CN105704711A - Method for ensuring call communication security, device and user terminal - Google Patents
Method for ensuring call communication security, device and user terminal Download PDFInfo
- Publication number
- CN105704711A CN105704711A CN201410689894.XA CN201410689894A CN105704711A CN 105704711 A CN105704711 A CN 105704711A CN 201410689894 A CN201410689894 A CN 201410689894A CN 105704711 A CN105704711 A CN 105704711A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- data
- authentication
- result
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Abstract
The embodiment of the invention provides a method for ensuring call communication security, a device for ensuring call communication security and a user terminal. The method is used for a first user terminal and includes the following steps that: in a process in which voice call communication is carried out between the first user terminal and a second user terminal, the identity of the second user terminal is verified, and a verification result is obtained; when the verification result indicates that the identity verification is successful, the voice call communication is maintained; when the verification result indicates that the identity verification fails, the voice call communication is terminated. With the method, device and user terminal provided by the embodiment of the invention adopted, the identity of a user can be prevented from being tampered, and call communication security can be ensured.
Description
Technical field
The present embodiments relate to call security fields, particularly relate to a kind of method, device and user terminal ensureing to converse safe。
Background technology
Fast development along with telecommunication service, various voice call functions are very universal, in telecommunication service, caller identification business all can be used, telephone called side can judge the identity of phone the other side according to the telephone number of caller identification, but now with a kind of illegal technology, calling number can be revised in a network, control the caller identification number of callee, the number of certain callee trust that telephone number is disguised oneself as, reach the purpose that deception is called, so in the voice call process relating to vital interests relation, it is insecure for only according to caller identification, the other side being carried out trust。
Summary of the invention
The purpose of the embodiment of the present invention is to provide a kind of method, device and user terminal ensureing to converse safe, to prevent user identity to be tampered, it is ensured that call safety。
For solving above-mentioned technical problem, the embodiment of the present invention provides scheme as follows:
The embodiment of the present invention provides a kind of method ensureing call safety, for a first user terminal, including:
Carry out, in the process of voice call, the identity of described second user terminal being verified, obtaining a result between described first user terminal and one second user terminal;
When described the result is authentication success, keep described voice call;
When described the result is authentication failure, terminate described voice call。
Preferably, the described identity to described second user terminal is verified, and obtains a result and includes:
Mutual with described second user terminal and an authentication center, digital certificate after acquisition one signature, after described signature, digital certificate is applied for after the first digital certificate from described authentication center by described second user terminal, utilizes the private key of described authentication center to be saved in the server of described authentication center after described first digital certificate signature;
Utilizing the root certificate of described authentication center, described first digital certificate is verified, if be proved to be successful, then described the result is authentication success, and otherwise, described the result is authentication failure。
Preferably, the described identity to described second user terminal is verified, and obtains a result and includes:
Generate one first data;
Described first data are sent to described second user terminal, make described second user terminal can utilize the private key of described second user terminal, after described first data are signed, obtain data after a signature, and data after described signature are sent to described first user terminal;
Receive data after described signature;
Utilize the PKI of described second user terminal, after data are decrypted after described signature, obtain the second data;
Judging that whether described second data and described first data are identical, if identical, then described the result is authentication success, and otherwise, described the result is authentication failure。
Preferably, the voice link that the described identity to described second user terminal is verified especially by described voice call adopts carries out。
Preferably, also include:
When described the result is authentication success, generating a random number as password, described password utilizes the speech data that described voice link is mutual described in encryption and decryption between first user terminal and described second user terminal;
Utilize the PKI of described first user terminal, after described password is encrypted, obtain one first ciphertext;
Described first ciphertext is sent to described first user terminal so that described first user terminal is able to receive that described first ciphertext, and utilizes the private key of described first user terminal that reduction after described first ciphertext deciphering is obtained described password。
The embodiment of the present invention also provides for a kind of device ensureing call safety, for a first user terminal, including:
Authentication module, for carrying out in the process of voice call between described first user terminal and one second user terminal, is verified the identity of described second user terminal, obtains a result;
Keep module, for when described the result is authentication success, keeping described voice call;
Terminate module, for when described the result is authentication failure, terminating described voice call。
Preferably, described authentication module includes:
Acquiring unit, for mutual with described second user terminal and an authentication center, digital certificate after acquisition one signature, after described signature, digital certificate is applied for after the first digital certificate from described authentication center by described second user terminal, utilizes the private key of described authentication center to be saved in the server of described authentication center after described first digital certificate signature;
Authentication unit, for utilizing the root certificate of described authentication center, is verified described first digital certificate, if be proved to be successful, then described the result is authentication success, and otherwise, described the result is authentication failure。
Preferably, described authentication module includes:
Generate unit, be used for generating one first data;
Transmitting element, for described first data are sent to described second user terminal, make described second user terminal can utilize the private key of described second user terminal, after described first data are signed, obtain data after a signature, and data after described signature are sent to described first user terminal;
Receive unit, be used for receiving data after described signature;
Decryption unit, for utilizing the PKI of described second user terminal, after data are decrypted after described signature, obtains the second data;
Judging unit, is used for judging that whether described second data and described first data are identical, if identical, then described the result is authentication success, and otherwise, described the result is authentication failure。
Preferably, the voice link that the described identity to described second user terminal is verified especially by described voice call adopts carries out。。
Preferably, also include:
Generation module, for when described the result is authentication success, generating a random number as password, described password utilizes the speech data that described voice link is mutual described in encryption and decryption between first user terminal and described second user terminal;
Encrypting module, for utilizing the PKI of described first user terminal, obtains one first ciphertext after described password is encrypted;
Sending module, for being sent to described first user terminal by described first ciphertext so that described first user terminal is able to receive that described first ciphertext, and utilizes the private key of described first user terminal that reduction after described first ciphertext deciphering is obtained described password。
The embodiment of the present invention also provides for a kind of user terminal including the above-described device ensureing call safety。
From the above it can be seen that the embodiment of the present invention at least has the advantages that
Enable user judging that opposite end calling user identity terminates this call time problematic, thus preventing user identity to be tampered, it is ensured that call safety。
Accompanying drawing explanation
Fig. 1 represents the flow chart of steps of a kind of signal mixing output intent that the embodiment of the present invention provides;
Fig. 2 represents the believable authentication center major function of the better embodiment of the embodiment of the present invention;
Fig. 3 is the generation of the certificate of the better embodiment of the embodiment of the present invention;
Fig. 4 be the better embodiment of the embodiment of the present invention practical application in the annexation of each node;
The software for the intelligent talking terminal present invention that Fig. 5 is the better embodiment of the embodiment of the present invention realizes principle;
Fig. 6 is encrypting and transmission process in data in conversion of the better embodiment of the embodiment of the present invention;
Fig. 7 is the authentication before the call foundation of the better embodiment of the embodiment of the present invention and ciphersuite negotiation process
Fig. 8 represents the structured flowchart of a kind of signal mixing output device that the embodiment of the present invention provides。
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawings and the specific embodiments the embodiment of the present invention is described in detail。
Fig. 1 represents the flow chart of steps of a kind of signal mixing output intent that the embodiment of the present invention provides, and with reference to Fig. 1, the embodiment of the present invention provides a kind of method ensureing call safety, comprises the steps:
Step 101, carries out, in the process of voice call, the identity of described second user terminal being verified, obtaining a result between described first user terminal and one second user terminal;
Step 102, when described the result is authentication success, keeps described voice call;
Step 103, when described the result is authentication failure, terminates described voice call。
Described method is used for a first user terminal。
Visible, by the way so that user is judging that opposite end calling user identity can terminate this call time problematic, thus preventing user identity to be tampered, it is ensured that call safety。
Wherein, user terminal is such as: mobile phone。
In the embodiment of the present invention, the described identity to described second user terminal is verified, and obtaining a result can be accomplished in several ways, and is exemplified below:
<mode one>
The described identity to described second user terminal is verified, and obtains a result and comprises the steps that
Mutual with described second user terminal and an authentication center, digital certificate after acquisition one signature, after described signature, digital certificate is applied for after the first digital certificate from described authentication center by described second user terminal, utilizes the private key of described authentication center to be saved in the server of described authentication center after described first digital certificate signature;
Utilizing the root certificate of described authentication center, described first digital certificate is verified, if be proved to be successful, then described the result is authentication success, and otherwise, described the result is authentication failure。
<mode two>
The described identity to described second user terminal is verified, and obtains a result and comprises the steps that
Generate one first data;
Described first data are sent to described second user terminal, make described second user terminal can utilize the private key of described second user terminal, after described first data are signed, obtain data after a signature, and data after described signature are sent to described first user terminal;
Receive data after described signature;
Utilize the PKI of described second user terminal, after data are decrypted after described signature, obtain the second data;
Judging that whether described second data and described first data are identical, if identical, then described the result is authentication success, and otherwise, described the result is authentication failure。
Wherein, the private key of described second user terminal and PKI can be pre-stored in described second user terminal and described first user terminal respectively, it is also possible to obtained from described authentication center by described second user terminal and described first user terminal respectively。
In the embodiment of the present invention, the described identity to described second user terminal is verified specifically to be undertaken by the voice link that described voice call adopts。
Further, may also include that
When described the result is authentication success, generating a random number as password, described password utilizes the speech data that described voice link is mutual described in encryption and decryption between first user terminal and described second user terminal;
Utilize the PKI of described first user terminal, after described password is encrypted, obtain one first ciphertext;
Described first ciphertext is sent to described first user terminal so that described first user terminal is able to receive that described first ciphertext, and utilizes the private key of described first user terminal that reduction after described first ciphertext deciphering is obtained described password。
For the embodiment of the present invention being set forth clearly clear, provide below the better embodiment of the embodiment of the present invention。
This better embodiment provides a kind of and prevents incoming call deception and the method for call eavesdropping based on digital certificate。
This better embodiment relates to a kind of method ensureing voice telephone calls safety, the camouflage of caller ID or deception when preventing from receiving calls, and prevent dialog context to be ravesdropping, in particular, utilize digital certificate technique that the identity of both call sides is verified, and before call starts, consult call key, speech scrambling content, it is ensured that the safety of dialog context。
Digital certificate technique is used widely at computer safety field, utilizes Cryptography Principles can uniquely confirm the identity of digital certificate owner, so digital certificate technique can be utilized in telephone relation to confirm the identity of the other side。
Except the risk of caller ID deception, voice call communication process there is also the possibility being ravesdropping, make a phone call to relate to Company Confidential or individual because of private, if dialog context is intercepted can caller be caused damage by third party。If dialog context is encrypted, even if communicating data is brought into, also cannot obtain it is really content, has key integrity problem during encryption, utilizes the asymmetric encryption techniques of digital certificate can negotiate reliable password。
This better embodiment utilizes Cryptography Principles, it is ensured that in using telecommunication voice business, the identity of both call sides is credible, and guarantees the confidentiality of dialog context。
This better embodiment by the following technical solutions, initially sets up believable authentication center, is called for short CA, and this CA is responsible for the generation of digital certificate, and signs and issues, and certificate is downloaded, and certificate revocation。The colony that identity is sensitive, it is possible to everyone applies for a digital certificate at this CA, and certificate mainly comprises the information such as the identity of certificate ID, telephone number, expiration date, and holder。The key of corresponding a pair RSA cryptographic algorithms of each certificate, PKI is open in certificate, and private key only has certificate owner to hold。When closing of the circuit, caller and called being required for carry out authentication with the key of certificate, consult the Crypted password of follow-up call simultaneously。
This better embodiment mainly has authentication center (CA) and phone set terminal to realize, and CA includes certificates constructing module, certificate storage module, certificate download module, certificate revocation module;Phone set terminal is by authentication module, key negotiation module, and PCM encrypting module composition。
Basic operational steps is as follows:
Step A: set up digital authenticating center (CA), and disclose certificate and the encrypted public key of this CA;
Step B: user applies for digital certificate by CA, and with the private key of CA to certificate signature;
Step C: certificate is saved in CA server, and the digital certificate of open user and PKI,;
Step D: user A phones B by any operator or approach;
The caller ID of step E:B phone ringing display A;
Step F: after closing of the circuit, the A voice channel by PCM, issues B, B by the certificate ID of oneself and also certificate ID is issued A;
Step G:A, the B both sides certificate ID according to the other side, downloaded the certificate of the other side, and obtain the PKI of the other side by CA。
After step H:A, B get the other side's certificate, with the root certificate of CA, certificate each other is verified;If authentication failed, call terminates at once;
Step I:A generates random number R .A, and the phone number N.B of B adds composition (R.A+N.B) on random number, is sent to B;
After step J:B receives (R.A+N.B), with the private key of oneself, it is signed, and signature result SIGN-(R.A+N.B) is sent to A;
Step K:A receives the SIGN-(R.A+N.B) of B and signs after result, is verified with the PKI of B, and original (R.A+N.B) compares, if mistake end of conversation;
Step L:B generates random number R .B, and the phone number N.A of A adds composition (R.B+N.A) on random number, is sent to A;
After step M:A receives (R.B+N.A), with the private key of oneself, it is signed, and signature result SIGN-(R.B+N.A) is sent to B;
Step N:B receives the SIGN-(R.B+N.A) of A and signs after result, is verified with the PKI of A, and original (R.B+N.A) compares, if mistake end of conversation;
Step O:B generates random number KEY, is used the public key encryption of A to generate ciphertext Pub.A-KEY, is sent to A;
Pub.A-KEY is decrypted by step P:A with the private key of oneself, reduction KEY;
Step Q:A, B both sides are complete authentication, the password KEY that arrives is consulted with having, follow-up call, the raw tone PCM data KEY of local terminal is encrypted and is then passed to network by A, B receive encryption after data after decipher with KEY, obtain original PCM, then just can play original speech data and get the voice of A end;Equally, the raw PCM data KEY of local terminal is encrypted to issue and deciphers with KEY after A, A receive by B, obtains original PCM, then plays the voice acquiring B end。
Compared with prior art, to caller identification fraud problem, the vigilance of called subscriber and the supervision of operator can only be leaned on, but do not have the method thoroughly solved principle。Use this method, so that it may so that the identity of both call sides reaches absolute trust purpose;For call eavesdropping problem, for common fixed telephone network, being very unsafe, the speech data on whole network is all expressly, can be ravesdropping at any time。For the mobile network developed at present, physical channel is encoded process and reaches safe effect by network, but if the Core Network elements of operator is controlled by lawless person, also has the risk being ravesdropping。Smart mobile phone also can implanted eavesdropping software, carry out checking trojan horse program only by antivirus software at present, but if virus base does not upgrade in time, just have New Trojan Horse program and be incorporated into committing theft and listen。Use this method, whole PCM path, the voice signal obtained from hardware can be encrypted at once, until opposite end is converted into voice signal and just deciphers, so being all transmit with ciphertext on whole network path, from which node eavesdropping, the data got all cannot restore voice signal, so, above all of eavesdropping problem can be solved。
Provide preferred embodiment below in conjunction with accompanying drawing, use scene, design principle to describe in detail this better embodiment:
As in figure 2 it is shown, authentication center needs to be responsible for certificates constructing, it is provided that certificate is downloaded, certificate stores, with certificate revocation function, user adds credible colony, it is necessary to apply for digital certificate at CA, shown in Fig. 3, information that CA submits to according to user and telephone number, generate the X.509 certificate format of standard, and sign with the private key of CA, the certificate generated can be distributed to user, and is retained in CA storage server。User exits credible colony, it is necessary to revoke certificates, and CA needs this certificate of labelling in storage server to be canceled。In use, user can according to certificate ID now certain concrete certificate, and CA can return to certificate file according to certificate status, or certificate is absent from or the error message that has been canceled。
Shown in Fig. 4, two calling users and CA need mutual communication in setting up communication process, terminal use and CA communication require over internet and connect, the Wi-Fi that can adopt mobile phone connects, or the data service of 3G/4G, between two users, authentication before setting up secure voice passage and ciphersuite negotiation require over, and are realized by original PCM voice channel;
Shown in Fig. 5, in intelligent terminal, the software of the present invention is divided into two parts, and one is certificate verification and ciphersuite negotiation, realizes in application layer, and another one is voice encryption part, realizes in kernel。Some Malware can gather telephonograph, and is sent by network, so encrypting module is placed on kernel portion, sound card equipment drives after collecting PCM voice, will encrypt at once, so the speech data collected by application layer is all encrypt。Certificate verification and ciphersuite negotiation are used for verifying the identity of the other side, if the insincere call of identity terminates at once, after authentication completes, and the other side consults Crypted password, after obtaining password, by password transmission to the encrypting module of kernel, encryption and deciphering PCM data;After successful acquisition password shown in Fig. 6, the transmittance process mike of speech data gathers voice signal, it is digital signal by hardware conversion, software-driven is encrypted after getting PCM data at once, and encrypted data length is constant, so being sent to network delivery also according to original data form and speed, after the other side receives the data after encryption, it is decrypted at kernel, after deciphering, obtains original PCM data, driver of sound card give hardware by PCM data and carry out reduction voice signal;
Shown in Fig. 7, the present invention whole detailed process in the application, according to content noted earlier, authentication center CA sets up, and A and B has all applied for certificate at CA, and A, B are owned by the RAS private key cryptographic corresponding with oneself certificate。A dials the phone of B, B ring, and receives calls, and now original PCM voice link is got through, and follow-up A/B both data is alternately all through this link。
A/B both sides' method by PCM voice channel transmission data: have two-way PCM after both sides' closing of the circuit and send and receive passage, A-> B and B-> A。Start according to 0x7E, and the generic way of 0x7E ending encapsulates the data to send。One group of last byte of data is as CRC check, if check errors, it is desirable to have retransmission mechanism。With 0x7E only in authentication and ciphersuite negotiation stage, ciphersuite negotiation completes need not use afterwards 0x7E encapsulation of data。It should be mentioned that the present invention is suitable only for transmission voice coding without compression and loss-free communication network。
Certificate is downloaded and certificate ID is sent to B, B and the certificate ID of oneself is also sent to A, the B certificate request to CA transmission download A by checking: A, according to certificate ID, first CA inquires about whether certificate exists, if it does not, send mistake, then check whether this certificate is canceled, if being canceled return mistake, if certificate exists and legal, then return the certificate file of A to B, after B takes the certificate file of A, receive and first with the PKI of CA, certificate is verified, if certification authentication failure, exit call。Then extract the telephone number in certificate, and caller ID contrasts, if telephone number and caller ID do not mate in certificate, end of conversation。A by above-mentioned same in the way of, the checking certificate of B and telephone number;
Authentication: pass through above method, A, B have taken the legal certificate of the other side, A subsequently generates random number R .A, the number N.B of itself and B is formed data and is sent to B, signature result SIGN (R.A+N.B) is sent to A after it is signed by B, signature result is verified by the certificate of A B, if signature is correct, illustrates that the identity of B is legal。Equally, B generates random number R .B, the number N.A of itself and A is formed data and is sent to A, signature result SIGN (R.B+N.A) is sent to B after it is signed by A, signature result is verified by the certificate of B A, if signature is correct, illustrates that the identity of A is legal。
Ciphersuite negotiation: A generates random number KEY, and with the public key encryption of B, is sent to B, B and its deciphering is obtained KEY;
Carry out safety call: after both sides obtain KEY, with KEY, the pcm stream being sent to the other side is encrypted, adopt DES or aes algorithm, the ciphertext length and the original PCM data length that obtain are equal, so the method for network transmission need not do any change, transmit data also according to former stream rate and method。Recipient receives the ciphertext of equal length according to constant speed, and it is decrypted with KEY, gets original PCM data, is then converted into original sound signal。
Fig. 8 represents the structured flowchart of a kind of signal mixing output device that the embodiment of the present invention provides, and with reference to Fig. 8, the embodiment of the present invention also provides for a kind of device ensureing call safety, including:
Authentication module, for carrying out in the process of voice call between described first user terminal and one second user terminal, is verified the identity of described second user terminal, obtains a result;
Keep module, for when described the result is authentication success, keeping described voice call;
Terminate module, for when described the result is authentication failure, terminating described voice call。
Described device is used for a first user terminal。
Visible, by the way so that user is judging that opposite end calling user identity can terminate this call time problematic, thus preventing user identity to be tampered, it is ensured that call safety。
In the embodiment of the present invention, described authentication module comprises the steps that
Acquiring unit, for mutual with described second user terminal and an authentication center, digital certificate after acquisition one signature, after described signature, digital certificate is applied for after the first digital certificate from described authentication center by described second user terminal, utilizes the private key of described authentication center to be saved in the server of described authentication center after described first digital certificate signature;
Authentication unit, for utilizing the root certificate of described authentication center, is verified described first digital certificate, if be proved to be successful, then described the result is authentication success, and otherwise, described the result is authentication failure。
In the embodiment of the present invention, described authentication module comprises the steps that
Generate unit, be used for generating one first data;
Transmitting element, for described first data are sent to described second user terminal, make described second user terminal can utilize the private key of described second user terminal, after described first data are signed, obtain data after a signature, and data after described signature are sent to described first user terminal;
Receive unit, be used for receiving data after described signature;
Decryption unit, for utilizing the PKI of described second user terminal, after data are decrypted after described signature, obtains the second data;
Judging unit, is used for judging that whether described second data and described first data are identical, if identical, then described the result is authentication success, and otherwise, described the result is authentication failure。
In the embodiment of the present invention, the described identity to described second user terminal is verified specifically to be undertaken by the voice link that described voice call adopts。。
Further, may also include that
Generation module, for when described the result is authentication success, generating a random number as password, described password utilizes the speech data that described voice link is mutual described in encryption and decryption between first user terminal and described second user terminal;
Encrypting module, for utilizing the PKI of described first user terminal, obtains one first ciphertext after described password is encrypted;
Sending module, for being sent to described first user terminal by described first ciphertext so that described first user terminal is able to receive that described first ciphertext, and utilizes the private key of described first user terminal that reduction after described first ciphertext deciphering is obtained described password。
The embodiment of the present invention also provides for a kind of user terminal, and described user terminal includes the above-described device ensureing call safety。
The above is only the embodiment of the embodiment of the present invention; it should be pointed out that, for those skilled in the art, under the premise without departing from embodiment of the present invention principle; can also making some improvements and modifications, these improvements and modifications also should be regarded as the protection domain of the embodiment of the present invention。
Claims (11)
1. the method ensureing call safety, it is characterised in that for a first user terminal, including:
Carry out, in the process of voice call, the identity of described second user terminal being verified, obtaining a result between described first user terminal and one second user terminal;
When described the result is authentication success, keep described voice call;
When described the result is authentication failure, terminate described voice call。
2. method according to claim 1, it is characterised in that the described identity to described second user terminal is verified, and obtains a result and includes:
Mutual with described second user terminal and an authentication center, digital certificate after acquisition one signature, after described signature, digital certificate is applied for after the first digital certificate from described authentication center by described second user terminal, utilizes the private key of described authentication center to be saved in the server of described authentication center after described first digital certificate signature;
Utilizing the root certificate of described authentication center, described first digital certificate is verified, if be proved to be successful, then described the result is authentication success, and otherwise, described the result is authentication failure。
3. method according to claim 1, it is characterised in that the described identity to described second user terminal is verified, and obtains a result and includes:
Generate one first data;
Described first data are sent to described second user terminal, make described second user terminal can utilize the private key of described second user terminal, after described first data are signed, obtain data after a signature, and data after described signature are sent to described first user terminal;
Receive data after described signature;
Utilize the PKI of described second user terminal, after data are decrypted after described signature, obtain the second data;
Judging that whether described second data and described first data are identical, if identical, then described the result is authentication success, and otherwise, described the result is authentication failure。
4. method according to claim 1, it is characterised in that the voice link that the described identity to described second user terminal is verified especially by described voice call adopts carries out。
5. method according to claim 4, it is characterised in that also include:
When described the result is authentication success, generating a random number as password, described password utilizes the speech data that described voice link is mutual described in encryption and decryption between first user terminal and described second user terminal;
Utilize the PKI of described first user terminal, after described password is encrypted, obtain one first ciphertext;
Described first ciphertext is sent to described first user terminal so that described first user terminal is able to receive that described first ciphertext, and utilizes the private key of described first user terminal that reduction after described first ciphertext deciphering is obtained described password。
6. the device ensureing call safety, it is characterised in that for a first user terminal, including:
Authentication module, for carrying out in the process of voice call between described first user terminal and one second user terminal, is verified the identity of described second user terminal, obtains a result;
Keep module, for when described the result is authentication success, keeping described voice call;
Terminate module, for when described the result is authentication failure, terminating described voice call。
7. device according to claim 6, it is characterised in that described authentication module includes:
Acquiring unit, for mutual with described second user terminal and an authentication center, digital certificate after acquisition one signature, after described signature, digital certificate is applied for after the first digital certificate from described authentication center by described second user terminal, utilizes the private key of described authentication center to be saved in the server of described authentication center after described first digital certificate signature;
Authentication unit, for utilizing the root certificate of described authentication center, is verified described first digital certificate, if be proved to be successful, then described the result is authentication success, and otherwise, described the result is authentication failure。
8. device according to claim 6, it is characterised in that described authentication module includes:
Generate unit, be used for generating one first data;
Transmitting element, for described first data are sent to described second user terminal, make described second user terminal can utilize the private key of described second user terminal, after described first data are signed, obtain data after a signature, and data after described signature are sent to described first user terminal;
Receive unit, be used for receiving data after described signature;
Decryption unit, for utilizing the PKI of described second user terminal, after data are decrypted after described signature, obtains the second data;
Judging unit, is used for judging that whether described second data and described first data are identical, if identical, then described the result is authentication success, and otherwise, described the result is authentication failure。
9. method according to claim 6, it is characterised in that the voice link that the described identity to described second user terminal is verified especially by described voice call adopts carries out。
10. device according to claim 9, it is characterised in that also include:
Generation module, for when described the result is authentication success, generating a random number as password, described password utilizes the speech data that described voice link is mutual described in encryption and decryption between first user terminal and described second user terminal;
Encrypting module, for utilizing the PKI of described first user terminal, obtains one first ciphertext after described password is encrypted;
Sending module, for being sent to described first user terminal by described first ciphertext so that described first user terminal is able to receive that described first ciphertext, and utilizes the private key of described first user terminal that reduction after described first ciphertext deciphering is obtained described password。
11. a user terminal, it is characterised in that include the device ensureing call safety as described in any claim in claim 6 to 10。
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410689894.XA CN105704711A (en) | 2014-11-25 | 2014-11-25 | Method for ensuring call communication security, device and user terminal |
| PCT/CN2015/075398 WO2016082401A1 (en) | 2014-11-25 | 2015-03-30 | Conversation method and apparatus, user terminal and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410689894.XA CN105704711A (en) | 2014-11-25 | 2014-11-25 | Method for ensuring call communication security, device and user terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105704711A true CN105704711A (en) | 2016-06-22 |
Family
ID=56073458
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410689894.XA Withdrawn CN105704711A (en) | 2014-11-25 | 2014-11-25 | Method for ensuring call communication security, device and user terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105704711A (en) |
| WO (1) | WO2016082401A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109861946A (en) * | 2017-11-30 | 2019-06-07 | 中国电信股份有限公司 | Method, system and the call receiving apparatus of calling number verification |
| CN111970407A (en) * | 2020-08-28 | 2020-11-20 | 深圳鑫想科技有限责任公司 | Method and system for effectively preventing telecommunication fraud |
| CN112000938A (en) * | 2020-07-15 | 2020-11-27 | 国网山东省电力公司信息通信公司 | Power grid dispatching identity authentication method and system based on multimode identification |
| WO2022183694A1 (en) * | 2021-03-03 | 2022-09-09 | 中国电信股份有限公司 | Calling information authentication method, apparatus and system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112423298B (en) * | 2020-11-25 | 2022-01-18 | 公安部交通管理科学研究所 | Identity authentication system and method for road traffic signal management and control facility |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480713A (en) * | 2010-11-25 | 2012-05-30 | 中国移动通信集团河南有限公司 | Method, system and device for communication between sink node and mobile communication network |
| US20130060569A1 (en) * | 2005-07-27 | 2013-03-07 | International Business Machines Corporation | Voice authentication system and method using a removable voice id card |
| CN103974241A (en) * | 2013-02-05 | 2014-08-06 | 东南大学常州研究院 | Voice end-to-end encryption method aiming at mobile terminal with Android system |
| CN104065648A (en) * | 2014-06-05 | 2014-09-24 | 天地融科技股份有限公司 | Data processing method of voice communication |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8161290B2 (en) * | 2006-07-18 | 2012-04-17 | At&T Intellectual Property I, L.P. | Security for a personal communication device |
-
2014
- 2014-11-25 CN CN201410689894.XA patent/CN105704711A/en not_active Withdrawn
-
2015
- 2015-03-30 WO PCT/CN2015/075398 patent/WO2016082401A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130060569A1 (en) * | 2005-07-27 | 2013-03-07 | International Business Machines Corporation | Voice authentication system and method using a removable voice id card |
| CN102480713A (en) * | 2010-11-25 | 2012-05-30 | 中国移动通信集团河南有限公司 | Method, system and device for communication between sink node and mobile communication network |
| CN103974241A (en) * | 2013-02-05 | 2014-08-06 | 东南大学常州研究院 | Voice end-to-end encryption method aiming at mobile terminal with Android system |
| CN104065648A (en) * | 2014-06-05 | 2014-09-24 | 天地融科技股份有限公司 | Data processing method of voice communication |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109861946A (en) * | 2017-11-30 | 2019-06-07 | 中国电信股份有限公司 | Method, system and the call receiving apparatus of calling number verification |
| CN109861946B (en) * | 2017-11-30 | 2021-07-23 | 中国电信股份有限公司 | Method and system for verifying calling number and call receiving equipment |
| CN112000938A (en) * | 2020-07-15 | 2020-11-27 | 国网山东省电力公司信息通信公司 | Power grid dispatching identity authentication method and system based on multimode identification |
| CN112000938B (en) * | 2020-07-15 | 2022-11-29 | 国网山东省电力公司信息通信公司 | Power grid dispatching identity authentication method and system based on multimode identification |
| CN111970407A (en) * | 2020-08-28 | 2020-11-20 | 深圳鑫想科技有限责任公司 | Method and system for effectively preventing telecommunication fraud |
| WO2022183694A1 (en) * | 2021-03-03 | 2022-09-09 | 中国电信股份有限公司 | Calling information authentication method, apparatus and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016082401A1 (en) | 2016-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103812871B (en) | Development method and system based on mobile terminal application program security application | |
| CN102572817B (en) | Method and intelligent memory card for realizing mobile communication confidentiality | |
| CN102547688B (en) | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel | |
| US9693226B2 (en) | Method and apparatus for securing a connection in a communications network | |
| US20070239994A1 (en) | Bio-metric encryption key generator | |
| CN108881304A (en) | A kind of pair of internet of things equipment carries out the method and system of safety management | |
| CN104301115B (en) | Mobile phone and Bluetooth key signature verification ciphertext communication method | |
| CN109495445A (en) | Identity identifying method, device, terminal, server and medium based on Internet of Things | |
| CN101635924B (en) | CDMA port-to-port encryption communication system and key distribution method thereof | |
| US8230218B2 (en) | Mobile station authentication in tetra networks | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN105704711A (en) | Method for ensuring call communication security, device and user terminal | |
| WO2012024903A1 (en) | Method for encrypting voice calls in mobile communication network, and system, terminal, and network side thereof | |
| CN112929339B (en) | Message transmitting method for protecting privacy | |
| TW201729562A (en) | Server, mobile terminal, and internet real name authentication system and method | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| CN105516943A (en) | Short message encryption system on the basis of domestic commercial crypto chip and realization method thereof | |
| CN112020716A (en) | Remote biometric identification | |
| Hwang et al. | On the security of an enhanced UMTS authentication and key agreement protocol | |
| US9876774B2 (en) | Communication security system and method | |
| CN106102053A (en) | A kind of implementation method of voice communication authentication based on the close algorithm of state | |
| CN111953631A (en) | Method and system for safely encrypting mobile internet communication instant message | |
| WO2010069102A1 (en) | Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method | |
| CN106559402A (en) | The identity identifying method and device of user terminal and its encryption voice telephone service | |
| CN115348578B (en) | Method and device for tracking contacter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160622 |
|
| WW01 | Invention patent application withdrawn after publication |