CN104066081B - A kind of data handling system of voice call - Google Patents
A kind of data handling system of voice call Download PDFInfo
- Publication number
- CN104066081B CN104066081B CN201410247006.9A CN201410247006A CN104066081B CN 104066081 B CN104066081 B CN 104066081B CN 201410247006 A CN201410247006 A CN 201410247006A CN 104066081 B CN104066081 B CN 104066081B
- Authority
- CN
- China
- Prior art keywords
- safety means
- digital certificate
- safety
- call
- call terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides a kind of data handling system of voice call, and the system includes the first safety means and the first call terminal, and the first safety means are independently of the first call terminal, and the first safety means are connected with the first call terminal;The system specifically includes:First safety chip, the digital certificate of the second safety means is verified for obtaining the digital certificate of the second safety means, and using the root certificate in the first safety means;Wherein, the second safety means are the safety means for the second call terminal that voice call is carried out with the first call terminal;First output module, for by rear, exporting the identification information of the digital certificate of the second safety means in the digital certificate for verifying the second safety means;First reminding module, for prompting to confirm the identification information of the digital certificate of the second safety means.
Description
Technical field
The present invention relates to electronic technology field, more particularly to a kind of data handling system of voice call.
Background technology
In the prior art, there is monitored possibility in the voice call between user, therefore current voice call is present
Security risk.It is the call key by the TF card memory storage on mobile phone by the way of in the prior art for security risk
To voice encryption, the protection to voice call is realized.It is but black in actual applications, if call terminal is mounted with Malware
Visitor can steal the call key in TF card by Malware, and then crack the voice messaging after encryption, cause call terminal
Speech data leakage risk, therefore how safety progresss voice encryption operate be technical problem urgently to be resolved hurrily;In addition,
Monitored possibility in voice call in the prior art be present, therefore it is equally urgently to solve to reduce the monitored possibility of voice call
Technical problem certainly.
The content of the invention
The present invention provides a kind of data handling system of voice call, main purpose be to solve above-mentioned technical problem it
One.
The present invention provides a kind of data handling system of voice call, and the system includes the first safety means and the first call
Terminal, the first safety means are independently of the first call terminal, and the first safety means pass through the first communication interface and the first call
Terminal is connected;The system specifically includes:First safety chip, the first safety chip is located in the first safety means, for obtaining
The digital certificate of second safety means, and the digital certificate using the root certificate in the first safety means to the second safety means
Verified;Wherein, the second safety means are that the safety for the second call terminal for carrying out voice call with the first call terminal is set
It is standby;First output module, the first output module are located in the first safety means, or in the first call terminal, for testing
The digital certificate of the second safety means is demonstrate,proved by rear, the identification information of the digital certificate of the second safety means of output;First prompting
Module, the first reminding module are located in the first safety means, or in the first call terminal, for prompting to set the second safety
The identification information of standby digital certificate is confirmed.
In addition, the first reminding module, specifically for prompting to the identification information of the digital certificate of the second safety means and the
Whether the identity of the user of two call terminals is unanimously confirmed.
In addition, the first safety chip, the number specifically for obtaining the second safety means from the digital certificate prestored
Word certificate;Or the digital certificate for the second safety means that the first call terminal is sent is received by the first communication interface.
In addition, the first output module, specifically for the identification information of the digital certificate of the second safety means is converted into sound
Message ceases, and obtains the acoustic information of the identification information of the digital certificate of the second safety means, and play the number of the second safety means
The acoustic information of the identification information of word certificate;Or the identification information of the digital certificate of the second safety means of display.
System embodiment provided by the invention, the first safety chip are verified the digital certificate of the second safety means, verified
By rear, the first output module exports the identification information of the digital certificate of the second safety means, and the prompting of the first reminding module is to the
The identification information of the digital certificate of two safety means confirmed, realizes the holder's of digital certificate to the second safety means
Identification so that the user of the first call terminal can determine this call, and whether someone monitors, and improves in voice call and identifies
The success rate that the third party monitors, so as to reduce the monitored possibility of voice call, and determine that this voice call is present in user
When the third party monitors, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve data in voice call
The safety of transmission.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is a kind of schematic diagram of the data handling system for the voice call that the embodiment of the present invention one provides;
Fig. 2 is another schematic diagram of the data handling system for the voice call that the embodiment of the present invention one provides;
Fig. 3 is the schematic diagram of the data handling system for the voice call that the embodiment of the present invention two provides.
Embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Based on this
The embodiment of invention, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to protection scope of the present invention.
Embodiment one
The data handling system for the voice call that the embodiment of the present invention one provides, the system include the first safety means and the
One call terminal, the first safety means are independently of the first call terminal, and the first safety means pass through the first communication interface and the
One call terminal is connected;The system specifically includes:
First safety chip, the first safety chip are located in the first safety means, for obtaining the number of the second safety means
Word certificate, and the digital certificate of the second safety means is verified using the root certificate in the first safety means;Wherein,
Two safety means are the safety means for the second call terminal that voice call is carried out with the first call terminal;
First output module, the first output module is located in the first safety means, or in the first call terminal, is used for
In the digital certificate for verifying the second safety means by rear, the identification information of the digital certificate of the second safety means is exported;
First reminding module, the first reminding module is located in the first safety means, or in the first call terminal, is used for
Prompt to confirm the identification information of the digital certificate of the second safety means.
Wherein, the first reminding module, specifically for prompting to the identification information of the digital certificates of the second safety means and the
Whether the identity of the user of two call terminals is unanimously confirmed.
Technical characteristic in the system in embodiment one is described further below:
First, the first safety means and the first call terminal are illustrated:
First safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, it is integrated in
In wearable device.Certainly, the first safety means can also be had intelligent cipher key equipment USB Key of USB interface, support sound
What the intelligent cipher key equipment of frequency interface, the intelligent cipher key equipment with function of Bluetooth communication etc. can be communicated with call terminal
Intelligent cipher key equipment, or, it is integrated in the intelligent cipher key equipment that can be communicated with call terminal;I.e. relative to the first call
Terminal, the first safety means are autonomous devices, and are not integrated on the first call terminal.
First communication interface can be wireless connection interface or wired connection interface.If the first communication interface
For wireless connection interface, then wireless communication module is built-in with the first safety means, can be Wi-Fi module, Wi-Fi
Direct modules, NFC module, bluetooth module or infrared module, such as the first safety means are bluetooth earphone;If first is logical
Letter interface is wired connection interface, then the first safety means can have data line, and the interface of data line can be sound
Frequency interface or USB interface, such as the first safety means are line control earphone.Certainly, the first safety means can also have nothing simultaneously
Line connects and two kinds of functions of wired connection, i.e. the first safety means are built-in with wireless communication module, and is externally connected to data biography
Defeated line.
If being built-in with wireless communication module in the first safety means, the first safety means can by wireless connection with
First call terminal is connected;If the first communication interface is wired connection interface, the first safety means can pass through wired company
Connect and be connected with the first call terminal.
Wherein, the first call terminal is the terminal with voice call ability, can be traditional verbal system, such as fixed
Phone and cell phone or the terminal with function of network phone, such as PC, notebook computer and tablet personal computer.
2nd, the function of realizing the digital certificate for obtaining the second safety means to the first safety chip illustrates:
First safety chip, demonstrate,proved specifically for the numeral that the second safety means are obtained from the digital certificate prestored
Book;
Wherein, the first safety chip can prestore the digital certificate of one or more safety means, can be according to this
Second safety means are identified to search the digital certificate of the second safety means;And because digital certificate is to be stored in advance in first
In safety chip, do not obtained directly from outside, reduce the possibility that digital certificate is tampered.
Or first safety chip, second for receiving the first call terminal specifically for passing through the first communication interface and sending
The digital certificate of safety means.
Wherein, the first safety chip receives the second safety means of the first call terminal transmission by the first communication interface
Digital certificate, there can be following manner realization, including:
B1, the first call terminal obtain the digital certificate of second safety means from digital certificate center, and will get
The digital certificate of second safety means is sent to the first safety chip by the first communication interface;
B2, the second safety means send the digital certificate of the second safety means, the second call terminal to the second call terminal
The digital certificate of the second safety means is sent to the first call terminal, the first call terminal is receiving second safety means
After digital certificate, then the digital certificate of the second safety means sent to the first safety chip by the first communication interface.
Wherein in mode B2, the second safety means send the digital certificate of the second safety means to the second call terminal
Trigger condition can be that the second safety means are actively initiated or the second safety means are receiving the first safety means
Initiated after the certificate acquisition request of transmission.
Wherein, mode B1 and B2 two ways can get the digital certificate of the second safety means, but comparatively speaking, side
The first call terminal is the digital certificate that the second safety means are obtained from digital certificate center in formula B1, due to digital certificate source
Reliably, and monitor call attacker change the digital certificate possibility it is relatively low, reduce the possibility that digital certificate is tampered,
Ensure the first call terminal from the safety of the outside digital certificate for obtaining the second safety means.
3rd, the function of the first output module and the first reminding module is illustrated:
First output module, specifically for the identification information of the digital certificate of the second safety means is converted into sound letter
Breath, the acoustic information of the identification information of the digital certificate of the second safety means is obtained, and play the numeral card of the second safety means
The acoustic information of the identification information of book;Or the identification information of the digital certificate of the second safety means of display.
Wherein, the first output module can be the module for having playing function, for example, loudspeaker or loudspeaker;Second safety
The acoustic information of the identification information of the digital certificate of equipment can be entered by the module with playing function of the first safety means
Row plays, such as the module with playing function can be loudspeaker or loudspeaker;Can also having by the first call terminal
The module of playing function plays out.
Certainly, the first output module can also be the module with display function, such as display screen;Second safety means
The identification information of digital certificate can be shown by the module with display function of the first safety means, such as with aobvious
The module for showing function can be display screen;It can also be shown by the module with display function of the first call terminal.
The first output module on the first call terminal that compares exports the mark letter of the digital certificate of the second safety means
The mode of breath, the first output module exports the side of the identification information of the digital certificate of the second safety means on the first safety means
Formula, it is possible to reduce the possibility of malware attacks on the first call terminal, improve the safety of data transfer.
First reminding module can be the module for having playing function, for example, loudspeaker or loudspeaker;It can also be with aobvious
Show the module of function, such as display screen.First reminding module can pass through the mould with playing function on the first safety means
Block play cuing information, can also be by the module display reminding information with display function on the first safety means, with reality
Now prompt the function of being confirmed to the identification information of the digital certificate of the second safety means.It is furthermore it is also possible to logical by first
The module play cuing information with playing function on telephone terminal, or the mould with display function on the first call terminal
Block display reminding information, to realize the function of prompting to be confirmed to the identification information of the digital certificate of the second safety means.
Compare mark of the first reminding module prompting to the digital certificate of the second safety means on the first call terminal
The mode that information is confirmed, the first reminding module is prompted to the digital certificate of the second safety means on the first safety means
The mode that identification information is confirmed, it is possible to reduce the possibility of malware attacks on the first call terminal, improve data biography
Defeated safety.
Wherein, the information that the prompting of the first reminding module is confirmed to the identification information of the digital certificate of the second safety means
With the first output module output the second safety means digital certificate identification information can together with export, for example, output " please
Confirm the identification information XXX " of the digital certificate of the second safety means, wherein, XXX represents the digital certificate of the second safety means
The content of identification information.Wherein the way of output can use broadcast mode or display mode.
Certainly, the information that the prompting of the first reminding module is confirmed to the identification information of the digital certificate of the second safety means
Output can also be separated with the identification information of the digital certificate of the second safety means of the first output module output, for example, first defeated
Go out the information of " identification information of the digital certificate of the safety means of PLSCONFM second ", then export " the numeral card of the second safety means
The identification information of book is XXX " information, or, " identification information of the digital certificate of the second safety means is XXX's " for first output
Information, then export the information of " identification information of the digital certificate of the safety means of PLSCONFM second ".Wherein above-mentioned two information
The way of output can be exported using broadcast mode or display mode, wherein the way of output of above-mentioned two information can with identical,
Can also be different.
As seen from the above, the first reminding module and the first output module can be same modules physically, can also
It is two independent modules, and when the first reminding module and the first output module are two independent modules, can be respectively positioned on
In first safety means, or in the first call terminal;Can also one of them be located in the first safety means, another is located at
In first call terminal.
4th, the identification information of the digital certificate of the second safety means is illustrated:
Wherein, the identification information of the digital certificate of the second safety means is the digital certificate holder's of the second safety means
It is at least one in name information, contact method and identity information;Wherein, name information can be name, user name, pseudonym etc.,
Contact method can be with phone number, E-mail address, and identity information is ID card No., employee's card number, passport No..
5th, the numeral for utilizing the root certificate in the first safety means to verify the second safety means is realized to the first safety chip
The function of certificate illustrates:
Root certificate is the certificate that ca authentication center is issued to oneself, is the starting point of trust chain.The numeral card of safety means
Book is issued by the ca authentication center, then the root certificate at the ca authentication center is stored with safety means.For example, the first peace
The digital certificate of full equipment and the second safety means is all issued by the ca authentication center, then the first safety means and the second peace
The root certificate at the ca authentication center is stored with full equipment.
The root certificate at ca authentication center is used to be that the digital certificate that safety means are issued is authenticated to the ca authentication center,
To judge whether a certain digital certificate is the legal certificate issued by the ca authentication center;For example, obtained in the first safety chip
During the digital certificate of the second safety means, the digital certificate using the root certificate that the ca authentication center is issued to the second safety means
Verified, if the verification passes, then it represents that the digital certificate of the second safety means is the legal card that the ca authentication center is issued
Book;Otherwise, the digital certificate for representing the second safety means is not the legal certificate that the ca authentication center is issued.
The digital certificate that CA is issued comprises at least three parts information, the respectively information of user, the public key of user and CA
Signature of the authentication center to the information inside the digital certificate.By verifying that ca authentication center is to the digital certificate in digital certificate
The signature of the information of the inside, it is possible to achieve the checking to the true and false of digital certificate.The ca authentication center pair in digital certificate is verified
, it is necessary to complete to verify using the public key at ca authentication center during the signature of the information inside the digital certificate, and the public key at CA centers
It is stored in the root certificate at ca authentication center, therefore, needs to prestore root certificate in safety means, to realize the ca authentication
Center is that the digital certificate that safety means are issued is authenticated.
For example, whether the first safety chip is legal for the digital certificate of the second safety means of checking in embodiment one, need
Prestore the root certificate that promising first safety means and the second safety means issue the ca authentication center of digital certificate.
In addition, the embodiment of the present invention one describes verifies that the digital certificate of the second safety means passes through in the first safety chip
And handling process when the first confirmation instructs is obtained, certainly, the processing mode of following scene is also provided in the embodiment of the present invention one:
If the first safety chip verifies the digital certificate of the second safety means not by the way that the output of the first output module is tested
Unsanctioned prompt message is demonstrate,proved, can be on the first call terminal or the first safety means so as to the user of the first call terminal
Terminate this voice call;
After the prompting of the first reminding module confirms to the identification information of the digital certificate of the second safety means, if the
When the identity of the user of the identification information of the digital certificate of two safety means and the second call terminal is inconsistent, then the first call is whole
End or the first safety means receive the instruction for terminating this voice call.
System provided in an embodiment of the present invention, the first safety chip are verified the digital certificate of the second safety means, verified
By rear, the first output module exports the identification information of the digital certificate of the second safety means, and the prompting of the first reminding module is to the
The identification information of the digital certificate of two safety means confirmed, realizes the holder's of digital certificate to the second safety means
Identification so that the user of the first call terminal can determine this call, and whether someone monitors, and improves in voice call and identifies
The success rate that the third party monitors, so as to reduce the monitored possibility of voice call, and determine that this voice call is present in user
When the third party monitors, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve data in voice call
The safety of transmission.
System in embodiment one comprises at least following module:First safety chip, the first output module and the first prompting
Module.Wherein the first output module can be with play or display function module, the first reminding module can also be with
Broadcasting or the module of display function.
In actual applications, the system of embodiment one can have following four kinds of structures, be described as follows:
System in S1, embodiment one includes the first safety means and the first call terminal, and the first safety means include the
One safety chip and the module with playing function;If the first output module and the first reminding module are come using playing function
Respective function is realized, then the first output module and the first reminding module can use having in the first safety means to play
The module of function realizes respective function, can also one of mould with playing function using in first safety means
Block realizes that another is realized using the module with playing function in the first call terminal;
System in S2, embodiment one includes the first safety means and the first call terminal, and the first safety means include the
One safety chip and the module with display function;If the first output module and the first reminding module are come using display function
Respective function is realized, then the first output module and the first reminding module, which can be used in the first safety means, has display
The module of function realizes respective function, can also one of mould with display function using in first safety means
Block realizes that another is realized using the module with display function in the first call terminal;
System in S3, embodiment one includes the first safety means and the first call terminal, and the first safety means include the
One safety chip, the module with playing function and the module with display function;Wherein the first output module and the first prompting
Module can realize respective function using the module with playing function in the first safety means;Or first is defeated
Go out module and the first reminding module can be respective to realize using the module with display function in the first safety means
Function, certainly, the first output module and the first reminding module can be broadcast with one of using having in the first safety means
The module of playing function realizes that another is realized using the module with display function in the first safety means;Certainly,
Can be played with the first output module and the first reminding module using having in first safety means with one of or
The module of display function realizes, another use having in the first call terminal play and the module of display function come it is real
It is existing;Herein, using the module with playing function in the first safety means as the first output module, the first safety means in aobvious
The module for showing function is that the first reminding module is to exemplify the system in embodiment one, and referring specifically to shown in Fig. 1, wherein Fig. 1 is
A kind of schematic diagram of the data handling system for the voice call that the embodiment of the present invention one provides;The system shown in Figure 1 when realizing,
Set because the function of the first output module and the first reminding module may each be in the first safety independently of the first call terminal
Standby upper realization, reduces the attack of Malware on the first call terminal, improves the security of data;
System in S4, embodiment one includes the first safety means and the first call terminal, and the first safety means include the
One safety chip;Wherein the first output module and the first reminding module can use having in the first call terminal to play work(
Can module realize respective function;Or first output module and the first reminding module can be using the first call eventually
The module with display function in end realizes respective function, and certainly, the first output module and the first reminding module may be used also
Realized with one of using the module with playing function in the first call terminal, another is whole using the first call
The module with display function in end is realized.Herein, there is the module of playing function as first in the first call terminal
The module with display function is that the first reminding module is to exemplify in embodiment one to be in output module, the first call terminal
System, referring specifically to shown in Fig. 2, wherein Fig. 2 is the another of the data handling system for the voice call that the embodiment of the present invention one provides
Kind schematic diagram.The system shown in Figure 2 when realizing can directly using the first call terminal display function module (for example,
Display screen) or module (for example, loudspeaker) with playing function, without to the first safety means and the first call terminal
Hardware makees any change, and hardware cost is relatively low, realizes simple.
Clearly to illustrate said system, a kind of complete interaction embodiment is provided below to the system in embodiment one
It is described further:
Embodiment two
Fig. 3 is the schematic diagram of the data handling system for the voice call that the embodiment of the present invention two provides.In the complete interaction
In embodiment, as shown in figure 3, the first safety means are connected by the first communication interface with the first call terminal, the first call is eventually
End is connected by communication network with the second call terminal, and the second call terminal passes through the second communication interface and the second safety means phase
Even.Wherein, the first safety chip is located in the first safety means, and the second safety chip is located in the second safety means.
System architecture with reference to shown in Fig. 3, the complete interactive embodiment is described as follows:
First safety chip, for obtaining the digital certificate of the second safety means, wherein the first safety chip is located at first
In safety means, the first safety means are independently of the first call terminal, and the first safety means pass through the first communication interface and the
One call terminal is connected, and the second safety means are that the safety for the second call terminal for carrying out voice call with the first call terminal is set
It is standby;
First safety chip, it is additionally operable to utilize digital certificate of the root certificate in the first safety means to the second safety means
Verified;
First output module, for verifying the digital certificates of the second safety means in the first safety chip by rear, output
The identification information of the digital certificate of second safety means, wherein the first output module is located in the first safety means, or positioned at
In one call terminal;
First reminding module, for prompting to confirm the identification information of the digital certificate of the second safety means, wherein
First reminding module is located in the first safety means, or in the first call terminal;
First safety chip, it is additionally operable to after the first confirmation instruction is obtained, starts and utilize the logical of the first safety chip generation
Talk about voice call of the key to the first call terminal and carry out encryption and decryption operation;
First safety chip, the public key encryption call key using the second safety means is additionally operable to, obtains key of conversing
Ciphertext, and signature processing at least is carried out to the ciphertext for key of conversing using the private key of the first safety means, obtain signed data;
First transport module, for the ciphertext for key of conversing and signed data to be sent to first by the first communication interface
Call terminal, wherein the first transport module is located in the first safety means;
Second transport module, the ciphertext of the call key sent for receiving the second call terminal by the second communication interface
And signed data, wherein the second transport module is located in the second safety means, the second safety means are independently of the second call terminal;
Second safety chip, for being verified using the public key of the first safety means to signed data, if checking label
Name data by, then using the second safety means private key to converse key ciphertext be decrypted, obtain converse key, wherein
Second safety chip is located in the second safety means;
Second safety chip, it is additionally operable to after the digital certificate that the second safety chip obtains the first safety means, utilizes the
Root certificate in two safety means is verified to the digital certificate of the first safety means;
Second output module, for verifying the digital certificates of the first safety means in the second safety chip by rear, output
The identification information of the digital certificate of first safety means, wherein the second output module is located in the second safety means, or positioned at
In two call terminals;
Second reminding module, for prompting to confirm the identification information of the digital certificate of the first safety means, wherein
Second reminding module is located in the second safety means, or in the second call terminal;
Second safety chip, be additionally operable to checking signed data by and after obtaining the second confirmation instruction, start using logical
Talk about voice call of the key to the second call terminal and carry out encryption and decryption operation.
Wherein, the first reminding module, specifically for prompting to the identification information of the digital certificates of the second safety means and the
Whether the identity of the user of two call terminals is unanimously confirmed;Wherein, first confirms instruction to confirm the second safety means
The instruction consistent with the identity of the user of the second call terminal of the identification information of digital certificate.
After the prompting of the first reminding module confirms to the identification information of the digital certificate of the second safety means, if with
Family confirms that the identification information of the digital certificate of the second safety means is consistent with the identity of the second call terminal, then user is in the first peace
Input first confirms instruction in full equipment or the first call terminal.
Wherein, the first safety chip obtains the first mode for confirming to instruct and included:First safety chip passes through the first communication
The first confirmation instruction that the call terminal of interface first is sent;Or first safety chip receive the first safety means on really
Recognize key transmission first confirms instruction.
First safety chip receives the first confirmation instruction that acknowledgement key on the first safety means is sent, it is possible to reduce first is logical
The attack of Malware on telephone terminal, it ensure that voice call safety.
Wherein, the second reminding module, specifically for prompting to the identification information of the digital certificates of the first safety means and the
Whether the identity of the user of one call terminal is unanimously confirmed;Wherein, second confirms instruction to confirm the first safety means
The instruction consistent with the identity of the user of the first call terminal of the identification information of digital certificate.
After the prompting of the second reminding module confirms to the identification information of the digital certificate of the first safety means, if with
Family confirms that the identification information of the digital certificate of the first safety means is consistent with the identity of the first call terminal, then user is in the second peace
Input second confirms instruction in full equipment or the second call terminal.
Wherein, the second safety chip obtains the second mode for confirming to instruct and included:Second safety chip passes through the second communication
The second confirmation instruction that the call terminal of interface second is sent;Or second safety chip receive the second safety means on really
Recognize key transmission second confirms instruction.
Second safety chip receives the second confirmation instruction that acknowledgement key on the second safety means is sent, it is possible to reduce second is logical
The attack of Malware on telephone terminal, it ensure that voice call safety.
Wherein, the ciphertext of key of conversing and signed data are in the following way from the first safety device transmissions to the second peace
Full equipment, including:
First call terminal receives the ciphertext and label for the call key that the first safety means are sent by the first communication interface
Name data, and by communication network send call key ciphertext and signed data to the second call terminal;Second call terminal
The ciphertext and signed data of call key are received from the first call terminal by communication network, and is sent by the second communication interface
Converse key ciphertext and signed data to the second safety means.
Wherein, if the first safety means are built-in with wireless communication module, the first transmission mould in the first safety means
Block realizes the wireless connection with the first call terminal by the first communication interface;If the first communication interface connects for wired connection
Mouthful, then the first transport module in the first safety means realizes wired company with the first call terminal by the first communication interface
Connect.
Wherein, the public key of the second safety means is obtained from the digital certificate of the second safety means;Wherein, the first peace
The public key of full equipment is obtained from the digital certificate of the first safety means.
The system to compare shown in Fig. 1 and Fig. 2, the system shown in Fig. 3 introduce new technical characteristic, below to Fig. 3 institutes
The new technical characteristic that the system shown introduces illustrates:
First, the second safety means and the second call terminal are illustrated:
Second safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, it is integrated in
In wearable device.Certainly, the second safety means can also be had intelligent cipher key equipment USB Key of USB interface, support sound
What the intelligent cipher key equipment of frequency interface, the intelligent cipher key equipment with function of Bluetooth communication etc. can be communicated with call terminal
Intelligent cipher key equipment, or, it is integrated in the intelligent cipher key equipment that can be communicated with call terminal;I.e. relative to the second call
Terminal, the second safety means are autonomous devices, and are not integrated on the second call terminal.
Second communication interface can be wireless connection interface or wired connection interface.If the second communication interface
For wireless connection interface, then wireless communication module is built-in with the second safety means, can be Wi-Fi module, Wi-Fi
Direct modules, NFC module, bluetooth module or infrared module, such as the second safety means are bluetooth earphone;If second is logical
Letter interface is wired connection interface, then the second safety means can have data line, and the interface of data line can be sound
Frequency interface or USB interface, such as the second safety means are line control earphone.Certainly, the second safety means can also have nothing simultaneously
Line connects and two kinds of functions of wired connection, i.e. the second safety means are built-in with wireless communication module, and is externally connected to data biography
Defeated line.
If being built-in with wireless communication module in the second safety means, the second transport module in the second safety means leads to
Cross the realization of the second communication interface and the wireless connection of the second call terminal;If the second communication interface is wired connection interface,
The second transport module in second safety means realizes the wired connection with the second call terminal by the second communication interface.
Wherein, the second call terminal is the terminal with voice call ability, can be traditional verbal system, such as fixed
Phone and cell phone or the terminal with function of network phone, such as PC, notebook computer and tablet personal computer.
2nd, key of being conversed used in the first safety means is illustrated:
Key of conversing can utilize the key schedule generation inside the first safety chip, the wherein key schedule
It can be Generating Random Number.Because call key is generated by the first safety chip in the first safety means, with showing
Have and key agreement is carried out by the first call terminal in itself in technology compared, set using the first safety independently of the first call terminal
It is standby to complete to consult, call key is reduced by the possibility of malware attacks in the first call terminal, and set by the first safety
The first safety chip in standby is more safe and reliable to generate call key.In addition, call key can be stored in the first safety
In chip, to ensure the storage safety of call key.
For key of being conversed used in the first safety means, the first safety chip in the first safety means is obtaining
To after call key, call key can be used to ensure the peace of voice call between the first safety means and the second safety means
Entirely, on the basis of equivalent to voice call in the prior art, language is established between the first safety means and the second safety means
Sound encrypted tunnel.
Wherein, voice encryption passage provided by the invention is built upon between the first safety means and the second safety means
Passage, i.e., for the first safety means, voice encryption passage have passed through the first safety means, the first verbal system, successively
Two verbal systems and the second safety means.It can thus be seen that the present invention voice encryption passage be built upon safety means it
Between, therefore, in the first call terminal and the second call terminal during the entire process of call is established to end of conversation, first is logical
Telephone terminal and the second call terminal play a part of transparent data, reduce the possibility of malware attacks on call terminal, carry
The high safety of data transfer.
Wherein, the first safety chip, it is additionally operable to after detecting that the voice call of user of the first call terminal terminates, deletes
Except call key.
After end of conversation, the first safety chip, which destroys call key used in this voice call, can reduce call
Key be stolen after by the possibility of irrational utilization, ensure the safe for operation of the first safety chip, be equally effectively utilized first
The memory space of safety chip.
Wherein, the voice call that the first safety chip is started to the first call terminal using key of conversing carries out encryption and decryption behaviour
Make, in the user of the first call terminal and the user of the second call terminal can when voice call starts start, can also
Start during the user of the first call terminal carries out voice call with the user of the second call terminal.
3rd, key of being conversed used in the second safety means is illustrated:
The ciphertext for the call key that second safety means receive is encrypted using the public key of the second safety means, because
And can only be decrypted by the private key of the second safety means, so that the ciphertext of the call key can only be by the second safety means solution
It is close, it ensure that the safety of call key.The signed data that second safety means receive is to call key or the close of key of conversing
Text carries out signature and handles what is obtained, and the second safety means are verified to signed data, it can be ensured that the source of signed data is
No is the first safety means.
For key of being conversed used in the second safety means, the second safety chip in the second safety means is obtaining
To after call key, call key can be used to ensure the peace of voice call between the first safety means and the second safety means
Entirely, on the basis of equivalent to voice call in the prior art, language is established between the first safety means and the second safety means
Sound encrypted tunnel.
Wherein, voice encryption passage provided by the invention is built upon between the first safety means and the second safety means
Passage, i.e., for the first safety means, voice encryption passage have passed through the second safety means, the second verbal system, successively
One verbal system and the first safety means.It can thus be seen that the present invention voice encryption passage be built upon safety means it
Between, therefore, in the first call terminal and the second call terminal during the entire process of call is established to end of conversation, first is logical
Telephone terminal and the second call terminal play a part of transparent data, reduce the possibility of malware attacks on call terminal, carry
The high safety of data transfer.
Wherein, the second safety chip, it is additionally operable to after detecting that the voice call of user of the second call terminal terminates, deletes
Except call key.
After end of conversation, the second safety chip, which destroys call key used in this voice call, can reduce call
Key be stolen after by the possibility of irrational utilization, ensure the safe for operation of the second safety chip, be equally effectively utilized second
The memory space of safety chip.
Wherein, the voice call that the second safety chip is started to the second call terminal using key of conversing carries out encryption and decryption behaviour
Make, in the user of the first call terminal and the user of the second call terminal can when voice call starts start, can also
Start during the user of the first call terminal carries out voice call with the user of the second call terminal.
4th, the function of realizing the digital certificate for obtaining the first safety means to the second safety chip illustrates:
Second safety chip, demonstrate,proved specifically for the numeral that the first safety means are obtained from the digital certificate prestored
Book;
Wherein, the second safety chip can prestore the digital certificate of one or more safety means, can be according to this
First safety means are identified to search the digital certificate of the first safety means;And because digital certificate is to be stored in advance in second
In safety means, do not obtained directly from outside, reduce the possibility that digital certificate is tampered.
Or second safety chip, first sent specifically for receiving the second call terminal by the second communication interface
The digital certificate of safety means.
Wherein, the second safety chip receives the first safety means that the second call terminal is sent by the second communication interface
Digital certificate, there can be following manner realization, including:
B1, the second call terminal obtain the digital certificate of first safety means from digital certificate center, and will get
The digital certificate of first safety means is sent to the second safety chip by the second communication interface;
B2, the first safety means send the digital certificate of the first safety means, the first call terminal to the first call terminal
The digital certificate of the first safety means is sent to the second call terminal, the second call terminal is receiving first safety means
After digital certificate, then the digital certificate of the first safety means sent to the second safety chip by the second communication interface.
Wherein in mode B2, the first safety means send the digital certificate of the first safety means to the first call terminal
Trigger condition can be that the first safety means are actively initiated or the first safety means are receiving the second safety means
Initiated after the certificate acquisition request of transmission.
Wherein, mode B1 and B2 two ways can get the digital certificate of the first safety means, but comparatively speaking, side
The second call terminal is the digital certificate that the first safety means are obtained from digital certificate center in formula B1, due to digital certificate source
Reliably, and monitor call attacker change the digital certificate possibility it is relatively low, reduce the possibility that digital certificate is tampered,
Ensure the second call terminal from the safety of the outside digital certificate for obtaining the first safety means.
5th, the function of the second output module and the second reminding module is illustrated:
Second output module, specifically for the identification information of the digital certificate of the first safety means is converted into sound letter
Breath, the acoustic information of the identification information of the digital certificate of the first safety means is obtained, and play the numeral card of the first safety means
The acoustic information of the identification information of book;
Wherein, the second output module can be the module for having playing function, for example, loudspeaker or loudspeaker;First safety
The acoustic information of the identification information of the digital certificate of equipment can be entered by the module with playing function of the second safety means
Row plays, such as the module with playing function can be loudspeaker or loudspeaker;Can also having by the second call terminal
The module of playing function plays out.
Certainly, the second output module can also be the module with display function, such as display screen;First safety means
The identification information of digital certificate can be shown by the module with display function of the second safety means, such as with aobvious
The module for showing function can be display screen;It can also be shown by the module with display function of the second call terminal.
The second output module on the second call terminal that compares exports the mark letter of the digital certificate of the first safety means
The mode of breath, the second output module exports the side of the identification information of the digital certificate of the first safety means on the second safety means
Formula, it is possible to reduce the possibility of malware attacks on the second call terminal, improve the safety of data transfer.
Second reminding module can be the module for having playing function, for example, loudspeaker or loudspeaker;It can also be with aobvious
Show the module of function, such as display screen.Second reminding module can pass through the mould with playing function on the second safety means
Block play cuing information, or, by the module display reminding information with display function on the second safety means, to realize
Prompt the function of being confirmed to the identification information of the digital certificate of the first safety means.Furthermore it is also possible to pass through the second call
The module play cuing information with playing function in terminal, or the module with display function on the second call terminal
Display reminding information, to realize the function of prompting to be confirmed to the identification information of the digital certificate of the first safety means.
Compare mark of the second reminding module prompting to the digital certificate of the first safety means on the second call terminal
The mode that information is confirmed, the second reminding module is prompted to the digital certificate of the first safety means on the second safety means
The mode that identification information is confirmed, it is possible to reduce the possibility of malware attacks on the second call terminal, improve data biography
Defeated safety.
Wherein, the information that the prompting of the second reminding module is confirmed to the identification information of the digital certificate of the first safety means
With the second output module output the first safety means digital certificate identification information can together with export, for example, output " please
Confirm the identification information XXX " of the digital certificate of the first safety means, wherein, XXX represents the digital certificate of the first safety means
The content of identification information.Wherein the way of output can use broadcast mode or display mode.
Certainly, the information that the prompting of the second reminding module is confirmed to the identification information of the digital certificate of the first safety means
Output can also be separated with the identification information of the digital certificate of the first safety means of the second output module output, for example, first defeated
Go out the information of " identification information of the digital certificate of the safety means of PLSCONFM first ", then export " the numeral card of the first safety means
The identification information of book is XXX " information, or, " identification information of the digital certificate of the first safety means is XXX's " for first output
Information, then export the information of " identification information of the digital certificate of the safety means of PLSCONFM first ".Wherein above-mentioned two information
The way of output can be exported using broadcast mode or display mode, wherein the way of output of above-mentioned two information can with identical,
Can also be different.
As seen from the above, the second reminding module and the second output module can be same modules physically, can also
It is two independent modules, and when the second reminding module and the second output module are two independent modules, can be respectively positioned on
In second safety means, or in the second call terminal;Can also one of them be located in the second safety means, another is located at
In second call terminal.
6th, the private key of the first safety means is illustrated:
The private key of first safety means is generated by the first safety chip inside the first safety chip.
For the private key in the first safety means, the way to manage for being in the prior art private key is led after being externally generated by
Enter, then imported into the first safety means, referred to as " land " mode, and aforesaid way easily imported into the first safety in private key and set
Before standby, hacker is possible to intercept and capture the private key, and therefore, Private key management mode of the prior art has certain security risk, because
This, private key used in the present invention is generated inside the first safety chip in the first safety means, i.e. the life of the private key
It is in first safety means into environment, i.e. the generation program of public and private key pair is that development person is directly fired in the first safe core
In piece, public key algorithm program is also to fire in the first safety chip.After public and private key generation, private key is stored in first
Key zone in safety chip, do not allow by outside access.When public private key pair in using key zone is digitally signed with
And it is asymmetric decryption computing when, the first safety chip intrinsic call private key perform computing.Because the use of the private key is by
What one safety chip called, therefore, in the generation of the private key and the overall process used, private key without departing from the first safety means,
The mode " do not landed " referred to herein as, therefore hacker just has no chance to intercept and capture private key, so as to ensure that the safety of private key.
7th, the identification information of the digital certificate of the private key to the second safety means and the first safety means illustrates:
The private key of second safety means is generated by the second safety chip inside the second safety chip.
For the private key in the second safety means, the way to manage for being in the prior art private key is led after being externally generated by
Enter, then imported into the second safety means, referred to as " land " mode, and aforesaid way easily imported into the second safety in private key and set
Before standby, hacker is possible to intercept and capture the private key, and therefore, Private key management mode of the prior art has certain security risk, because
This, private key used in the present invention is generated inside the second safety chip in the second safety means, i.e. the life of the private key
It is in second safety means into environment, i.e. the generation program of public and private key pair is that development person is directly fired in the second safe core
In piece, public key algorithm program is also to fire in the second safety chip.After public and private key generation, private key is stored in second
Key zone in safety chip, do not allow by outside access.When public private key pair in using key zone is digitally signed with
And it is asymmetric decryption computing when, the second safety chip intrinsic call private key perform computing.Because the use of the private key is by
What two safety chips called, therefore, in the generation of the private key and the overall process used, private key without departing from the second safety means,
The mode " do not landed " referred to herein as, therefore hacker just has no chance to intercept and capture private key, so as to ensure that the safety of private key.
Wherein, the identification information of the digital certificate of the first safety means is the digital certificate holder's of the first safety means
It is at least one in name information, contact method and identity information;Wherein, name information can be name, user name, pseudonym etc.,
Contact method can be with phone number, E-mail address, and identity information is ID card No., employee's card number, passport No..
8th, the numeral for utilizing the root certificate in the second safety means to verify the first safety means is realized to the second safety chip
The function of certificate illustrates:
Root certificate is the certificate that ca authentication center is issued to oneself, is the starting point of trust chain.The numeral card of safety means
Book is issued by the ca authentication center, then the root certificate at the ca authentication center is stored with safety means.For example, the first peace
The digital certificate of full equipment and the second safety means is all issued by the ca authentication center, then the first safety means and the second peace
The root certificate at the ca authentication center is stored with full equipment.
The root certificate at ca authentication center is used to be that the digital certificate that safety means are issued is authenticated to the ca authentication center,
To judge whether a certain digital certificate is the legal certificate issued by the ca authentication center;For example, obtained in the second safety chip
During the digital certificate of the first safety means, the digital certificate using the root certificate that the ca authentication center is issued to the first safety means
Verified, if the digital certificate of the first safety means of checking passes through, then it represents that the digital certificate of the first safety means is this
The legal certificate that ca authentication center is issued;Otherwise, the digital certificate for representing the first safety means is not that the ca authentication center is issued
Legal certificate.
The digital certificate that CA is issued comprises at least three parts information, the respectively information of user, the public key of user and CA
Signature of the authentication center to the information inside the digital certificate.By verifying that ca authentication center is to the digital certificate in digital certificate
The signature of the information of the inside, it is possible to achieve the checking to the true and false of digital certificate.The ca authentication center pair in digital certificate is verified
, it is necessary to complete to verify using the public key at ca authentication center during the signature of the information inside the digital certificate, and the public key at CA centers
It is stored in the root certificate at ca authentication center, therefore, needs to prestore root certificate in safety means, to realize the ca authentication
Center is that the digital certificate that safety means are issued is authenticated.
For example, whether the second safety chip is legal for the digital certificate of the first safety means of checking in system shown in Figure 3,
The root certificate that promising first safety means and the second safety means issue the ca authentication center of digital certificate need to be prestored.
In addition, system shown in Figure 3 of the present invention describes the digital certificate that the second safety means are verified in the first safety chip
By and obtain the first confirmation instruct when, and, the second safety chip verify the first safety means digital certificate by and
Processing mode during the second confirmation instruction is obtained, certainly, the processing side of following scene is also provided in system shown in Figure 3 of the present invention
Formula:
If the first safety chip verifies the digital certificate of the second safety means not by the way that the output of the first safety chip is tested
Unsanctioned prompt message is demonstrate,proved, can be on the first call terminal or the first safety means so as to the user of the first call terminal
Terminate this voice call;
After the prompting of the first reminding module confirms to the identification information of the digital certificate of the second safety means, if the
When the identity of the user of the identification information of the digital certificate of two safety means and the second call terminal is inconsistent, then the first call is whole
End or the first safety means receive the instruction for terminating this voice call.
Similarly, the second safety chip is not set in the digital certificate for verifying the first safety means by and/or the first safety
Processing system and the first safety when the identity of the user of the identification information of standby digital certificate and the first call terminal is inconsistent
Chip is similar, and here is omitted.
The system shown in Fig. 3 of the present invention is described further by taking an application scenarios as an example below:
When call terminal A and call terminal B carries out voice call, call terminal A communicates by first with safety means A and connect
Mouth is connected, and call terminal B is connected with safety means B by the second communication interface.Safety means A generation call keys, utilize peace
Full equipment B public key encryption call key, the ciphertext AB of call key is obtained, and it is close to conversing using safety means A private key
The ciphertext AB of key is signed, and obtains signed data AB, and safety means A sends the ciphertext AB and signed data AB of key of conversing
Give safety means B;After safety means B receives the ciphertext AB and signed data AB of call key, safety means A public key pair is utilized
Signed data AB is verified, if the verification passes, then the ciphertext AB for key of conversing is solved using safety means B private key
It is close, key of conversing is obtained, so as to realize that safety means A and safety means B are carried out using key of conversing to respective voice call
The operation of encryption and decryption.
When the third party be present in call terminal A and call terminal B communication process, the call terminal of the wherein third party is
Call terminal C, call terminal C safety means are safety means C, then voice call process is as follows:
Safety means A generation call keys, using safety means C public key encryption call key, obtain key of conversing
Ciphertext AC, and the ciphertext AC for key of conversing is signed using safety means A private key, signed data AC is obtained, is set safely
The ciphertext AC and signed data AC of key of conversing are sent to safety means C by standby A;Safety means C receives the ciphertext of call key
After AC and signed data AC, signed data AC is verified using safety means A public key, if the verification passes, then utilized
The ciphertext AC for key of conversing is decrypted safety means C private key, obtains key of conversing.
Safety means C obtains the ciphertext CB of call key, and utilize using safety means B public key encryption call key
Safety means C private key is signed to the ciphertext CB for key of conversing, and obtains signed data CB, and safety means C will converse key
Ciphertext CB and signed data CB be sent to safety means B;Safety means B receives the ciphertext CB and signed data CB of call key
Afterwards, signed data CB is verified using safety means C public key, if the verification passes, then utilizes safety means B private key
The ciphertext CB for key of conversing is decrypted, obtains key of conversing.
It can be seen that when the third party be present in call terminal A and call terminal B communication process, safety means A and safety are set
Standby B still can carry out the operation of encryption and decryption to respective voice call using key is conversed, but now in call terminal A and lead to
Telephone terminal B call is monitored by the third party.
Based on above mentioned problem, the system in embodiment one and embodiment two introduces " to be carried out using root certificate to digital certificate
Checking " and the technical characteristic of " identification information of output digital certificate " so that the system in embodiment one and embodiment two can
Solve the above problems, be described as follows:
First safety means are tested the digital certificate of the second safety means using the root certificate in the first safety means
Card;
If checking is by the way that the digital certificate that can confirm that the second safety means is not the conjunction that ca authentication center is issued
Method certificate;Now the first safety means are safe to ensure the transmission of call key, will send alarm prompt prompting user, with
Just user takes safety measures in time.
If the verification passes, then the digital certificate that can confirm that the second safety means is the legal card that ca authentication center is issued
Book;But the first safety means still not can determine that the certificate being verified holder whether be the second call terminal user,
Therefore the identification information of the digital certificate of the second safety means of output is needed, and is prompted to the digital certificate of the second safety means
Identification information is confirmed, if the first safety means receive the first confirmation instruction, then it represents that the numeral of the second safety means
The holder of certificate is the user of the second call terminal;Otherwise, the holder of the digital certificate of the second safety means is represented not
It is the user of the second call terminal, the holder for also meaning that the digital certificate of second safety means is the third party, so as to real
Now identify the purpose that whether there is the third party in voice call.
Similarly, in the system shown in embodiment two, the second safety chip utilizes the root certificate pair in the second safety means
The digital certificate of first safety means is verified;
If checking is by the way that the digital certificate that can confirm that the first safety means is not the conjunction that ca authentication center is issued
Method certificate;Now the second safety means are safe to ensure the transmission of call key, will send alarm prompt prompting user, with
Just user takes safety measures in time.
If the verification passes, then the digital certificate that can confirm that the first safety means is the legal card that ca authentication center is issued
Book;But the second safety means still not can determine that the certificate being verified holder whether be the first call terminal user,
Therefore the identification information of the digital certificate of the first safety means of output is needed, and is prompted to the digital certificate of the first safety means
Identification information is confirmed, if the second safety means receive the second confirmation instruction, then it represents that the numeral of the first safety means
The holder of certificate is the user of the first call terminal;Otherwise, the holder of the digital certificate of the first safety means is represented not
It is the user of the first call terminal, the holder for also meaning that the digital certificate of first safety means is the third party, so as to real
Now identify the purpose that whether there is the third party in voice call.
Still the system including above-mentioned technical characteristic is described further by taking application scenarios listed above as an example:
Safety means A is before execution is encrypted to call key and the call key after encryption is signed, safety
Device A verified using root certificate to safety means C digital certificate, if the verification passes, then output safety equipment C number
The identification information of word certificate, and prompt to confirm the identification information of safety means C digital certificate, the first call terminal
User is according to the identification information of safety means C digital certificate, it can be determined that goes out the holder of safety means C digital certificate
It is not the user of the second call terminal, thus may determine that the call in call terminal A and call terminal B has the third party
Monitor.
Similarly, safety means B is in the decryption of the ciphertext of the call key to receiving and before being verified to signed data,
Safety means B verified using root certificate to safety means C digital certificate, if the verification passes, then output safety equipment C
Digital certificate identification information, and prompt to confirm the identification information of safety means C digital certificate, the second call is eventually
The user at end is according to the identification information of safety means C digital certificate, it can be determined that goes out holding for safety means C digital certificate
The person of having not is the user of the first call terminal, thus may determine that the call in call terminal A and call terminal B has the
Three people monitor.
Compared with key of conversing in the prior art is the mode generated in TF card, system provided by the invention passes through independence
In generation call key on the first safety means of the first call terminal, reduce during voice encryption by the first call terminal
The possibility of upper malware attacks;And generated by the first safety chip in the first safety means, based on safety chip
High security, reduce call key from stealing possibility, ensure that the security of voice encryption;In addition, in voice encryption
When, encrypted inside the first safety chip using call key so that call key is called in a security context, is protected
The safe handling of card call key.In addition, the first safety chip verifies the digital certificate of the second safety means, it is being verified
Afterwards, the first output module exports the identification information of the digital certificate of the second safety means, and the prompting of the first reminding module is pacified to second
The identification information of the digital certificate of full equipment confirmed, realizes the knowledge of the holder of digital certificate to the second safety means
Not so that the user of the first call terminal can determine this call, and whether someone monitors, and improves and the is identified in voice call
The success rate that three people monitor, so as to reduce the monitored possibility of voice call, and determine that this voice call has the in user
When three people monitor, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve data in voice call and pass
Defeated safety.
The ciphertext for the call key that second safety means receive is encrypted using the public key of the second safety means, because
And can only be decrypted by the private key of the second safety means, so that the ciphertext of the call key can only be by the second safety means solution
It is close, it ensure that the safety of call key;The signed data that second safety means receive is to call key or the close of key of conversing
Text carries out signature and handles what is obtained, and the second safety means are verified to signed data, it can be ensured that the source of signed data is
No is the first safety means.In addition, the second safety chip verifies the digital certificate of the first safety means, after being verified, the
Two output modules export the identification information of the digital certificate of the first safety means, and the second reminding module is prompted to the first safety means
The identification information of digital certificate confirmed, realize the identification of the holder of digital certificate to the first safety means so that
The user of second call terminal can determine this call, and whether someone monitors, and improves and identifies that the third party monitors in voice call
Success rate, so as to reduce the monitored possibility of voice call, and determine that this voice call has third party's monitoring in user
When, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve the safety of data transfer in voice call.
Any process or method described otherwise above description in flow chart or herein is construed as, and represents to include
Module, fragment or the portion of the code of the executable instruction of one or more the step of being used to realize specific logical function or process
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, including according to involved function by it is basic simultaneously in the way of or in the opposite order, carry out perform function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, software that multiple steps or method can be performed in memory and by suitable instruction execution system with storage
Or firmware is realized.If, and in another embodiment, can be with well known in the art for example, realized with hardware
Any one of row technology or their combination are realized:With the logic gates for realizing logic function to data-signal
Discrete logic, have suitable combinational logic gate circuit application specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that to realize all or part of step that above-described embodiment method carries
Suddenly it is that by program the hardware of correlation can be instructed to complete, described program can be stored in a kind of computer-readable storage medium
In matter, the program upon execution, including one or a combination set of the step of embodiment of the method.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can also
That unit is individually physically present, can also two or more units be integrated in a module.Above-mentioned integrated mould
Block can both be realized in the form of hardware, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized in the form of software function module and as independent production marketing or in use, can also be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only storage, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or the spy for combining the embodiment or example description
Point is contained at least one embodiment or example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.Moreover, specific features, structure, material or the feature of description can be any
One or more embodiments or example in combine in an appropriate manner.
Although embodiments of the invention have been shown and described above, it is to be understood that above-described embodiment is example
Property, it is impossible to limitation of the present invention is interpreted as, one of ordinary skill in the art is not departing from the principle and objective of the present invention
In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.The scope of the present invention
By appended claims and its equivalent limit.
Claims (4)
1. a kind of data handling system of voice call, it is characterised in that the system includes the first safety means and first and led to
Telephone terminal, first safety means are independently of first call terminal, and first safety means pass through the first communication
Interface is connected with first call terminal;
The system specifically includes:
First safety chip, first safety chip is located in first safety means, for obtaining the second safety means
Digital certificate, and utilize the root certificate in first safety means to carry out the digital certificates of second safety means
Checking;Wherein, second safety means are the peace for the second call terminal that voice call is carried out with first call terminal
Full equipment;
First output module, first output module are located in first safety means, or positioned at the described first call eventually
In end, for verifying that the digital certificates of second safety means by rear, exports the numeral card of second safety means
The identification information of book;Wherein, the digital certificate of second safety means comprises at least:The letter of the user of second safety means
Breath, the second safety means user public key and ca authentication center to the signature of the information inside the digital certificate, described the
Two safety means are comprised at least when user profile:The identification information of the digital certificate of second safety means;
First reminding module, first reminding module are located in first safety means, or positioned at the described first call eventually
In end, for prompting to confirm the identification information of the digital certificate of second safety means.
2. system according to claim 1, it is characterised in that first reminding module is specifically used for:
Prompt the identification information and the identity of the user of second call terminal to the digital certificate of second safety means
Whether unanimously confirmed.
3. system according to claim 1 or 2, it is characterised in that first safety chip is specifically used for:
The digital certificate of second safety means is obtained from the digital certificate prestored;Or
The digital certificate for second safety means that first call terminal is sent is received by first communication interface.
4. system according to claim 1 or 2, it is characterised in that first output module is specifically used for:
The identification information of the digital certificate of second safety means is converted into acoustic information, obtains second safety means
Digital certificate identification information acoustic information, and play the sound of the identification information of the digital certificate of second safety means
Message ceases;Or the identification information of the digital certificate of display second safety means.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410247006.9A CN104066081B (en) | 2014-06-05 | 2014-06-05 | A kind of data handling system of voice call |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410247006.9A CN104066081B (en) | 2014-06-05 | 2014-06-05 | A kind of data handling system of voice call |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104066081A CN104066081A (en) | 2014-09-24 |
| CN104066081B true CN104066081B (en) | 2017-11-17 |
Family
ID=51553569
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410247006.9A Active CN104066081B (en) | 2014-06-05 | 2014-06-05 | A kind of data handling system of voice call |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104066081B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1549490A (en) * | 2003-05-12 | 2004-11-24 | 四川大学 | Method and apparatus for conducting identification and speech signal secret communication |
| CN102572817B (en) * | 2010-12-21 | 2015-01-14 | 普天信息技术研究院有限公司 | Method and intelligent memory card for realizing mobile communication confidentiality |
| KR101239297B1 (en) * | 2011-07-28 | 2013-03-05 | 한국전자통신연구원 | System for protecting information and method thereof |
| CN103648090A (en) * | 2013-12-12 | 2014-03-19 | 北京利云技术开发公司 | Method for realizing security and credibility of intelligent mobile terminal and system thereof |
-
2014
- 2014-06-05 CN CN201410247006.9A patent/CN104066081B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN104066081A (en) | 2014-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104065648B (en) | A kind of data processing method of voice call | |
| US9767807B2 (en) | Digital voice signature of transactions | |
| US10038676B2 (en) | Call encryption systems and methods | |
| CN103973696B (en) | A kind of data processing method of voice call | |
| CN103905188B (en) | Utilize the method and intelligent cipher key equipment of intelligent cipher key equipment generation dynamic password | |
| CN104301115B (en) | Mobile phone and Bluetooth key signature verification ciphertext communication method | |
| CN109561056B (en) | Secret communication method, system, mobile terminal and wearable device | |
| CN107733652A (en) | For sharing the method for unlocking and system and lock of the vehicles | |
| EP3139564B1 (en) | Encryption coding module | |
| CN103974243B (en) | A kind of data handling system of voice call | |
| CN104080080B (en) | A kind of data handling system of voice call | |
| CN104065650B (en) | A kind of data handling system of voice call | |
| CN104065649B (en) | A kind of data processing method of voice call | |
| CN103974242B (en) | A kind of data processing method of voice call | |
| CN103986711B (en) | A kind of data processing method of voice call | |
| CN104038932B (en) | A kind of safety equipment | |
| CN104066081B (en) | A kind of data handling system of voice call | |
| WO2016144806A2 (en) | Digital voice signature of transactions | |
| CN104066080B (en) | A kind of data processing method of voice call | |
| CN103986712B (en) | A kind of data processing method of voice call | |
| WO2016204700A1 (en) | System for secure transmission of voice communication via communication network and method of secure transmission of voice communication | |
| CN103997732B (en) | A kind of data handling system of voice call | |
| CN103987036B (en) | A kind of data handling system of voice call | |
| CN103986579B (en) | A kind of data handling system of voice call | |
| US11968207B2 (en) | Apparatus and methods for reverse identification and authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |