CN105530100A - A VoLTE secure communication method - Google Patents

A VoLTE secure communication method Download PDF

Info

Publication number
CN105530100A
CN105530100A CN201610018888.0A CN201610018888A CN105530100A CN 105530100 A CN105530100 A CN 105530100A CN 201610018888 A CN201610018888 A CN 201610018888A CN 105530100 A CN105530100 A CN 105530100A
Authority
CN
China
Prior art keywords
key
voice data
volte
symmetric encryption
voice
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610018888.0A
Other languages
Chinese (zh)
Inventor
陈立全
徐余浩
于佳阳
王驭扬
宋睿
顾鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201610018888.0A priority Critical patent/CN105530100A/en
Publication of CN105530100A publication Critical patent/CN105530100A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明公开一种VoLTE安全通信方法,通过同时使用对称加密算法RC4和非对称加密算法RSA实现VoLTE通信节点端到端的安全通信;其中利用高效率的对称加密算法RC4对通话语音数据进行加密;使用非对称加密算法RSA对通话语音数据进行数字签名与验证来确认数据来源可靠;而对称加密的密钥则通过非对称加密算法RSA的公钥进行加密后再与接收方进行协商,保证了语音加密密钥的安全。每次语音会话的加密密钥都随机生成,并在该次会话结束之后进行销毁。提出的VoLTE安全通信方法综合高效地实现了VoLTE通信双方的保密传输、认证与签名和密钥协商,较好地兼顾了VoLTE语音传输对传输速度、语音质量以及安全性的要求。

The invention discloses a VoLTE secure communication method, which realizes end-to-end secure communication of VoLTE communication nodes by simultaneously using a symmetric encryption algorithm RC4 and an asymmetric encryption algorithm RSA; where the high-efficiency symmetric encryption algorithm RC4 is used to encrypt call voice data; using The asymmetric encryption algorithm RSA digitally signs and verifies the call voice data to confirm the reliability of the data source; while the symmetric encryption key is encrypted by the public key of the asymmetric encryption algorithm RSA and then negotiated with the receiver to ensure voice encryption Key security. The encryption key for each voice session is randomly generated and destroyed after the session ends. The proposed VoLTE secure communication method comprehensively and efficiently realizes the confidential transmission, authentication, signature and key negotiation of both sides of VoLTE communication, and takes into account the requirements of VoLTE voice transmission on transmission speed, voice quality and security.

Description

一种VoLTE安全通信方法A VoLTE secure communication method

技术领域technical field

本发明涉及一种VoLTE安全通信方法来实现VoLTE上语音的端到端语音加密,属于移动通信安全技术领域。The invention relates to a VoLTE secure communication method to realize end-to-end voice encryption of voice on VoLTE, and belongs to the technical field of mobile communication security.

背景技术Background technique

目前中国乃至世界的4G系统已经较为完善,而基于分组域信息传输的IMS运营语音网络也逐步在开始。分组域信息传输的众多优势让传统的电话网络向IP网络的过渡成为一个趋势。如果要将VoLTE应用于以后人们的日常通话业务,首要考虑的就是其通信安全的问题。当用户设备需要接入IMS业务网络时,首先需要进行身份认证。这种认证是基于一种称为“IMS鉴权与密钥协商”(IMSAKA)的流程完成的。由于SIP协议本身缺乏强制性的机密性和完整性的保护,因此IMS体系中要求用户设备接入业务网络时必须接受强制性的完整性保护,而IMSAKA协商后所产生的密钥则被用于建立这种安全关联。经过分析发现,IMS网络的安全保护机制可以很好的抵御注册劫持攻击,但是用户在P-CSCF的发现过程中由于没有实现的消息安全保护,可能会发生拒绝服务攻击(DoS攻击),因此IMS网络对于现有的大多数攻击有一定的抵御能力,但是依然存在着较大的安全风险。At present, the 4G system in China and even the world has been relatively perfect, and the IMS operation voice network based on packet domain information transmission is gradually starting. The many advantages of packet domain information transmission make the transition from traditional telephone network to IP network a trend. If VoLTE is to be applied to people's daily call services in the future, the first consideration is its communication security. When the user equipment needs to access the IMS service network, it first needs to perform identity authentication. This authentication is based on a process called "IMS Authentication and Key Agreement" (IMSAKA). Since the SIP protocol itself lacks mandatory confidentiality and integrity protection, the IMS system requires user equipment to accept mandatory integrity protection when accessing the service network, and the key generated after IMSAKA negotiation is used for Establish this security association. After analysis, it is found that the security protection mechanism of the IMS network can well resist the registration hijacking attack, but the denial of service attack (DoS attack) may occur due to the lack of message security protection in the discovery process of the user in the P-CSCF. Therefore, the IMS The network has a certain ability to resist most of the existing attacks, but there are still relatively large security risks.

由于当用户接入分组域是需要经过IMSAKA的密钥分配流程,而该流程需要用户设备与IMS网络进行两次独立的认证和网络密钥分配且其中存在漏洞,可能导致伪装攻击。针对这个问题我们必须对现有的密钥协商机制进行优化。目前在端到端的话音传输过程中可以直接使用基于对称密码加密的方式进行。但是对称密码算法的缺点是需要发送和接收端在通信之前事先进行密钥协商,确保加解密使用的是相同的密钥。基于以上的问题,Diffie和Hellman提出了公钥密码的体制。由于公开钥匙算法大多是基于一些计算复杂度上的难题,其中很多原理都来自于数论等知识,这些问题的算法实现往往涉及到模数乘法或指数运算的操作,因此相对于传统的分组密码加密的方法需要更多计算资源。由此可以看出在网络的话音传输这样对于实时性要求很高的场合,利用公钥算法对话音数据进行加密并不是一个好方法。Because when the user accesses the packet domain, it needs to go through the IMSAKA key distribution process, and this process requires two independent authentications and network key distribution between the user equipment and the IMS network, and there are loopholes in it, which may lead to masquerading attacks. To solve this problem, we must optimize the existing key agreement mechanism. At present, in the end-to-end voice transmission process, it can be directly encrypted based on symmetric cipher. However, the disadvantage of the symmetric encryption algorithm is that the sending and receiving ends need to conduct key agreement before communication to ensure that the same key is used for encryption and decryption. Based on the above problems, Diffie and Hellman proposed the system of public key cryptography. Since the public key algorithm is mostly based on some computational complexity problems, many of which come from knowledge such as number theory, the algorithm realization of these problems often involves the operation of modulus multiplication or exponential operation, so compared with the traditional block cipher encryption method requires more computing resources. It can be seen from this that it is not a good method to use the public key algorithm to encrypt the voice data in the case of network voice transmission, which requires high real-time performance.

基于对上述技术方法中的处理效率与安全性等问题分析,本发明提出了一种新的VoLTE安全通信方法,其中涉及对称加密算法、非对称加密算法、数字签名算法等。Based on the analysis of issues such as processing efficiency and security in the above technical methods, the present invention proposes a new VoLTE secure communication method, which involves symmetric encryption algorithms, asymmetric encryption algorithms, digital signature algorithms, and the like.

对称加密算法指加密和解密使用相同密钥的加密算法,它要求发送方和接收方在安全通信之前,商定一个密钥。对称算法的安全性依赖于密钥,泄漏密钥就意味着任何人都可以对他们发送或接收的消息解密,所以密钥的保密性至关重要。Symmetric encryption algorithm refers to the encryption algorithm that uses the same key for encryption and decryption. It requires the sender and receiver to agree on a key before secure communication. The security of the symmetric algorithm depends on the key. Leaking the key means that anyone can decrypt the messages they send or receive, so the secrecy of the key is very important.

非对称加密算法实现机密信息交换的基本过程是:甲方生成一对密钥并将其中的一把作为公用密钥向其它方公开;得到该公用密钥的乙方使用该密钥对机密信息进行加密后再发送给甲方;甲方再用自己保存的另一把专用密钥对加密后的信息进行解密。甲方只能用其专用密钥解密由其公用密钥加密后的任何信息,非对称加密算法的保密性比较好。The basic process of asymmetric encryption algorithm to realize the exchange of confidential information is: Party A generates a pair of keys and discloses one of them as a public key to other parties; Encrypted and then sent to Party A; Party A then uses another private key saved by itself to decrypt the encrypted information. Party A can only use its private key to decrypt any information encrypted by its public key, and the asymmetric encryption algorithm has better confidentiality.

数字签名,就是只有信息的发送者才能产生的别人无法伪造的一段数字串,这段数字串同时也是对发送者发送信息真实性的一个有效证明。数字签名应具有如下特点:收方能够确认或证实发方的签字,任何人都不能仿造。数字签名是个加密的过程,数字签名验证是个解密的过程。数字签名可以保证信息传输的完整性、对发送者进行身份认证、防止抵赖行为的发生。A digital signature is a digital string that only the sender of the message can produce and cannot be forged by others. This digital string is also an effective proof of the authenticity of the message sent by the sender. The digital signature should have the following characteristics: the recipient can confirm or verify the signature of the sender, and no one can forge it. Digital signature is an encryption process, and digital signature verification is a decryption process. Digital signatures can ensure the integrity of information transmission, authenticate the identity of the sender, and prevent the occurrence of repudiation.

发明内容Contents of the invention

技术问题:本发明提供一种能够进一步确保语音信息传输的速度、质量和安全性的VoLTE安全通信方法。Technical problem: The present invention provides a VoLTE secure communication method that can further ensure the speed, quality and security of voice information transmission.

技术方案:本发明的VoLTE安全通信方法,使用对称加密算法RC4对通话语音数据进行加密,同时使用非对称加密算法RSA对通话语音数据进行数字签名与验证;对称加密的密钥通过非对称加密算法RSA的公钥进行加密后再与接收方进行协商。Technical solution: The VoLTE secure communication method of the present invention uses the symmetric encryption algorithm RC4 to encrypt the call voice data, and uses the asymmetric encryption algorithm RSA to digitally sign and verify the call voice data; the symmetric encryption key is passed through the asymmetric encryption algorithm The RSA public key is encrypted and then negotiated with the receiver.

进一步的,本发明方法的具体步骤如下:Further, the concrete steps of the inventive method are as follows:

(1)发送方准备好要传送的语音数据信息,对所述语音数据信息进行摘要计算,得到信息摘要,然后对所述信息摘要用RSA私钥进行加密得到数字签名,并将所述数字签名附在语音数据信息上;(1) The sender prepares the voice data information to be transmitted, performs digest calculation on the voice data information, obtains a message digest, then encrypts the message digest with an RSA private key to obtain a digital signature, and sends the digital signature attached to the voice data message;

(4)发送方随机产生一个对称加密密钥,用对称加密算法RC4对所述附有数字签名的语音数据信息进行加密,形成密文;(4) The sender generates a symmetric encryption key at random, and encrypts the voice data information with the digital signature with the symmetric encryption algorithm RC4 to form ciphertext;

(5)发送方用接收方的RSA公钥对之前随机产生的对称加密密钥进行加密,将加密后的密钥连同密文一起传送给接收方;(5) The sender encrypts the randomly generated symmetric encryption key with the RSA public key of the receiver, and transmits the encrypted key together with the ciphertext to the receiver;

(6)接收方收到密文和加密后的密钥,先用RSA私钥对加密后的密钥进行解密,得到对称加密密钥,然后用所述对称加密密钥对密文进行RC4解密,得到附有数字签名的语音数据信息;(6) The recipient receives the ciphertext and the encrypted key, first decrypts the encrypted key with the RSA private key to obtain the symmetric encryption key, and then uses the symmetric encryption key to perform RC4 decryption on the ciphertext , get voice data information with digital signature;

(8)接收方用发送方的RSA公钥对所述步骤(6)解密得到的语音数据信息中的数字签名进行解密,得到信息摘要;(8) the receiver decrypts the digital signature in the voice data information obtained by deciphering the step (6) with the RSA public key of the sender, and obtains an information summary;

(9)接收方用与步骤(1)相同的摘要计算方法对所述步骤(6)得到的附有数字签名的语音数据信息进行运算,得到新的信息摘要;(9) the receiving party calculates the voice data information with digital signature obtained in the step (6) with the same abstract calculation method as step (1), to obtain a new information abstract;

(10)接收方将新的信息摘要与所述步骤(8)解密得到的信息摘要进行比较,如果一致,说明收到的语音信息未被篡改,则信任该语音信息,获取其内容,否则屏蔽该语音信息。(10) The receiver compares the new information summary with the information summary obtained by decrypting the step (8), if they are consistent, it means that the received voice information has not been tampered with, then trust the voice information and obtain its content, otherwise block The voice message.

进一步的,本发明方法中,对称加密密钥在本次通话结束后将被销毁。Further, in the method of the present invention, the symmetric encryption key will be destroyed after the call ends.

有益效果:本发明与现有技术相比,具有以下优点:Beneficial effect: compared with the prior art, the present invention has the following advantages:

在语音通信系统中,通信语音数据量一般比较大,对时延要求也高。通过采用效率较高的对称加密RC4算法对通信语音数据进行加密,能够更符合VoLTE语音的要求。而对每次语音数据加密的密钥则用非对称RSA算法进行加密协商,更好地利用非对称加解密的灵活方便特点。In a voice communication system, the amount of communication voice data is generally relatively large, and the requirement for time delay is also high. By adopting the highly efficient symmetric encryption RC4 algorithm to encrypt communication voice data, it can better meet the requirements of VoLTE voice. The encryption key for each voice data encryption is encrypted and negotiated with the asymmetric RSA algorithm, which makes better use of the flexible and convenient features of asymmetric encryption and decryption.

提出的VoLTE安全通信方法综合运用了对称和非对称加解密方法,高效地实现了VoLTE通信双方的保密传输、认证与签名和密钥协商,较好地兼顾了VoLTE语音传输对传输速度、语音质量以及安全性的要求。The proposed VoLTE secure communication method comprehensively uses symmetric and asymmetric encryption and decryption methods, efficiently realizes the confidential transmission, authentication, signature and key negotiation of both sides of VoLTE communication, and takes into account the impact of VoLTE voice transmission on transmission speed and voice quality. and security requirements.

附图说明Description of drawings

图1为一种VoLTE安全通信方法的总体框图。FIG. 1 is an overall block diagram of a VoLTE secure communication method.

具体实施方式detailed description

下面结合实施例和说明书附图对本发明作进一步的说明。VoLTE是基于LTE移动通信技术基础上进行基于IP的语音通信,是未来的重要语音通信方式。其首先要完成IMS协议的接入以及基本通信链路的建立,然后再实现端到端的语音数据传递。The present invention will be further described below in conjunction with embodiment and accompanying drawing. VoLTE is an IP-based voice communication based on LTE mobile communication technology, and it is an important voice communication method in the future. It must first complete the access of the IMS protocol and the establishment of the basic communication link, and then realize the end-to-end voice data transmission.

根据图1,我们来说明VoLTE上安全通信方法的实施过程。首先在VoLTE协议的基础上,有发送方为A,接收方为B。发送方和接收方需要首先实现VoLTE的IMS接入及基本通信链路建立。其实现步骤如下:According to Fig. 1, we describe the implementation process of the secure communication method on VoLTE. First, based on the VoLTE protocol, the sender is A and the receiver is B. The sender and receiver need to implement VoLTE IMS access and basic communication link establishment first. Its implementation steps are as follows:

(1)发送方A通过IMSAKA完成与业务网络的双向认证。(1) The sender A completes the two-way authentication with the service network through IMSAKA.

(2)A与CSCF-A建立通信。(2) A establishes communication with CSCF-A.

(3)接收方B通过IMSAKA完成与业务网络的双向认证。(3) Receiver B completes the two-way authentication with the service network through IMSAKA.

(4)B与CSCF-B建立通信。(4) B establishes communication with CSCF-B.

(5)A向CSCF-A发出会话邀请请求。(5) A sends a session invitation request to CSCF-A.

(6)CSCF-A通过查看SIP请求相关字段路由到CSCF-B。(6) CSCF-A routes to CSCF-B by checking the relevant fields of the SIP request.

(7)CSCF-B将会话邀请请求发送至B。(7) CSCF-B sends a session invitation request to B.

(8)B对会话邀请请求进行确认,呼叫建立。(8) B confirms the session invitation request, and the call is established.

接下来进行安全通信方法的建立:Next, establish a secure communication method:

(1)发送方A生成一个随机的加密密钥;(1) The sender A generates a random encryption key;

(2)发送方A对语音数据信息进行摘要计算,得到信息摘要;(2) The sender A performs digest calculation on the voice data information to obtain the message digest;

(3)发送方A对信息摘要用RSA私钥进行加密得到数字签名,并将其附在语音数据信息上;(3) The sender A encrypts the information summary with the RSA private key to obtain a digital signature, and attaches it to the voice data information;

(4)发送方A随机产生一个密钥,用对称加密算法RC4对要发送的语音数据信息进行加密,形成密文;(4) The sender A randomly generates a key, and encrypts the voice data information to be sent with the symmetric encryption algorithm RC4 to form a ciphertext;

(5)发送方A用接收方的RSA公钥对之前随机产生的密钥进行加密,将加密后的密钥连同密文一起传送给接收方;(5) The sender A encrypts the previously randomly generated key with the RSA public key of the receiver, and transmits the encrypted key together with the ciphertext to the receiver;

(6)接收方B收到密文和加密后的密钥,先用RSA私钥对加密后的密钥进行解密,得到对称加密密钥;(6) Receiver B receives the ciphertext and the encrypted key, first decrypts the encrypted key with the RSA private key, and obtains the symmetric encryption key;

(7)接收方B再用对称加密密钥对密文进行RC4解密,得到明文的语音数据信息;(7) The receiver B uses the symmetric encryption key to decrypt the ciphertext by RC4 to obtain the plaintext voice data information;

(8)接收方B用发送方的RSA公钥对数字签名进行解密,得到信息摘要;(8) Receiver B decrypts the digital signature with the sender's RSA public key to obtain a message digest;

(9)接收方B用相同的摘要算法对明文进行运算得到新的信息摘要;(9) Receiver B uses the same digest algorithm to calculate the plaintext to obtain a new message digest;

(10)接收方B将新的信息摘要与接收到的信息摘要进行比较,如果一致,说明收到的语音信息未被篡改。(10) Receiver B compares the new message digest with the received message digest, and if they are consistent, it means that the received voice message has not been tampered with.

(11)本次通话结束后,用来加密语音数据的对称加密密钥将被销毁;(11) After the call ends, the symmetric encryption key used to encrypt voice data will be destroyed;

这样就实现了基于VoLTE将语音信息由发送方加密传输给接收方的目的,有效确保会话的安全性。In this way, the voice information is encrypted and transmitted from the sender to the receiver based on VoLTE, effectively ensuring the security of the session.

上述实施例仅是本发明的优选实施方式,应当指出:对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和等同替换,这些对本发明权利要求进行改进和等同替换后的技术方案,均落入本发明的保护范围。The foregoing embodiments are only preferred implementations of the present invention. It should be pointed out that those skilled in the art can make several improvements and equivalent replacements without departing from the principle of the present invention. Technical solutions requiring improvement and equivalent replacement all fall within the protection scope of the present invention.

Claims (3)

1.一种VoLTE安全通信方法,其特征在于,该方法使用对称加密算法RC4对通话语音数据进行加密,同时使用非对称加密算法RSA对通话语音数据进行数字签名与验证;对称加密的密钥通过非对称加密算法RSA的公钥进行加密后再与接收方进行协商。1. A VoLTE secure communication method is characterized in that, the method uses symmetric encryption algorithm RC4 to encrypt call voice data, and simultaneously uses asymmetric encryption algorithm RSA to carry out digital signature and verification to call voice data; the key of symmetric encryption is passed The public key of the asymmetric encryption algorithm RSA is encrypted and then negotiated with the receiver. 2.如权利要求1所述的一种VoLTE安全通信方法,其特征在于,该方法具体步骤如下:2. A kind of VoLTE safe communication method as claimed in claim 1, is characterized in that, the specific steps of the method are as follows: (1)发送方准备好要传送的语音数据信息,对所述语音数据信息进行摘要计算,得到信息摘要,然后对所述信息摘要用RSA私钥进行加密得到数字签名,并将所述数字签名附在语音数据信息上;(1) The sender prepares the voice data information to be transmitted, performs digest calculation on the voice data information, obtains a message digest, then encrypts the message digest with an RSA private key to obtain a digital signature, and sends the digital signature attached to the voice data message; (4)发送方随机产生一个对称加密密钥,用对称加密算法RC4对所述附有数字签名的语音数据信息进行加密,形成密文;(4) The sender generates a symmetric encryption key at random, and encrypts the voice data information with the digital signature with the symmetric encryption algorithm RC4 to form ciphertext; (5)发送方用接收方的RSA公钥对之前随机产生的对称加密密钥进行加密,将加密后的密钥连同密文一起传送给接收方;(5) The sender encrypts the randomly generated symmetric encryption key with the RSA public key of the receiver, and transmits the encrypted key together with the ciphertext to the receiver; (6)接收方收到密文和加密后的密钥,先用RSA私钥对加密后的密钥进行解密,得到对称加密密钥,然后用所述对称加密密钥对密文进行RC4解密,得到附有数字签名的语音数据信息;(6) The recipient receives the ciphertext and the encrypted key, first decrypts the encrypted key with the RSA private key to obtain the symmetric encryption key, and then uses the symmetric encryption key to perform RC4 decryption on the ciphertext , get voice data information with digital signature; (8)接收方用发送方的RSA公钥对所述步骤(6)解密得到的语音数据信息中的数字签名进行解密,得到信息摘要;(8) the receiver decrypts the digital signature in the voice data information obtained by deciphering the step (6) with the RSA public key of the sender, and obtains an information summary; (9)接收方用与步骤(1)相同的摘要计算方法对所述步骤(6)得到的附有数字签名的语音数据信息进行运算,得到新的信息摘要;(9) the receiving party calculates the voice data information with digital signature obtained in the step (6) with the same abstract calculation method as step (1), to obtain a new information abstract; (10)接收方将新的信息摘要与所述步骤(8)解密得到的信息摘要进行比较,如果一致,说明收到的语音信息未被篡改,则信任该语音信息,获取其内容,否则屏蔽该语音信息。(10) The receiver compares the new information summary with the information summary obtained by decrypting the step (8), if they are consistent, it means that the received voice information has not been tampered with, then trust the voice information and obtain its content, otherwise block The voice message. 3.如权利要求1或2所述的一种VoLTE安全通信方法,其特征在于,所述对称加密密钥在本次通话结束后将被销毁。3. A VoLTE secure communication method according to claim 1 or 2, wherein the symmetric encryption key will be destroyed after the call ends.
CN201610018888.0A 2016-01-12 2016-01-12 A VoLTE secure communication method Pending CN105530100A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610018888.0A CN105530100A (en) 2016-01-12 2016-01-12 A VoLTE secure communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610018888.0A CN105530100A (en) 2016-01-12 2016-01-12 A VoLTE secure communication method

Publications (1)

Publication Number Publication Date
CN105530100A true CN105530100A (en) 2016-04-27

Family

ID=55772114

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610018888.0A Pending CN105530100A (en) 2016-01-12 2016-01-12 A VoLTE secure communication method

Country Status (1)

Country Link
CN (1) CN105530100A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106060807A (en) * 2016-05-24 2016-10-26 中国科学院信息工程研究所 Message transmission method applicable to circuit domain encrypted communication
CN107231237A (en) * 2017-06-02 2017-10-03 上海斐讯数据通信技术有限公司 A kind of safe credit method and system
CN107249002A (en) * 2017-07-20 2017-10-13 云南电网有限责任公司电力科学研究院 A kind of method, system and device for improving intelligent electric energy meter security
WO2017197968A1 (en) * 2016-05-17 2017-11-23 中兴通讯股份有限公司 Data transmission method and device
CN107733836A (en) * 2016-08-11 2018-02-23 中国电信股份有限公司 VoLTE and GSM encryption voice intercommunication method and system
CN111769934A (en) * 2020-07-08 2020-10-13 深圳思凯微电子有限公司 Data transmission method, system and computer readable storage medium
CN112751868A (en) * 2020-12-30 2021-05-04 武汉海昌信息技术有限公司 Heterogeneous encryption transmission method, storage medium and system
CN113779634A (en) * 2021-09-17 2021-12-10 江苏通付盾区块链科技有限公司 Data storage method and system
CN115361678A (en) * 2022-08-17 2022-11-18 中电信量子科技有限公司 VoLTE voice encryption optimization implementation method, terminal and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986583A (en) * 2014-05-29 2014-08-13 上海斐讯数据通信技术有限公司 Dynamic encryption method and encryption communication system thereof
CN104424446A (en) * 2013-08-21 2015-03-18 中外建设信息有限责任公司 Safety verification and transmission method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104424446A (en) * 2013-08-21 2015-03-18 中外建设信息有限责任公司 Safety verification and transmission method and system
CN103986583A (en) * 2014-05-29 2014-08-13 上海斐讯数据通信技术有限公司 Dynamic encryption method and encryption communication system thereof

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017197968A1 (en) * 2016-05-17 2017-11-23 中兴通讯股份有限公司 Data transmission method and device
CN106060807A (en) * 2016-05-24 2016-10-26 中国科学院信息工程研究所 Message transmission method applicable to circuit domain encrypted communication
CN107733836B (en) * 2016-08-11 2020-11-24 中国电信股份有限公司 Encrypted voice intercommunication method and system for VoLTE and mobile communication system, IM-MGW and VOLTE network system
CN107733836A (en) * 2016-08-11 2018-02-23 中国电信股份有限公司 VoLTE and GSM encryption voice intercommunication method and system
CN107231237A (en) * 2017-06-02 2017-10-03 上海斐讯数据通信技术有限公司 A kind of safe credit method and system
CN107249002A (en) * 2017-07-20 2017-10-13 云南电网有限责任公司电力科学研究院 A kind of method, system and device for improving intelligent electric energy meter security
CN107249002B (en) * 2017-07-20 2021-02-23 云南电网有限责任公司电力科学研究院 Method, system and device for improving safety of intelligent electric energy meter
CN111769934A (en) * 2020-07-08 2020-10-13 深圳思凯微电子有限公司 Data transmission method, system and computer readable storage medium
CN111769934B (en) * 2020-07-08 2023-12-08 深圳思凯微电子有限公司 Data transmission method, system and computer readable storage medium
CN112751868A (en) * 2020-12-30 2021-05-04 武汉海昌信息技术有限公司 Heterogeneous encryption transmission method, storage medium and system
CN113779634A (en) * 2021-09-17 2021-12-10 江苏通付盾区块链科技有限公司 Data storage method and system
CN115361678A (en) * 2022-08-17 2022-11-18 中电信量子科技有限公司 VoLTE voice encryption optimization implementation method, terminal and system
CN115361678B (en) * 2022-08-17 2024-11-05 中电信量子科技有限公司 VoLTE voice encryption optimization implementation method, terminal and system

Similar Documents

Publication Publication Date Title
CN105530100A (en) A VoLTE secure communication method
CN107343179B (en) A kind of encryption of video information and video terminal safety certifying method
CN104486077B (en) A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission
CN104618110B (en) A kind of VoIP security conferences session key transmission method
CN110048849B (en) Multi-layer protection session key negotiation method
JP2017063432A (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN102111416B (en) Real time data encryption transmission method for voice over internet protocol (VoIP)
CN112468490B (en) Authentication method for access of power grid terminal layer equipment
CN102594569B (en) Certificateless key agreement method adopted during Tor anonymous channel building
CN107104977A (en) A kind of block chain data safe transmission method based on Stream Control Transmission Protocol
CN102547688A (en) Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel
CN108683647A (en) A Data Transmission Method Based on Multiple Encryption
CN101729871B (en) Method for safe cross-domain access to SIP video monitoring system
CN101958907A (en) Method, system and device for transmitting key
CN106936788A (en) A kind of cryptographic key distribution method suitable for VOIP voice encryptions
CN101710900B (en) Method for interacting signaling safely in session ignition protocol (SIP) registration domain
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN114650173A (en) An encrypted communication method and system
CN114553430A (en) A secure access system for a new type of power service terminal based on SDP
CN109104278A (en) A kind of encrypting and decrypting method
CN100452697C (en) Conversation key safety distributing method under wireless environment
CN100461670C (en) Terminal Access Method Based on H.323 Protocol Applied to Packet Network
CN105848140A (en) Safe end-to-end establishment method capable of achieving communication supervision in 5G network
CN119011115A (en) Secure communication method and secure communication system based on Internet of things
CN105991277B (en) Key Distribution Method Based on SIP Communication System

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160427