CN104270380A - End-to-end encryption method and system based on mobile network and communication client side - Google Patents
End-to-end encryption method and system based on mobile network and communication client side Download PDFInfo
- Publication number
- CN104270380A CN104270380A CN201410543964.0A CN201410543964A CN104270380A CN 104270380 A CN104270380 A CN 104270380A CN 201410543964 A CN201410543964 A CN 201410543964A CN 104270380 A CN104270380 A CN 104270380A
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- key
- algorithm
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to an end-to-end encryption method based on a mobile network and a communication client side, and further relates to an end-to-end encryption system based on the mobile network and the communication client side. According to the encryption method, the symmetric encryption algorithm is adopted to carry out data encryption, an account number managing center is used for managing the identity and a secret key of an authorized user, a secret key processing module is used for carrying out secret key encryption and decryption on a secrecy system, a terminal processing module is used for carrying out encryption or decryption on the plaintext or ciphertext data information through the symmetric encryption algorithm, and a communication software client side is used for transmitting enciphered data, and accordingly the end-to-end enciphered data interaction is achieved. The encryption system comprises the account number managing center, the secret key processing module and the terminal processing module, the account number management center and the secret key processing module interact through the mobile communication network, the terminal processing module interacts with the enciphered data through the communication software client side, and encryption or decryption on the terminal processing module is achieved. The end-to-end encryption method and the end-to-end encryption system are good in encryption safety and capable of being used for various mobile communication platforms.
Description
Technical field
The present invention relates to a kind of End to End Encryption method based on mobile network and communication customer end, meanwhile, also relate to a kind of End to End Encryption system based on mobile network and communication customer end.
Background technology
In existing mobile communication system, no matter be mobile communications network, or be used as the communication software of data delivery platform, have the existence of encryption technology.
In the mobile communication network, be no matter the system of the public or specialty, both define the safety function such as authentication, interface ciphering, ensure the secure exchange of data.But these encryption technologies also there will be at the core node of communication system the situation that information exists with plaintext version, its safe coefficient is low, cannot meet the safety requirements of the high guarantee user profile confidentiality of army, government and security department and some special user proposition.
In order to improve fail safe, realize the End to End Encryption of mobile communication, the patent No.: 98108859.7 and the patent No.: the Chinese patent application case of 200410021688.7 discloses two kinds of end-to-end data ciphering methods, but the former exists because Virtual network operator knows the unsafe problems that key information causes, and implement complicated, need mobile phone structure of modification, the functional realiey of the latter needs by external mobile privacy device, thereby increase user's burden, bring the inconvenience in use.
By means of the communication software being used as data delivery platform of current public use, such as QQ, micro-letter etc., because communication software should carry out encryption to data transfer procedure, can realize confidentiality to a certain degree.But because all data all process via the server of communication software provider, data whether cryptographic storage and how to process etc. quite opaque to user, not only there is technical risk in the fail safe of user data, also has moral hazard.
Summary of the invention
In order to overcome the above-mentioned defect of prior art, the invention provides a kind of end-to-end data ciphering method based on mobile communications network and communication software client, additionally provide a kind of data encryption system adopting the method, not only fail safe is good in the end-to-end data encryption that this method realizes, and application is wide, realize simple, easy to use, can be used for various mobile communication platform, meet the user having special secret needs.
The technical scheme that the present invention realizes above-mentioned purpose is: a kind of end-to-end data ciphering method based on mobile communications network and communication software client, symmetric encipherment algorithm is adopted to be encrypted user data, account management center is adopted to carry out identity and key management to the user that has the right, the login account UAC of generation and leading subscriber, management and dissemination system key GEK, management and dispatch user encrypt after key EUEK, key handling module is adopted to carry out key encryption and decryption to this secrecy system, according to the GEK obtained from account management center, it is encrypted/is deciphered carry out being combined into user data key UEK according to preset rules based on account and mobile communication equipment identification code after, obtain the encryption key after encrypting or decruption key EUEK, and be stored in account management center.EUEK and GEK is obtained from account management center during encryption and decryption, decipher in key handling module, restore UEK, then the IMEI information that comparison UEK comprises in terminal processing module, after meeting, by Predistribution Algorithm and UEK, the data message to plain/cipher text is encrypted/deciphers, and transmit by means of communication software client, mutual to realize enciphered data end to end.
As shown in Figure 1, a kind of end-to-end data encryption system based on mobile communications network and communication software client, comprise account management center, key handling module and terminal processing module, it is mutual that described account management center and described key handling module pass through mobile communications network, described account management center is according to UAC, certification is carried out to the request of described key management module, management, distribution GEK and EUEK, described key management module is according to Predistribution Algorithm, generate UEK, or pass through GEK, EUEK obtains UEK, described terminal processing module passes through Predistribution Algorithm, UEK is used to carry out encryption and decryption to user data, and enciphered data mutual with communication software client, thus encrypt/decrypt is realized on described terminal processing module.
The mode adopting terminal data to encrypt rear transmission due to the present invention realizes End to End Encryption, avoid the defect that prior art lower network node exists plaintext transmission, avoid the control of Virtual network operator to key, and reduce communication software provider and to divulge a secret risk, improve fail safe and the safe class of communication; Because the present invention is by two of data encryption piths: key and ciphertext separate management and transmission, greatly reduce the security risks managed by single provider; Because the present invention adopts account and mobile device identification code to generate key, and adopt symmetric encipherment algorithm, simplify data encryption system, facilitate use, reduce encryption cost; Could decipher because the enciphered data of transmit leg in the present invention can only use on the mobile device of the account of recipient when its initial log, and mobile device all carries by user is next to the skin usually, physically improves safe class.
Accompanying drawing explanation
Fig. 1 is the structural representation of the present invention based on mobile communications network and communication software client.
Fig. 2 is the initial login procedure schematic diagram that the present invention relates to.
Fig. 3 is the private data reciprocal process schematic diagram that the present invention relates to.
Embodiment
Below in conjunction with accompanying drawing, the present invention is further illustrated:
Explanation of nouns involved during the present invention describes is as follows:
UAC, i.e. User Account, user account, is used for classifying at account management center different users.
UEK, i.e. User Encryption Key, user key, is used for being encrypted used key to user data.
GEK, i.e. General Encryption Key, master key, is used for carrying out UEK the key of enciphering/deciphering process.
EUEK, i.e. Encrypt User Encryption Key, encrypted user key, is present in transmission and preservation process.
DATA, refers to user's clear data.
EDATA, i.e. Encrypt Data, the user data of encryption.
The identification code of IMEI, GSM mobile device, makes a general reference the mobile communication equipment identification code of various standard here, has global uniqueness.
The invention provides a kind of End to End Encryption method based on mobile network and communication customer end, symmetric encipherment algorithm is adopted to carry out data encryption, account management center is adopted to carry out identity and key management to the user that has the right, key handling module is adopted to carry out key management to this secrecy system, algorithm management and encryption and decryption process, encryption key or decruption key is generated based on account and mobile communication equipment identification code (such as: IMEI), be encrypted by the data message of symmetric encipherment algorithm to plain/cipher text/decipher, and transmit enciphered data by communication software client, to realize coded communication end to end.
For realizing said method, the invention provides a kind of End to End Encryption system based on mobile network and communication customer end, comprise account management center, key handling module and terminal processing module, the distribution of UAC, GEK and EUEK, storage, renewal and deletion are responsible in described account management center; Described key handling module is built-in with login account processing unit, secret key encryption unit and secret key decryption processing unit, be responsible for using Predistribution Algorithm to generate EUEK be uploaded to account management center according to UAC, IMEI, GEK, or use Predistribution Algorithm to generate UEK and send terminal processing units to according to EUEK and GEK to be encrypted/to decipher; Described terminal processing units is responsible for receiving input data DATA or EDATA, and uses Predistribution Algorithm to be encrypted/decryption processing to DATA or EDATA according to UEK; Data after process by means of communication software client, by mobile communications network transmission and reception.
Data encryption system of the present invention can use prior art to write, and can be used as independent software product and installs on the mobile apparatus; Enciphering and deciphering algorithm involved in the present invention adopts symmetric encipherment algorithm, and can adopt the public algorithms such as DES, 3DES that technology maturation stability is high, structure is simple, enough for fail safe mobile device, and fast operation, takies resource few, is specially adapted to instantaneous communication system.
A kind of end-to-end data ciphering method based on mobile network and communication customer end of the present invention, depend on described a kind of end-to-end data encryption system based on mobile network and communication customer end, it specifically implements to be divided into initial login procedure and the large step of private data reciprocal process two:
As shown in Figure 2, initial login procedure: user by the described login account processing unit in described key handling module to described account management center requests UAC, UAC be distributed to described login account processing unit after described account management center certification, and the described secret key encryption unit passed in described key handling module, described secret key encryption unit obtains GEK from described account management center, UAC and IMEI is formed UEK according to presetting rule simultaneously, then be that double secret key UEK uses Predistribution Algorithm to be encrypted to EUEK with GEK, and be uploaded to described account management center.
As shown in Figure 3, private data reciprocal process: transmit leg uses existing UAC to log in described account management center, by specifying the recipient of enciphered data, described cipher key decryption unit in key handling module described in it obtains the EUEK of GEK and recipient from described account management center, then be that double secret key EUEK uses Predistribution Algorithm to be decrypted into UEK with GEK, and pass to described terminal processing module, described terminal processing module receives the data DATA from user, be that key uses Predistribution Algorithm to be encrypted to EDATA to DATA with UEK, EDATA is sent out via mobile communications network by described communication software client by transmit leg, after the described communication software client of recipient collects EDATA, described terminal processing module is passed to by recipient, recipient uses existing UAC to log in described account management center, described cipher key decryption unit in key handling module described in it obtains GEK and the EUEK of self from described account management center, then be that double secret key EUEK uses Predistribution Algorithm to be decrypted into UEK with GEK, and pass to described terminal processing module, described terminal processing module uses presetting rule to decomposite comprised IMEI to UEK, and compare with the identification code of current mobile device, if consistent, so described terminal processing module is that double secret key EDATA uses Predistribution Algorithm to be decrypted with UEK, restore DATA.
Claims (6)
1., based on an End to End Encryption method for mobile network and communication customer end, it is characterized in that comprising the steps:
Symmetric encipherment algorithm is adopted to carry out the encryption of key and data;
Account management center is adopted to carry out account management and key management to secrecy system, comprising storage and the distribution of the generation to the certification of encrypting user, the generation of account and management, master key, distribution, renewal and deletion and user key;
Adopt the generation of key handling resume module user key, transmission and encryption and decryption;
Adopt terminal processing module to carry out encryption and decryption process to user data, but directly do not transmit, but according to the security doctrine that data encryption is separated with transmission channel, take on encrypted data transmission task by means of communication software client, promote safe class.
2. a kind of End to End Encryption method based on mobile network and communication customer end as claimed in claim 1, is characterized in that: enciphered data transmit leg can realize the encryption and decryption one to one of enciphered data by the mode of specific data recipient after login account administrative center.
3. a kind of End to End Encryption method based on mobile network and communication customer end as claimed in claim 1, is characterized in that: must use account when initially logging in and equipment when encrypted data reception side carries out data deciphering.
4. a kind of End to End Encryption method based on mobile network and communication customer end as claimed in claim 1, it is characterized in that: the symmetric encipherment algorithm of employing is disclosed algorithm or privately owned algorithm, and the cryptographic algorithm to master key and the cryptographic algorithm to user data can adopt identical algorithm or different algorithms.
5. a kind of End to End Encryption method based on mobile network and communication customer end as claimed in claim 3, it is characterized in that: the information user key used during ciphering user data being contained to user account and mobile device identification code, before data decryption, these information are compared, thus realize the binding of account and mobile device and data deciphering.
6. the End to End Encryption system based on mobile network and communication customer end, it is characterized in that described system comprises account management center, key handling module and terminal processing module, the distribution of UAC, GEK and EUEK, storage, renewal and deletion are responsible in described account management center; Described key handling module is built-in with login account processing unit, secret key encryption unit and secret key decryption processing unit, be responsible for using Predistribution Algorithm to generate EUEK be uploaded to account management center according to UAC, IMEI, GEK, or use Predistribution Algorithm to generate UEK and send terminal processing units to according to EUEK and GEK to be encrypted/to decipher; Described terminal processing units is responsible for receiving input data DATA or EDATA, and uses Predistribution Algorithm to be encrypted/decryption processing to DATA or EDATA according to UEK; Data after process by means of communication software client, by mobile communications network transmission and reception.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410543964.0A CN104270380A (en) | 2014-10-15 | 2014-10-15 | End-to-end encryption method and system based on mobile network and communication client side |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410543964.0A CN104270380A (en) | 2014-10-15 | 2014-10-15 | End-to-end encryption method and system based on mobile network and communication client side |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104270380A true CN104270380A (en) | 2015-01-07 |
Family
ID=52161870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410543964.0A Pending CN104270380A (en) | 2014-10-15 | 2014-10-15 | End-to-end encryption method and system based on mobile network and communication client side |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104270380A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105989304A (en) * | 2015-03-06 | 2016-10-05 | 深圳酷派技术有限公司 | File storage method, file reading method, file storage apparatus and file reading apparatus |
| CN106941487A (en) * | 2017-02-24 | 2017-07-11 | 阿里巴巴集团控股有限公司 | A kind of data transmission method for uplink and device |
| CN107517206A (en) * | 2017-08-18 | 2017-12-26 | 北京北信源软件股份有限公司 | A kind of method, apparatus of secure communication, computer-readable recording medium and storage control |
| CN109104283A (en) * | 2018-06-26 | 2018-12-28 | 北京云迹科技有限公司 | intelligent distribution system communication encryption method and device |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN110138765A (en) * | 2019-05-10 | 2019-08-16 | 腾讯科技(深圳)有限公司 | Data processing method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925681A (en) * | 2006-09-20 | 2007-03-07 | 北京太极联合实验室科技有限公司 | End-to-end encrypting method and system based on mobile communication network |
| CN101867472A (en) * | 2009-04-14 | 2010-10-20 | 航天信息股份有限公司 | Asymmetrical group encryption/decryption method based on user identity identification |
| CN103166958A (en) * | 2013-02-26 | 2013-06-19 | 深圳创维数字技术股份有限公司 | Protection method and protection system of file |
| CN103248650A (en) * | 2012-02-09 | 2013-08-14 | 中兴通讯股份有限公司 | Document download method and system |
| CN103297230A (en) * | 2012-02-22 | 2013-09-11 | 中国移动通信集团公司 | Information encryption and decryption method, device and system |
-
2014
- 2014-10-15 CN CN201410543964.0A patent/CN104270380A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925681A (en) * | 2006-09-20 | 2007-03-07 | 北京太极联合实验室科技有限公司 | End-to-end encrypting method and system based on mobile communication network |
| CN101867472A (en) * | 2009-04-14 | 2010-10-20 | 航天信息股份有限公司 | Asymmetrical group encryption/decryption method based on user identity identification |
| CN103248650A (en) * | 2012-02-09 | 2013-08-14 | 中兴通讯股份有限公司 | Document download method and system |
| CN103297230A (en) * | 2012-02-22 | 2013-09-11 | 中国移动通信集团公司 | Information encryption and decryption method, device and system |
| CN103166958A (en) * | 2013-02-26 | 2013-06-19 | 深圳创维数字技术股份有限公司 | Protection method and protection system of file |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105989304A (en) * | 2015-03-06 | 2016-10-05 | 深圳酷派技术有限公司 | File storage method, file reading method, file storage apparatus and file reading apparatus |
| CN106941487A (en) * | 2017-02-24 | 2017-07-11 | 阿里巴巴集团控股有限公司 | A kind of data transmission method for uplink and device |
| US10797861B2 (en) | 2017-02-24 | 2020-10-06 | Alibaba Group Holding Limited | Secure data transactions |
| US10878130B2 (en) | 2017-02-24 | 2020-12-29 | Advanced New Technologies Co., Ltd. | Secure data transactions |
| CN106941487B (en) * | 2017-02-24 | 2021-01-05 | 创新先进技术有限公司 | Data sending method and device |
| CN107517206A (en) * | 2017-08-18 | 2017-12-26 | 北京北信源软件股份有限公司 | A kind of method, apparatus of secure communication, computer-readable recording medium and storage control |
| CN109104283A (en) * | 2018-06-26 | 2018-12-28 | 北京云迹科技有限公司 | intelligent distribution system communication encryption method and device |
| CN109104283B (en) * | 2018-06-26 | 2022-01-11 | 北京云迹科技有限公司 | Intelligent distribution system communication encryption method and device |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN110138765A (en) * | 2019-05-10 | 2019-08-16 | 腾讯科技(深圳)有限公司 | Data processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101340443B (en) | Session key negotiating method, system and server in communication network | |
| CN103179114B (en) | Data fine-grained access control method during a kind of cloud stores | |
| CN104270380A (en) | End-to-end encryption method and system based on mobile network and communication client side | |
| CN104917759A (en) | Third-party-based safety file storage and sharing system and method | |
| CN103973736A (en) | Data sharing method and device | |
| CN104506483A (en) | Method for encrypting and decrypting information and managing secret key as well as terminal and network server | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN103533539A (en) | Virtual SIM (subscriber identity module) card parameter management method and device | |
| CN105025019A (en) | Data safety sharing method | |
| CN100426718C (en) | A secure transmission method for media content | |
| CN105049877A (en) | Encryption method and device for live and recorded broadcast interaction system | |
| CN107181584B (en) | Asymmetric completely homomorphic encryption and key replacement and ciphertext delivery method thereof | |
| CN103458400A (en) | Key management method for voice encryption communication system | |
| CN104219044A (en) | Key secret method for encrypting storing device | |
| CN103634266A (en) | A bidirectional authentication method for a server and a terminal | |
| CN105792190A (en) | Data encryption, decryption and transmission method in communication system | |
| CN101707767A (en) | Data transmission method and devices | |
| CN102404337A (en) | Data encryption method and device | |
| CN105791258A (en) | Data transmission method, terminal and open platform | |
| CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
| CN104767766A (en) | Web Service interface verification method, Web Service server and client side | |
| CN112187757A (en) | Multilink privacy data circulation system and method | |
| CN103354637B (en) | A kind of internet-of-things terminal M2M communication encrypting method | |
| CN205792703U (en) | Data encryption and shielding system | |
| CN103916834A (en) | Short message encryption method and system allowing user to have exclusive secret key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150107 |
|
| WD01 | Invention patent application deemed withdrawn after publication |