mode A, utilize the existing Mike of the first call terminal to realize reading aloud the collection of result, it is convenient to realize, and without realizing reading aloud obtaining of result the hardware modification of the first safety means, has reduced the hardware cost of the first safety means.

The read aloud result of the user of the first call terminal of voice collecting unit collection that mode B, the first safety chip obtain the first safety means to the first authorization code, obtains the first acoustic information.

In mode B, voice collecting unit can be Mike.Gather to the first authorization code read aloud result time, adopt the voice collecting unit on the first safety means to gather, can reduce possibility of malware attacks on the first call terminal, the fail safe of assurance data acquisition.For example, when the first safety means are bluetooth earphone, can directly utilize the Mike of bluetooth earphone to reading aloud result collection.

Wherein, the sound of user being read aloud to the first authorization code gathers, and obtains the first acoustic information, is actually two parts information that collects, one is the content of the first authorization code of the first safety means output, and another one is to read aloud the user's of the first authorization code sound characteristic.

Wherein the sound characteristic in this first acoustic information is the user of the first call terminal this user's self while directly reading aloud this first authorization code sound characteristic, identifies the content sources of the first authorization code in this first acoustic information in the user of the first call terminal; It not the sound characteristic that the sounding effect by the user of this first call terminal of speech simulation software simulation obtains.

The sound characteristic that the sound characteristic going out due to speech simulation software simulation obtains while directly reading aloud with user is different, therefore when playing above-mentioned two sound characteristics, listener can be according to entrained customized informations such as tone color, tone and the tone of two sound characteristics etc., whether be the user's of real first call terminal sound, thereby identify the acoustic information that carries authorization code, whether come from the first call terminal if identifying.

Wherein, the implementation that the first safety means are processed into the first enciphered data by the first acoustic information is as follows:

The voice collecting unit of the first safety means sends to the first acoustic information the speech conversion unit of the first safety means, speech conversion unit is processed into digital signal by the first acoustic information, obtain data to be verified, and data to be verified are sent to the first safety chip, the first safety chip utilizes the first call key to treat verification msg and is encrypted, obtain the first enciphered data, and send the first enciphered data by the first communication interface.

Wherein, the effect of speech conversion unit converts analog signal to digital signal, makes the first acoustic information to carry out transfer of data at voice encryption passage.Wherein, voice collecting unit and speech conversion unit can integrate in the first safety means, can be also different physical locations.

Certainly, if the communication network between the first call terminal and the second call terminal is supported the direct transmission of analog signal, in the process that the first acoustic information is processed into the first enciphered data, without execution, analog signal is converted to the operation of digital signal.

In addition, the implementation of each step that in the implementation of each step that in step 032, the second safety means are carried out and step 031, the first safety means are carried out is similar, does not repeat them here.

At the first call terminal and the second call terminal, do not exist under the prerequisite of the 3rd people's monitoring, the first authorization code is identical with the second authorization code.On the contrary, when the first call terminal and the second call terminal exist the 3rd people to monitor, the second call key that the first call key that the user of the first call terminal uses and the user of the second call terminal use is different, therefore the first authorization code, generating according to the first call key is also different with the second authorization code generating according to the second call key.Whether user, by the comparison content of the first authorization code and the content of the second authorization code, can judge and exist the 3rd people to monitor.

Between step 031 and step 032, there is no obvious sequencing, can carry out simultaneously, can successively carry out according to order yet.

Step 04, the first safety means and the second safety means are all pointed out authorization code and sound characteristic are confirmed:

Step 041, the first safety chip are receiving after the second enciphered data by the first communication interface, utilize the first call key to be decrypted the second enciphered data, obtain the second data decryption; The first safety means are play the second data decryption, and prompting confirms whether the authorization code in the second data decryption and the first authorization code be consistent, and in the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms;

Wherein, the second enciphered data is the first call terminal after receiving the second enciphered data that the second call terminal sends, and by the first communication interface, sends to the first safety chip.

The first safety chip gets the second enciphered data following two kinds of modes, comprising: before the user of the first call terminal and the user of the second call terminal carry out voice call, receive; Or, in the user of the first call terminal and the user of the second call terminal carry out the process of voice call, receive.

Because getting the second enciphered data, the first safety chip has two kinds of modes, therefore, the first safety means are confirmed whether the authorization code in the second data decryption and the first authorization code be consistent in prompting, and in the second data decryption, are read aloud the sound characteristic of authorization code and the whether consistent implementation of confirming of the user's of the second call terminal sound characteristic comprises following three kinds:

The first, before carrying out voice call, the user of the first call terminal and the user of the second call terminal receive after the second enciphered data, the prompting before the user of the first call terminal and the user of the second call terminal carry out voice call of the first safety means to the authorization code in the second data decryption and whether the first authorization code is consistent confirms, and is read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms in the second data decryption;

The second, before carrying out voice call, the user of the first call terminal and the user of the second call terminal receive after the second enciphered data, the first safety means carry out in the process of voice call prompting to the authorization code in the second data decryption and whether the first authorization code is consistent confirms the user of the first call terminal and the user of the second call terminal, and in the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms;

The third, in carrying out the process of voice call, the user of the first call terminal and the user of the second call terminal receive after the second enciphered data, the first safety means carry out in the process of voice call prompting to the authorization code in the second data decryption and whether the first authorization code is consistent confirms the user of the first call terminal and the user of the second call terminal, and in the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms.

Step 042, the second safety chip are receiving after the first enciphered data by second communication interface, utilize the second call key to be decrypted the first enciphered data, obtain the first data decryption; The second safety means are play the first data decryption; The second safety chip is after output the second authorization code and broadcasting the first data decryption, prompting confirms whether the authorization code in the first data decryption and the second authorization code be consistent, and in the first data decryption, reads aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms;

Wherein, the first enciphered data is the second call terminal after receiving the first enciphered data that the first call terminal sends, and by second communication interface, sends to the second safety chip.

The second safety chip gets the first enciphered data following two kinds of modes, comprising: the second enciphered data can receive before the user of the first call terminal and the user of the second call terminal carry out voice call; Or, in the user of the first call terminal and the user of the second call terminal carry out the process of voice call, receive.

Because getting the first enciphered data, the second safety chip has two kinds of modes, therefore, the second safety means prompting confirms whether the authorization code in the first data decryption and the second authorization code be consistent, and in the first data decryption, reads aloud the sound characteristic of authorization code and the whether consistent implementation of confirming of the user's of the first call terminal sound characteristic has following three kinds:

The first, before carrying out voice call, the user of the first call terminal and the user of the second call terminal receive after the first enciphered data, the prompting before the user of the first call terminal and the user of the second call terminal carry out voice call of the second safety means to the authorization code in the first data decryption and whether the second authorization code is consistent confirms, and is read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms in the first data decryption;

The second, before carrying out voice call, the user of the first call terminal and the user of the second call terminal receive after the first enciphered data, the second safety means carry out in the process of voice call prompting to the authorization code in the first data decryption and whether the second authorization code is consistent confirms the user of the first call terminal and the user of the second call terminal, and in the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms;

The third, in carrying out the process of voice call, the user of the first call terminal and the user of the second call terminal receive after the first enciphered data, the second safety means carry out in the process of voice call prompting to the authorization code in the first data decryption and whether the second authorization code is consistent confirms the user of the first call terminal and the user of the second call terminal, and in the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of the first call terminal sound characteristic is consistent confirms.

Herein, the example that is embodied as with step 041 describes:

The first safety chip utilizes the first call key to be decrypted the second enciphered data, obtain the second data decryption and be owing to not existing the 3rd people to monitor between the first call terminal and the second call terminal, the first call key and the second call key are identical, therefore can utilize the first call key to successfully being deciphered by the encrypted result after the second call secret key encryption.

But, although can utilize the first call key to successfully being deciphered by the encrypted result after the second call secret key encryption, whether but can not judge accordingly between the first call terminal and the second call terminal exists the 3rd people to monitor, reason is because the first call terminal and the second call terminal are while existing the 3rd people to monitor, the first call key that the first call terminal and the 3rd people's call terminal is consulted to obtain, the second call key that the second call terminal and the 3rd people's call terminal is consulted to obtain, the first call key is different with the second call key.The data that the 3rd people can send the first call terminal are utilized after the first call secret key decryption, re-using the second call key is encrypted, and send to the second call terminal, now the second call terminal still can be used the second call key to be successfully decrypted the enciphered data receiving, but now, at the first call terminal and the second call terminal, be to exist the 3rd people to monitor, therefore cannot be according to whether the enciphered data receiving is successfully deciphered and judged whether to exist the 3rd people to monitor.

For solving above-mentioned technological deficiency, below draw the concept of authorization code, and by authorization code is read aloud, and obtain and read aloud after result, and send the mode read aloud result and judge whether to exist the 3rd people to monitor, the associated description that concrete implementation detail vide infra in step 05.

Wherein, the implementation that the first safety means are processed into the second data decryption broadcasting by the second enciphered data is as follows:

If the second enciphered data is digital signal, the first safety chip utilizes the first call key to be decrypted the second enciphered data, obtains the second data decryption; The first safety chip sends the second data decryption to the speech conversion unit of the first safety means, speech conversion unit converts the second data decryption to acoustic information, obtain the transformation result of the second data decryption, and the transformation result of the second data decryption being sent to the broadcast unit of the first safety means, broadcast unit is play the transformation result of the second data decryption;

If the second enciphered data is analog signal, the first safety chip utilizes the first call key to be decrypted the second enciphered data, obtain the second data decryption, the second data decryption is sent to the broadcast unit of the first safety means, broadcast unit is play the second data decryption.

Wherein, in step 041, play between the operation of exporting the first authorization code in the operation of the second data decryption and step 031 and there is no obvious sequencing, can carry out simultaneously, also can successively carry out according to order.

Wherein, the second data decryption also can be play by the broadcast unit of the first call terminal, for example, and loud speaker and loudspeaker.

Compare and on the first call terminal, play the mode of the second data decryption, by the first safety means, play the mode of the second data decryption, can reduce the possibility of malware attacks on call terminal, improved the safety of transfer of data.

Wherein, the first safety means display reminding information or play cuing information, with prompting, to whether the authorization code in the second data decryption and the first authorization code be consistent, confirm, and in the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of the second call terminal sound characteristic is consistent confirms.For example, the display display reminding information of the first safety means, the broadcast unit play cuing information of the first safety means.Certainly, also can be by the first call terminal display reminding information or play cuing information.

Compare on the first call terminal and to show or the mode of play cuing information, by the first safety means, show or the mode of play cuing information, can reduce the possibility of malware attacks on call terminal, improved the safety of transfer of data.

In the present embodiment, to the second data decryption, adopt the mode of playing to export to user, because include two parts information in the second data decryption, a part means the particular content of the authorization code that the second safety means of the second call terminal generate, another part means the user's of the second call terminal sound characteristic, by playing the second data decryption, can be so that the user of the first call terminal directly gets above-mentioned two parts information, and then, the user who makes the first call terminal on the one hand can be by judging the whether consistent authenticity of confirming the content of carrying in the second data decryption of authorization code in the second data decryption and the first authorization code, can in the second data decryption, read aloud the sound characteristic of authorization code and the whether consistent legitimacy of confirming the source of the second data decryption of the user's of the second call terminal sound characteristic by judging on the other hand, namely can judge and whether have the 3rd people.

And, if the mode of above-mentioned broadcasting the second data decryption is replaced to the mode that shows the second data decryption, the user of the first call terminal receives after the second data decryption, only can be by judging the whether consistent authenticity of confirming the content of carrying in the second data decryption of authorization code in the second data decryption and the first authorization code, and cannot confirm the legitimacy in the source of the second data decryption, namely cannot judge and whether have the 3rd people.

Owing to not existing under the prerequisite of the 3rd people's monitoring at the first call terminal and the second call terminal, the first authorization code and the second authorization code are identical, and the first authorization code can unique identification the first call key, the second authorization code can be unique sign the second call key, thereby, when judging the first authorization code, the user of the first call terminal when identical, can learn that the first call key and the second call key are identical with the second authorization code.

In addition, the implementation of each step that in the implementation of each step that in step 042, the second safety means are carried out and step 041, the first safety means are carried out is similar, does not repeat them here.

Wherein, between step 041 and step 042, there is no obvious sequencing, can carry out simultaneously, can successively carry out according to order yet.

Step 05: the first safety chip and the second safety chip all point out authorization code content and sound characteristic in the enciphered data to receiving to confirm:

Step 051: the first safety chip carries out encryption and decryption operation to the user's of the first call terminal voice call following two kinds of modes:

A: the authorization code in described the second data decryption is confirmed with whether described the first authorization code is consistent in prompting, and in described the second data decryption, read aloud the sound characteristic of authorization code and whether the user's of described the second call terminal sound characteristic consistent confirm after, if described the first safety chip receives the first confirmation instruction, described the first safety chip startup utilizes described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call, wherein, first confirms that instruction is consistent with the first authorization code for confirming the authorization code in the second data decryption, and the second sound characteristic instruction consistent with the user's of the second call terminal sound characteristic of reading aloud authorization code in data decryption,

Wherein, utilize the first call key to carry out encryption and decryption operation to the user's of the first call terminal voice call, can when the user of the first call terminal and the user of the second call terminal carry out voice call and start, start, also can in the user of the first call terminal and the user of the second call terminal carry out the process of voice call, start.

B: utilize described the first call key to carry out after encryption and decryption operation the user's of described the first call terminal voice call in startup, if described the first safety chip receives the first confirmation instruction, described the first safety chip utilizes described the first call key to proceed encryption and decryption operation to the user's of described the first call terminal voice call, wherein, first confirms that instruction is consistent with the first authorization code for confirming the authorization code in the second data decryption, and the second sound characteristic instruction consistent with the user's of the second call terminal sound characteristic of reading aloud authorization code in data decryption,

Wherein Fig. 1 only illustrates the realization of the mode A of step 051, the realization of mode B is similar to realizing of mode A, difference is, first confirms that the reception of instruction is different opportunity, in mode A, be that the first safety chip carries out receiving before encryption and decryption operation to voice call in startup, be that the first safety chip receives encryption and decryption operation is carried out in startup to voice call after in mode B.Wherein, first confirms that instruction can obtain in the following way:

The first, the first safety means receive the first confirmation instruction of user's input of the first call terminal, wherein first confirms that instruction is that the user of the first call terminal authorization code in confirming the second data decryption is consistent with the first authorization code, and in the second data decryption, reads aloud the instruction afterwards inputted consistent with the user's of the second call terminal sound characteristic of the sound characteristic of authorization code.

Wherein, the user of the first call terminal can input instruction on the first call terminal, also can on the first safety means, input instruction.The user of the first call terminal inputs instruction on the first safety means, has reduced the attack of Malware on the first call terminal, has guaranteed voice call safety.

The second, after the second confirmation instruction that receives the second call terminal transmission, according to the second confirmation instruction, obtains the first confirmation instruction;

Wherein second confirms that instruction is that the user of the second call terminal is consistent with the authorization code of local generation at the authorization code of confirming to receive, and read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic consistent after, the instruction of input.

When the user of users to trust second call terminal of the first call terminal, if the user of the second call terminal confirms that the authorization code receiving from the first call terminal is consistent with the authorization code that the second safety means produce, and the sound characteristic of reading aloud authorization code is consistent with the user's of the first call terminal sound characteristic, the user of the first call terminal just can know that the authorization code in the second data decryption is consistent with the first authorization code so, and second to read aloud the sound characteristic of authorization code in data decryption consistent with the user's of the second call terminal sound characteristic, be equivalent to obtain first and confirm instruction.

Step 052: the second safety chip carries out encryption and decryption operation to the user's of the second call terminal voice call following two kinds of modes:

A: the authorization code in described the first data decryption is confirmed with whether described the second authorization code is consistent in prompting, and in described the first data decryption, read aloud the sound characteristic of authorization code and whether the user's of described the first call terminal sound characteristic consistent confirm after, if described the second safety chip receives the second confirmation instruction, described the second safety chip startup utilizes described the second call key to carry out encryption and decryption operation to the user's of described the second call terminal voice call, wherein, utilize the second call key to carry out encryption and decryption operation to the user's of the second call terminal voice call, can when carrying out voice call and start, the user of the first call terminal and the user of the second call terminal start, also can in carrying out the process of voice call, the user of the first call terminal and the user of the second call terminal start.

B: utilize described the second call key to carry out after encryption and decryption operation the user's of described the second call terminal voice call in startup, if described the second safety chip receives the second confirmation instruction, described the second safety chip utilizes described the second call key to proceed encryption and decryption operation to the user's of described the second call terminal voice call, wherein, second confirms that instruction is consistent with the second authorization code for confirming the authorization code in the first data decryption, and the first sound characteristic instruction consistent with the user's of the first call terminal sound characteristic of reading aloud authorization code in data decryption.

Wherein Fig. 1 only illustrates the realization of the mode A of step 052, the realization of mode B is similar to realizing of mode A, difference is, second confirms that the reception of instruction is different opportunity, in mode A, described the second safety chip carries out receiving before encryption and decryption operation to voice call in startup, is that described the second safety chip receives encryption and decryption operation is carried out in startup to voice call after in mode B.

Wherein, second confirms that instruction can obtain in the following way:

The first, the second safety means receive the second confirmation instruction of user's input of the second call terminal, wherein second confirms that instruction is that the user of the second call terminal authorization code in confirming the first data decryption is consistent with the second authorization code, and in the first data decryption, reads aloud the instruction afterwards inputted consistent with the user's of the first call terminal sound characteristic of the sound characteristic of authorization code.

Wherein, the user of the second call terminal can input instruction on the second call terminal, also can on the second safety means, input instruction.The user of the second call terminal inputs instruction on the second safety means, has reduced the attack of Malware on the second call terminal, has guaranteed voice call safety.

The second, after the first confirmation instruction that receives the first call terminal transmission, according to the first confirmation instruction, obtains the second confirmation instruction;

Wherein first confirms that instruction is that the user of the first call terminal is consistent with the authorization code of local generation at the authorization code of confirming to receive, and read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic consistent after, the instruction of input.

When the user of users to trust first call terminal of the second call terminal, if the user of the first call terminal confirms that the authorization code receiving from the second call terminal is consistent with the authorization code that the first safety means produce, and the sound characteristic of reading aloud authorization code is consistent with the user's of the second call terminal sound characteristic, the user of the second call terminal just can know that the authorization code in the first data decryption is consistent with the second authorization code so, and first to read aloud the sound characteristic of authorization code in data decryption consistent with the user's of the first call terminal sound characteristic, be equivalent to obtain second and confirm instruction.

Herein, the example that is embodied as with step 051 describes:

From to utilize the first call key to be encrypted by the first call terminal in prior art different, the main body of carrying out cryptographic operation in the present invention is the first safety chip.By the first safety chip, voice call is encrypted, can reduces the possibility of malware attacks on the first call terminal, improved the safety of transfer of data.

And the first safety chip utilizes the first call key self producing to be encrypted the voice messaging obtaining, and has improved call safety.Specifically:

(1) executive agent of voice encryption is the first safety chip, because the first safety chip is inner at the first safety means, the first safety means are independent of the first call terminal, have reduced in voice encryption process by the possibility of malware attacks on the first call terminal; In addition, the processor of earphone in the prior art of comparing, the executive agent that carries out voice encryption in the present invention in the first safety means is the first safety chip, because the computing that voice are encrypted and are deciphered completes in the first safety chip inside, just encrypted result and decrypted result are exported, the chance of having avoided data to be cracked, therefore, processor more of the prior art, the voice encryption intensity of the first safety chip is higher.

(2) the first call key that voice encryption is used is that the first safety chip produces, and it is inner that the first safety chip is kept at the first safety chip by the first call key, the possibility that has reduced by the first call key from stealing, has guaranteed the fail safe of voice encryption; In addition, when voice encryption, in the first safety chip inside, with the first call key, encrypt, it is called at a security context making the first call key, guarantees the safe handling of the first call key.

(3) cryptographic object is the voice collecting unit collection of the first safety means.The present invention utilizes the first safety means to carry out voice collecting, and the first safety means are independent of the first call terminal, has reduced in voice collecting process by the possibility of malware attacks on the first call terminal.

As seen from the above, when voice encryption, whole cryptographic operation is all completed by the first safety means, without the equipment with outside, carries out alternately, having guaranteed the fail safe of cryptographic operation.

Certainly, the voice that described the first safety means are encrypted also can be gathered by the voice collecting unit of the first call terminal, and obtain by the first communication interface the voice that collect.Wherein the voice collecting unit of the first call terminal can be microphone.

In addition, the implementation of each step that in the implementation of each step that in step 052, the second safety means are carried out and step 051, the first safety means are carried out is similar, does not repeat them here.

Wherein, between step 051 and step 052, there is no obvious sequencing, can carry out simultaneously, can successively carry out according to order yet.

Wherein, shown in Fig. 1, in flow process, shown in dotted line frame, step is optional step, can need to carry out selectively according to practical application scene.

Owing to there is no obvious sequencing between step 051 and step 052, therefore in actual applications, may there is following different application scenarios:

C1: the authorization code of the first safety means in confirming the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; And, the authorization code of the second safety means in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 all can be carried out at application scenarios C1;

C2: the authorization code of the second safety means in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation, and send the second confirmation instruction to the first safety means; Described the first safety means, after receiving the second confirmation instruction, obtain the first confirmation instruction according to the second confirmation instruction, according to the first confirmation instruction, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 is not all carried out at application scenarios C2;

C3: the first safety means, after obtaining the first call key, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, point out and confirm that the authorization code in the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation; And, the authorization code of the second safety means in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 all can be carried out at application scenarios C3;

C4: the authorization code of the second safety means in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, start the user's of the second call terminal voice call is carried out to encryption and decryption operation, and send the second confirmation instruction to the first safety means; The first safety means, after obtaining the first call key, start the user's of the first call terminal voice call are carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, described the first safety means are after receiving the second confirmation instruction, according to the second confirmation instruction, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 is not all carried out at application scenarios C4;

C5: the authorization code of the first safety means in confirming the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; And the second safety means, after obtaining the second call key, start the user's of the second call terminal voice call are carried out to encryption and decryption operation; In startup, the user's of the second call terminal voice call is carried out after encryption and decryption operation, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 all can be carried out at application scenarios C5;

C6: the second safety means carry out after encryption and decryption operation the user's of the second call terminal voice call in startup, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation, and send the second confirmation instruction to the first safety means; Described the first safety means, after receiving the second confirmation instruction, obtain the first confirmation instruction according to the second confirmation instruction, according to the first confirmation instruction, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 is not all carried out at application scenarios C6;

C7: the first safety means, after obtaining the first call key, start the user's of the first call terminal voice call is carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, point out and confirm that the authorization code in the second data decryption is consistent with the first authorization code, and second read aloud the sound characteristic of authorization code and the user's of the second call terminal sound characteristic in data decryption when consistent, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation; And, the second safety means carry out after encryption and decryption operation the user's of the second call terminal voice call in startup, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 all can be carried out at application scenarios C7;

C8: the second safety means carry out after encryption and decryption operation the user's of the second call terminal voice call in startup, authorization code in confirming the first data decryption is consistent with the second authorization code, and first read aloud the sound characteristic of authorization code and the user's of the first call terminal sound characteristic in data decryption when consistent, obtain the second confirmation instruction, according to the second confirmation instruction, the user's of the second call terminal voice call is proceeded to encryption and decryption operation, and send the second confirmation instruction to the first safety means; The first safety means, after obtaining the first call key, start the user's of the first call terminal voice call are carried out to encryption and decryption operation; In startup, the user's of the first call terminal voice call is carried out after encryption and decryption operation, described the first safety means are after receiving the second confirmation instruction, according to the second confirmation instruction, obtain the first confirmation instruction, according to the first confirmation instruction, the user's of the first call terminal voice call is proceeded to encryption and decryption operation; Wherein, the part of the dotted line frame in flow process shown in Fig. 1 is not all carried out at application scenarios C8.

The technical characterictic that above-mentioned steps 05 is described is the content and all consistent rear encryption and decryption operations of carrying out voice call of sound characteristic of reading aloud authorization code of confirming authorization code, certainly, the present embodiment also provides in the sound characteristic of confirming the content of authorization code and reading aloud authorization code processing scheme when at least one is inconsistent, specifically comprises:

The example that is embodied as with the first safety means describes:

When the user of the first call terminal judges that authorization code and the first authorization code in the second data decryption are inconsistent, and/or, the sound characteristic of reading aloud the sound characteristic of authorization code and the user of the second call terminal in the second data decryption is inconsistent, and the user of the first call terminal can finish this voice call on the first call terminal or the first safety means.

In like manner, the realization of the second safety means is similar to realizing of the first safety means, repeats no more herein.

Said method also comprises:

If the first safety chip detects the user's of the first call terminal voice call, finish, the first safety chip is deleted the first call key; And/or,

If the second safety chip detects the user's of the second call terminal voice call, finish, the second safety chip is deleted the second call key.

In said method, after end of conversation, the first safety chip destroy the first call key that this voice call used and can reduce by the first call key and be stolen after by irrational utilization may, guarantee the security of operation of the first safety chip, equally effectively utilized the memory space of the first safety chip.In like manner, after end of conversation, the second safety chip destroy the second call key that this voice call used and can reduce by the second call key and be stolen after by irrational utilization may, guarantee the security of operation of the second safety chip, equally effectively utilized the memory space of the second safety chip.

The concrete application scenarios of take below describes as example:

User A and user B carry out normal talking, do not exist while being monitored by third party, and the negotiation that user A and user B directly converse key, the key X that obtains conversing, the voice call between user A and user B also directly adopts call key X to carry out encryption and decryption.

Between user A and user B, carry out in communication process, if exist the 3rd people user C to monitor, user A and user B will consult call key with the 3rd people user C respectively, after negotiation completes, the call key that user C and user A consult to obtain is M, and the call key that user C and user B consult to obtain is N.At user A, send in the call voice process of user B, user C intercepts the call voice A that user A sends to user B, after use call key M deciphers call voice A, obtains expressly A, re-uses after call key N is encrypted plaintext A and sends to user B.Because can utilizing call key N to send ciphertext to user C, user B is decrypted, thereby user B can get the voice of user A, in like manner, at user B, send in the call voice process of user A, user C intercepts the call voice B that user B sends to user A, after using call key N to call voice B deciphering, obtain expressly B, re-use after call key M is encrypted plaintext B and send to user A.Because user A can utilize call key M to send ciphertext to user C, be decrypted, thereby user A can get the voice of user B.Because user A and user B all can get the voice of call opposite end, therefore, between user A and user B, can carry out voice call, but in fact the Correspondent Node user of user A and user B is user C, namely this call voice of user A and user B is monitored by user C.

Corresponding, when the method that adopts the present embodiment to provide is carried out voice call, if there is the monitoring of user C, the call key M that the safety means utilization of user A and the user C of Correspondent Node consult so, obtain an authorization code m, and read aloud authorization code m by user A, obtain audio files m, in audio files m, include the content of sound and the authorization code m of user A, after user C deciphers audio files m, utilize call key N to be encrypted and to issue user B audio files m, when user B hears after audio files m, hear it is the sound of user A, the source of clear and definite audio files m is user A, but the safety means of user B also can utilize the call password N consulting with the user C of Correspondent Node to obtain an authorization code n, the authorization code m that the audio files m that user B comparison is heard carries and the local authorization code n generating, find that authorization code m is not identical with authorization code n, can learn in this call exists the 3rd people to monitor.

Certainly, user C cracks and obtains audio files m, audio files is replaced to the audio files that comprises authorization code n (authorization code being generated by call key N), but because audio files is not to be read aloud by user A, the sound characteristic that does not comprise user A, audio files is called to audio files m ', and audio files m ' comprises the content of authorization code n and from the sound characteristic that is not user A; User B is after the audio files m ' hearing, can find that the middle authorization code of audio files m ' is exported with the safety means of oneself consistent, but the sound characteristic in audio files m ' is not the sound characteristic of user A, so user B just can determine that this exists the 3rd people to monitor in conversing.

This shows, audio files comprises the content of sound characteristic and the authorization code of reading aloud authorization code, makes user to judge in communication process whether have the 3rd people to monitor according to these two information, has guaranteed the safety of call.

The mode of key agreement based on ZRTP being obtained to call key and authorization code is below described further, and idiographic flow is as follows:

One, the generation of call key:

F1: the first safety means send Hello message to the second safety means, Hello message comprises user's the session identification ID1 of version number, key agreement type, key algorithm and the first call terminal of the ZRTP that the first safety means use; Wherein the key agreement type of ZRTP agreement comprises pre-shared model, media stream pattern and Diffie-Hellman (DH) pattern;

F2: the second safety means send the response message of Hello message to the first safety means;

F3: the second safety means send Hello message to the first safety means, Hello message comprises user's the session identification ID2 of version number, key agreement type, key algorithm and the second call terminal of the ZRTP that the second safety means use; Wherein the key agreement type of ZRTP agreement comprises pre-shared model, media stream pattern and Diffie-Hellman (DH) pattern;

F4: the first safety means send the response message of Hello message to the second safety means;

F5: the second safety means, after receiving the response message of Hello message, send to the first safety means key agreement type and the key algorithm that both sides support, this key agreement type of sentencing selection is that DH pattern is example;

F6, the first safety means send local the first function information generating to the second safety means, and wherein the first function information is a power function, and wherein power function can be g^x, x=svr mod p wherein, wherein svr represents respondent's secret value, and mod is for rounding algorithm, and p is integer;

F7, the second safety means send local the second function information generating to the first safety means, and wherein the second function information is also a power function, and wherein power function can be g^y, y=svi mod p wherein, wherein svi represents promoter's secret value, and mod is for rounding algorithm, and p is integer;

Wherein, g^x is the first negotiation information mentioned above, and g^y is the second negotiation information mentioned above.

And in this example, the first safety chip, according to g^x and g^y, can obtain the first call key g^xy; , the second safety chip, according to g^x and g^y, can obtain the second call key g^xy.

F8, the first safety means send the first verification message to the second safety means, and the first check information is to obtaining after following information checking, comprising: whether this locality discloses the first call key, local the first call key etc. of whether destroying after call; The key that wherein verification is used obtains according to the first call key, specifically, the first call key g^xy, session identification ID1, session identification ID2 and a string character string are processed, obtained a key S0, wherein character string is one section of open character string for representation function; Key derivation algorithm in recycling ZRTP agreement is processed key S0, obtains the key calculating for verification; Wherein, key derivation algorithm can be hmac algorithm;

F9, the second safety means are after complete to the first verification message verification, to the first safety means, send the second verification message, the second verification message is to obtaining after following information checking, comprising: whether this locality discloses the second call key, local the second call key etc. of whether destroying after call; The key that wherein verification is used obtains according to the second call key, specifically, the second call key g^xy, session identification ID1, session identification ID2 and a string character string are processed, obtained a key S0, wherein character string is one section of open character string for representation function; Key derivation algorithm in recycling ZRTP agreement is processed key S0, obtains the key calculating for verification; Wherein, key derivation algorithm can be hmac algorithm;

F10, the first safety means, after the second verification message verification is completed, send acknowledge message to the second safety means, have completed key agreement.

Two: the producing method of authorization code:

This sentences the first safety means, and to generate the first authorization code be that example describes:

After obtaining key S0, utilize key derivation algorithm to process S0, obtain one section of character string M;

From character string M, get front 32 bits and obtain a string character string m;

To the character string m processing of encoding, character string m is encoded into visual character, using visual character as the first authorization code.

At the first safety chip, start and to utilize after the first call key carries out encryption and decryption operation to the user's of the first call terminal voice call, the first safety means receive the authentication triggering command to the user of the second call terminal, to trigger the authentication to the user of the second call terminal, wherein to the user's of the second call terminal authentication triggering command, can there be following two kinds of obtain manners, comprise:

The first safety means receive the authentication triggering command to the user of the second call terminal that on the first safety means, button sends; Or,

The first call terminal receives the authentication triggering command to the user of the second call terminal that on the first call terminal, button sends, and sending to the first safety means by the first communications reception, the first safety means receive the authentication triggering command to the user of the second call terminal.

Wherein, the user of the first call terminal can be by pressing button on the first safety means to produce the authentication triggering command to the user of the second call terminal, or, by pressing button on the first call terminal to produce the authentication triggering command to the user of the second call terminal.

Wherein, by pressing button on the first safety means to produce the authentication triggering command to the user of the second call terminal, can reduce to the user's of the second call terminal authentication triggering command by malware attacks on the first call terminal may, guaranteed the safety of voice call; By pressing button on the first call terminal to produce the authentication triggering command to the user of the second call terminal, without the first safety means being carried out to the change of software or hardware, realize simple.

In like manner, at the second safety chip, start and to utilize after the second call key carries out encryption and decryption operation to the user's of the second call terminal voice call, the second safety means receive the authentication triggering command to the user of the first call terminal, to trigger the authentication to the user of the first call terminal, wherein to the user's of the first call terminal authentication triggering command, can there be following two kinds of obtain manners, comprise:

The second safety means receive the authentication triggering command to the user of the first call terminal that on the second safety means, button sends; Or,

The second call terminal receives the authentication triggering command to the user of the first call terminal that on the second call terminal, button sends, and receive and send to the second safety means by second communication, the second safety means receive the authentication triggering command to the user of the first call terminal.

Wherein, the user of the second call terminal can be by pressing button on the second safety means to produce the authentication triggering command to the user of the first call terminal, or, by pressing button on the second call terminal to produce the authentication triggering command to the user of the first call terminal.

Wherein, by pressing button on the second safety means to produce the authentication triggering command to the user of the first call terminal, can reduce to the user's of the first call terminal authentication triggering command by malware attacks on the second call terminal may, guaranteed the safety of voice call; By pressing button on the second call terminal to produce the authentication triggering command to the user of the first call terminal, without the second safety means being carried out to the change of software or hardware, realize simple.

Second safety means of take describe the beneficial effect of method of the present invention as example:

In voice encryption communication process, the second safety means are by playing the first data decryption from the first call terminal, prompting is confirmed the first data decryption playing out according to the second authorization code, the confirmation of realization to the identity information of the first call terminal, whether someone monitors to make user determine this call, improved and in voice call, identified the success rate that the 3rd people monitors, thereby reduce the monitored possibility of voice call, and when user determines that this voice call exists the 3rd people to monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of transfer of data in voice call.

In like manner the first safety means also have identical beneficial effect, repeat no more herein.

In flow chart or any process of otherwise describing at this or method describe and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of the step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in memory and by software or the firmware of suitable instruction execution system execution.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: have for data-signal being realized to the discrete logic of the logic gates of logic function, the application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, this program, when carrying out, comprises step of embodiment of the method one or a combination set of.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module usings that the form of software function module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium.

The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.

In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or feature can be with suitable mode combinations in any one or more embodiment or example.

Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.

Claims

1. a data processing method in voice call, is characterized in that, described method comprises:

The first safety chip of the first safety means generates the first negotiation information, and send described the first negotiation information to the first call terminal by the first communication interface of described the first safety means, described the first safety means are connected with described the first call terminal, and are independent of described the first call terminal; And, the second safety chip of the second safety means generates the second negotiation information, and send described the second negotiation information to described the second call terminal by the second communication interface of described the second safety means, described the second safety means are connected with described the second call terminal, and are independent of described the second call terminal;

Described the first safety chip receives by described the first communication interface described the second negotiation information that described the first call terminal sends; And described the second safety chip receives by described second communication interface described the first negotiation information that described the second call terminal sends;

Described the first safety chip calculates described the first negotiation information and described the second negotiation information, obtains the first call key, and described the first call key is for carrying out encryption and decryption operation to the user's of described the first call terminal voice call; And described the second safety chip calculates described the first negotiation information and described the second negotiation information, obtains the second call key, described the second call key is for carrying out encryption and decryption operation to the user's of described the second call terminal voice call;

Described the first safety means are exported the first authorization code, and wherein said the first authorization code generates according to described the first call key, and prompting is read aloud described the first authorization code; Described the first safety means obtain the read aloud result of the user of described the first call terminal to described the first authorization code, obtain the first acoustic information; Described the first safety chip utilizes described the first call key to be encrypted described the first acoustic information, obtains the first enciphered data, and sends described the first enciphered data by described the first communication interface; After obtaining the first confirmation instruction, described the first safety chip startup utilizes described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call;

Described the second safety chip is exported the second authorization code, and wherein said the second authorization code generates according to described the second call key; And described the second safety chip is receiving after described the first enciphered data by described second communication interface, utilize described the second call key to be decrypted described the first enciphered data, obtain the first data decryption; Described the second safety means are play described the first data decryption;

Described the second safety means are after described the second authorization code of output and described the first data decryption of broadcasting, and prompting is confirmed described the first data decryption playing out according to described the second authorization code;

Described the second safety chip, after obtaining the second confirmation instruction, starts and utilizes described the second call key to carry out encryption and decryption operation to the user's of described the second call terminal voice call.

2. a data processing method in voice call, is characterized in that, described method comprises:

Described the first safety means are exported the first authorization code, prompting is read aloud described the first authorization code, and obtain the read aloud result of the user of described the first call terminal to described the first authorization code, obtain the first acoustic information, wherein said the first authorization code is that described the first safety chip generates according to described the first call key; Utilize described the first call key to be encrypted described the first acoustic information, obtain the first enciphered data, and send described the first enciphered data by described the first communication interface; After obtaining the first confirmation instruction, described the first safety chip startup utilizes described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call;

After obtaining described the second call key, described the second safety chip startup utilizes described the second call key to carry out encryption and decryption operation to the user's of described the second call terminal voice call;

Wherein, at described the second safety chip, start and to utilize after described the second call key carries out encryption and decryption operation to the user's of described the second call terminal voice call, described method also comprises:

Described the second safety means receive the authentication triggering command to the user of described the first call terminal;

Described the second safety means receive described to the user's of described the first call terminal authentication triggering command after, output the second authorization code, to be described the second safety chip generate according to described the second call key wherein said the second authorization code; And described the second safety chip is receiving after the first enciphered data by described second communication interface, utilize described the second call key to be decrypted described the first enciphered data, obtain the first data decryption; Described the second safety means are play described the first data decryption;

After described the second authorization code of output and described the first data decryption of broadcasting, described the second safety means prompting is confirmed described the first data decryption playing out according to described the second authorization code;

Described the second safety chip, after obtaining the second confirmation instruction, utilizes described the second call key to proceed encryption and decryption operation to the user's of described the second call terminal voice call.

3. method according to claim 1 and 2, is characterized in that,

Described the second safety means prompting is confirmed described the first data decryption playing out according to described the second authorization code, comprising:

Described the second safety means prompting confirms with whether described the second authorization code is consistent the authorization code in described the first data decryption, and in described the first data decryption, reads aloud the sound characteristic of authorization code and whether the user's of described the first call terminal sound characteristic is consistent confirms;

Wherein, described second confirms that instruction is consistent with described the second authorization code for confirming the authorization code in described the first data decryption, and the sound characteristic instruction consistent with the user's of described the first call terminal sound characteristic of reading aloud authorization code in described the first data decryption.

4. according to the method described in claims 1 to 3 any one, it is characterized in that, described after obtaining the first confirmation instruction, described the first safety chip startup utilizes described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call, comprising:

Described the first safety chip is after the second confirmation instruction that receives described the second call terminal transmission, according to described second, confirm instruction, obtain described first and confirm instruction, start and utilize described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call.

5. according to the method described in claims 1 to 3 any one, it is characterized in that, described after obtaining the first confirmation instruction, described the first safety chip startup utilizes described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call, comprising:

Described the first safety chip is receiving after the second enciphered data by described the first communication interface, utilizes described the first call key to be decrypted described the second enciphered data, obtains described the second data decryption; Described the first safety means are play described the second data decryption, and prompting is confirmed described the second data decryption playing out according to described the first authorization code; Described the first safety chip obtains the first confirmation instruction, and startup utilizes described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call; Wherein said the second enciphered data obtains in the following way: described the second safety means are after described the second authorization code of output, and prompting is read aloud described the second authorization code; Described the second safety chip obtains the read aloud result of the user of described the second call terminal to described the second authorization code, obtains the second acoustic information; Described the second safety chip utilizes described the second call key to be encrypted described the second acoustic information, obtains described the second enciphered data, and sends described the second enciphered data by described second communication interface.

6. method according to claim 5, is characterized in that,

Described the first safety means prompting is confirmed described the second data decryption playing out according to described the first authorization code, comprising:

Described the first safety means prompting confirms with whether described the first authorization code is consistent the authorization code in described the second data decryption, and in described the second data decryption, reads aloud the sound characteristic of authorization code and whether the user's of described the second call terminal sound characteristic is consistent confirms;

Wherein, described first confirms that instruction is consistent with described the first authorization code for confirming the authorization code in described the second data decryption, and the sound characteristic instruction consistent with the user's of described the second call terminal sound characteristic of reading aloud authorization code in described the second data decryption.

7. a data processing method in voice call, is characterized in that, described method comprises:

After obtaining described the first call key, described the first safety chip startup utilizes described the first call key to carry out encryption and decryption operation to the user's of described the first call terminal voice call;

Wherein, at described the first safety chip, start and to utilize after described the first call key carries out encryption and decryption operation to the user's of described the first call terminal voice call, described method also comprises:

Described the first safety means receive the authentication triggering command to the user of described the second call terminal; Described the first safety means receive described to the user's of described the second call terminal authentication triggering command after, output the first authorization code, prompting described the first authorization code is read aloud; Described the first safety chip obtains the read aloud result of the user of the first call terminal to described the first authorization code, obtains the first acoustic information, and wherein said the first authorization code is that described the first safety chip generates according to described the first call key; Described the first safety chip utilizes described the first call key to be encrypted described the first acoustic information, obtains the first enciphered data, and sends described the first enciphered data by described the first communication interface; After obtaining the first confirmation instruction, described the first safety chip utilizes described the first call key to proceed encryption and decryption operation to the user's of described the first call terminal voice call;

8. a data processing method in voice call, is characterized in that, described method comprises:

Described the second safety means receive the authentication triggering command to the user of described the first call terminal; Described the second safety means receive described to the user's of described the first call terminal authentication triggering command after, output the second authorization code, to be described the second safety chip generate according to described the second call key wherein said the second authorization code; And described the second safety chip is receiving after described the first enciphered data by described second communication interface, utilize described the second call key to be decrypted described the first enciphered data, obtain the first data decryption; Described the second safety means are play described the first data decryption; Described the second safety means are after described the second authorization code of output and described the first data decryption of broadcasting, and prompting is confirmed described the first data decryption playing out according to described the second authorization code; Described the second safety chip, after obtaining the second confirmation instruction, utilizes described the second call key to proceed encryption and decryption operation to the user's of described the second call terminal voice call.

9. according to the method described in claim 7 or 8, it is characterized in that,

Wherein, described second confirms that instruction is consistent with described the second authorization code for confirming the authorization code in described the first data decryption, and the sound characteristic instruction consistent with the user's of the first call terminal sound characteristic of reading aloud authorization code in the first data decryption.

10. according to the method described in claim 7 to 9 any one, it is characterized in that, described after obtaining the first confirmation instruction, described the first safety chip utilizes described the first call key to proceed encryption and decryption operation to the user's of described the first call terminal voice call, comprising:

Described the first safety chip is after the second confirmation instruction that receives described the second call terminal transmission, according to described second, confirm instruction, obtain described first and confirm instruction, described the first safety chip utilizes described the first call key to proceed encryption and decryption operation to the user's of described the first call terminal voice call.

11. according to the method described in claim 7 to 9 any one, it is characterized in that, described after obtaining the first confirmation instruction, described the first safety chip utilizes described the first call key to proceed encryption and decryption operation to the user's of described the first call terminal voice call, comprising:

Described the first safety chip is receiving after the second enciphered data by described the first communication interface, utilizes described the first call key to be decrypted described the second enciphered data, obtains described the second data decryption; Described the first safety means are play described the second data decryption, and prompting is confirmed described the second data decryption playing out according to described the first authorization code; Described the first safety chip obtains the first confirmation instruction, and utilizes described the first call key to proceed encryption and decryption operation to the user's of described the first call terminal voice call; Wherein said the second enciphered data obtains in the following way: described the second safety chip is after described the second authorization code of output, and prompting is read aloud described the second authorization code; Described the second safety chip obtains the read aloud result of the user of described the second call terminal to described the second authorization code, obtains the second acoustic information; Described the second safety chip utilizes described the second call key to be encrypted described the second acoustic information, obtains described the second enciphered data, and sends described the second enciphered data by described second communication interface.

12. methods according to claim 11, is characterized in that,

13. according to the method described in claim 1 to 12 any one, it is characterized in that, described the first safety means are exported the first authorization code, comprising:

A, described the first safety means convert the first authorization code to acoustic information, obtain the acoustic information of described the first authorization code, and play the acoustic information of described the first authorization code; Or,

B, described the first safety means show the first authorization code.

14. according to the method described in claim 1 to 13 any one, it is characterized in that, described the second safety means are exported the second authorization code, comprising:

A, described the second safety means, by the acoustic information that converts to of the second authorization code, obtain the acoustic information of described the second authorization code, and play the acoustic information of described the second authorization code; Or,

B, described the second safety means show the second authorization code.

15. according to the method described in claim 1 to 14 any one, it is characterized in that, described method also comprises:

If the voice call that described the first safety chip detects the user of described the first call terminal finishes, described the first safety chip is deleted described the first call key; And/or,

If the voice call that described the second safety chip detects the user of described the second call terminal finishes, described the second safety chip is deleted described the second call key.

16. according to the method described in claim 1 to 15 any one, it is characterized in that, described the first safety chip obtains the read aloud result of the user of described the first call terminal to described the first authorization code, obtains the first acoustic information and comprises:

The read aloud result of the user of described the first call terminal of voice collecting unit collection that A, described the first safety chip obtain described the first safety means to described the first authorization code, obtains the first acoustic information; Or,

The read aloud result of B, described the first safety chip receive described the first call terminal collection user of described the first call terminal by described the first communication interface to described the first authorization code, obtains the first acoustic information.

17. according to the method described in claim 1 to 16 any one, it is characterized in that, described the second safety chip obtains the read aloud result of the user of described the second call terminal to described the second authorization code, obtains the second acoustic information and comprises:

The read aloud result of the user of described the second call terminal of voice collecting unit collection that A, described the second safety chip obtain described the second safety means to described the second authorization code, obtains the second acoustic information; Or,

The read aloud result of B, described the second safety chip receive described the second call terminal collection user of described the second call terminal by described second communication interface to described the second authorization code, obtains the second acoustic information.

18. according to the method described in claim 1 to 17 any one, it is characterized in that, the length of described the first authorization code is less than the length of described the first call key, and/or the length of described the second authorization code is less than the length of described the second call key.

19. according to the method described in claim 1 to 18 any one, it is characterized in that, described the first authorization code is for the first call key described in unique identification, and/or described the second authorization code is for the second call key described in unique identification.