CN106559393A - A kind of method of call encryption, apparatus and system - Google Patents

A kind of method of call encryption, apparatus and system Download PDF

Info

Publication number
CN106559393A
CN106559393A CN201510633296.5A CN201510633296A CN106559393A CN 106559393 A CN106559393 A CN 106559393A CN 201510633296 A CN201510633296 A CN 201510633296A CN 106559393 A CN106559393 A CN 106559393A
Authority
CN
China
Prior art keywords
terminal
aes
call
encrypted
voice exchange
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510633296.5A
Other languages
Chinese (zh)
Other versions
CN106559393B (en
Inventor
朱毅泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Digital Technologies Suzhou Co Ltd
Original Assignee
Huawei Digital Technologies Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Digital Technologies Suzhou Co Ltd filed Critical Huawei Digital Technologies Suzhou Co Ltd
Priority to CN201510633296.5A priority Critical patent/CN106559393B/en
Publication of CN106559393A publication Critical patent/CN106559393A/en
Application granted granted Critical
Publication of CN106559393B publication Critical patent/CN106559393B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

It is related to a kind of method of call encryption, apparatus and system in the embodiment of the present invention, in the program, can be used for the first terminal of common call when needing to carry out level of confidentiality to converse, level of confidentiality call is carried out using the AES for determining, therefore, the first terminal that can be used for common call can be used for level of confidentiality call, so, when realizing that level of confidentiality is conversed, need not be by arranging two phone systems, one is used to realize common call that one to be used to realize that level of confidentiality is conversed, therefore, reduce the complexity of level of confidentiality call.

Description

A kind of method of call encryption, apparatus and system
Technical field
The present invention relates to communication technical field, more particularly to a kind of method of call encryption, apparatus and system.
Background technology
Some industries or enterprise's (such as government, central enterprise, military project etc.) are higher to the security requirement of dialog context, So, the phone of these industries or enterprise needs to realize level of confidentiality function.On the other hand, more common business Property mechanism it is also contemplated that when the call of particular transaction is carried out in crucial staff team, can be using being different from The High Security Level phone of in-house normal office telephone system.
At present, for above two scene, the realization mechanism of industry is the telephone system for setting up a set of isolation, As shown in FIG. 1A and 1B, Figure 1A is the common electricity of covering mechanism personnel (including crucial office worker) Telephone network, Figure 1B are only covering mechanism key office worker (for example, mechanism leader or mechanism's core post personnel) High Security Level telephone network.That is, crucial office worker needs two phones, a phone is used to realize Common to converse, a phone is used to realize that High Security Level is conversed.
So, realize that the complexity of the scheme of High Security Level call is higher.
The content of the invention
The embodiment of the present invention provides a kind of method of call encryption, apparatus and system, to solve prior art In the higher problem of complexity present in level of confidentiality communication process of realizing.
A kind of first aspect, there is provided method of call encryption, including:
When first terminal determines that level of confidentiality is carried out with second terminal converses, determine AES, the AES Converse for level of confidentiality;
The first terminal please to the calling that voice exchange sends the telephone number for carrying the second terminal Ask, the call request is encrypted using the AES;
The first terminal receives the procotol of the carrying second terminal that the voice exchange is returned The call of IP address, the call are encrypted using the AES;
IP address of the first terminal based on the second terminal sends interaction message to the second terminal, The interaction message is encrypted using the AES.
With reference in a first aspect, in the first possible implementation, the first terminal is to voice exchange Before sending the call request of the telephone number for carrying the second terminal, also include:
The first terminal sends registration request to the voice exchange, and the registration request is added using described Close algorithm is encrypted;
The first terminal receives the registration response that the voice exchange is returned, and the registration response adopts institute State AES to be encrypted.
With reference in a first aspect, or first aspect the first possible implementation, it is possible at second In implementation, first terminal determines AES, including:
The first terminal obtains described adding from the portable encryption device being associated with the first terminal Close algorithm, using the AES for obtaining as the AES for determining;Or
The first terminal is using the AES for pre-setting as the AES for determining.
With reference to second possible implementation of first aspect, in the third possible implementation, institute State first terminal the AES is obtained from the portable encryption device being associated with the first terminal When, before the first terminal determines the AES, also include:
The first terminal obtains PIN code, and the PIN code is proved to be successful.
With reference in a first aspect, or first aspect the first to the third possible implementation, the 4th Plant in possible implementation, the first terminal sends the electricity for carrying the second terminal to voice exchange Before the call request of words number, also include:
The first terminal sends the AES to the voice exchange;
The first terminal receives the AES confirmation response that the voice exchange is returned, and the encryption is calculated The AES that method confirms response for storing in representing the voice exchange is determined with the first terminal AES match.
A kind of second aspect, there is provided method of call encryption, including:
Voice exchange receives the call request of the telephone number of the carrying second terminal that first terminal sends, institute State call request to be encrypted using AES, the AES is conversed for level of confidentiality;
The call request is forwarded to the second terminal by the voice exchange;
The voice exchange receives the second terminal and sends procotol IP for carrying the second terminal The call of address, the call are encrypted using the AES;
The call is forwarded to the first terminal by the voice exchange.
With reference to second aspect, in the first possible implementation, the voice exchange receives first eventually Before the call request of the telephone number of the carrying second terminal that end sends, also include:
The voice exchange receives the AES that the first terminal sends;
The voice exchange determines the AES phase that the AES of storage is determined with the first terminal During matching, AES is sent to the first terminal and confirm response.
With reference to the first possible implementation of second aspect, in second possible implementation, institute Voice exchange is stated to after first terminal transmission AES confirmation response, first terminal is received and is sent Carrying second terminal telephone number call request before, also include:
The voice exchange receives the registration request that the first terminal sends, and the registration request adopts institute State AES to be encrypted;
The voice exchange is sent to the first terminal registers response, and the registration response is added using described Close algorithm is encrypted.
A kind of third aspect, there is provided first terminal, including microphone and main frame, the main frame include central process Device CPU, the CPU include determining module, sending module and receiver module, wherein;
The determining module, during for determining that carry out level of confidentiality with second terminal converses, determines AES, institute State AES and converse for level of confidentiality;
The sending module, for exhaling for the telephone number for carrying the second terminal is sent to voice exchange Request, the call request is made to be encrypted using the AES;
The receiver module, for receiving the network of the carrying second terminal that the voice exchange is returned The call of Protocol IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the IP address based on the second terminal is sent to the second terminal Interaction message, the interaction message are encrypted using the AES.
With reference to the third aspect, in the first possible implementation, the sending module is additionally operable to, to institute State voice exchange and send registration request, the registration request is encrypted using the AES;
The receiver module is additionally operable to, and receives the registration response that the voice exchange is returned, and the registration rings Should be encrypted using the AES.
With reference to the third aspect, or the first possible implementation of the third aspect, it is possible at second In implementation, the determining module is specifically for from the portable encryption being associated with the first terminal The AES is obtained in equipment, using the AES for obtaining as the AES for determining;Or, will The AES for pre-setting is used as the AES for determining.
With reference to second possible implementation of the third aspect, in the third possible implementation, institute State receiver module to be additionally operable to, obtain PIN code, and the PIN code is proved to be successful.
With reference to the third aspect, or the first of the third aspect is to the third possible implementation, the 4th Plant in possible implementation, the sending module is additionally operable to, and the AES is sent to the voice Switch;
The receiver module is additionally operable to, and receives the AES confirmation response that the voice exchange is returned, institute State the AES and described first that AES confirms that response is stored in being used to represent the voice exchange The AES that terminal determines matches.
A kind of fourth aspect, there is provided voice exchange, including cabinet, internal memory, CPU (Central Processing Unit, central processing unit), the CPU includes receiver module, sending module, wherein:
The receiver module, for receiving the calling of the telephone number of the carrying second terminal of first terminal transmission Request, the call request are encrypted using AES, and the AES is conversed for level of confidentiality;
The sending module, for the call request is forwarded to the second terminal;
The receiver module is additionally operable to, and receives the second terminal and sends the network association for carrying the second terminal The call of view IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the call is forwarded to the first terminal.
With reference to fourth aspect, in the first possible implementation, the receiver module is additionally operable to, and receives The AES that the first terminal sends;
The sending module is additionally operable to, it is determined that the AES of storage is calculated with the encryption that the first terminal determines When method matches, AES is sent to the first terminal and confirm response.
With reference to the first possible implementation of fourth aspect, in second possible implementation, institute State receiver module to be additionally operable to, receive the registration request that the first terminal sends, the registration request adopts institute State AES to be encrypted;
The sending module is additionally operable to, and sends registration response to the first terminal, and the registration response is adopted The AES is encrypted.
In terms of 5th, there is provided a kind of system of call encryption, including the such as third aspect, or the third aspect The first to the first terminal described in any one of the 4th kind of possible implementation, and such as fourth aspect, Or the first of fourth aspect is to the exchange of speech described in any one of second possible implementation Machine.
In terms of the 5th, in the first possible implementation, the first terminal includes microphone and master Machine, the main frame include that CPU, the CPU include determining module, sending module and receiver module, its In;
The determining module, during for determining that carry out level of confidentiality with second terminal converses, determines AES, institute State AES and converse for level of confidentiality;
The sending module, for exhaling for the telephone number for carrying the second terminal is sent to voice exchange Request, the call request is made to be encrypted using the AES;
The receiver module, for receiving the network of the carrying second terminal that the voice exchange is returned The call of Protocol IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the IP address based on the second terminal is sent to the second terminal Interaction message, the interaction message are encrypted using the AES.
In terms of the 5th, or the first the possible implementation in terms of the 5th, it is possible at second In implementation, the voice exchange includes cabinet, internal memory, central processor CPU, the CPU Including receiver module, sending module, wherein:
The receiver module, for receiving the calling of the telephone number of the carrying second terminal of first terminal transmission Request, the call request are encrypted using AES, and the AES is conversed for level of confidentiality;
The sending module, for the call request is forwarded to the second terminal;
The receiver module is additionally operable to, and receives the second terminal and sends the network association for carrying the second terminal The call of view IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the call is forwarded to the first terminal.
In the embodiment of the present invention, can be used for the first terminal of common call when needing to carry out level of confidentiality to converse, Level of confidentiality call is carried out using the AES for determining, therefore, it can the first terminal for common call Can be used for level of confidentiality call, so, when realizing that level of confidentiality is conversed, it is not necessary to by arranging two calls System, one is used to realize common call that one to be used to realize that level of confidentiality is conversed, therefore, reduce level of confidentiality and lead to The complexity of words.
Description of the drawings
Figure 1A is a kind of schematic diagram of phone system in prior art;
Figure 1B is another kind of schematic diagram of phone system in prior art;
A kind of flow charts of the Fig. 2A for encryption of conversing in the embodiment of the present invention;
Fig. 2 B are the schematic diagram at the interface of input PIN code in the embodiment of the present invention;
Fig. 3 is another kind of flow chart of call encryption in the embodiment of the present invention;
Flow charts of the Fig. 4 for the embodiment of encryption of conversing in the embodiment of the present invention;
The structural representation of the CPU that Fig. 5 includes for first terminal in the embodiment of the present invention;
Fig. 6 is the structural representation of the CPU of voice exchange in the embodiment of the present invention.
Specific embodiment
To make purpose, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the present invention Accompanying drawing in embodiment, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that Described embodiment is a part of embodiment of the invention, rather than the embodiment of whole.Based in the present invention Embodiment, those of ordinary skill in the art obtained under the premise of creative work is not made it is all its His embodiment, belongs to the scope of protection of the invention.
In addition, the terms " system " and " network " are often used interchangeably herein.The terms "and/or", only a kind of incidence relation of description affiliated partner, represents there may be three kinds of relations, for example, A and/or B, can represent:Individualism A, while there is A and B, individualism B these three feelings Condition.In addition, letter "/" herein, typicallys represent forward-backward correlation to liking a kind of relation of "or".
The preferred embodiment of the present invention is described in detail with reference to Figure of description, it will be appreciated that Preferred embodiment described herein is merely to illustrate and explains the present invention, is not intended to limit the present invention, and And in the case where not conflicting, the feature in embodiment and embodiment in the application can be mutually combined.
Below in conjunction with the accompanying drawings the preferred embodiment of the present invention is described in detail.
Refering to shown in Fig. 2A, in the embodiment of the present invention, a kind of flow process of registration is as follows:
Step 200:When first terminal determines that level of confidentiality is carried out with second terminal converses, determine AES, plus Close algorithm is conversed for level of confidentiality;
Step 210:First terminal please to the calling that voice exchange sends the telephone number for carrying second terminal Ask, call request is encrypted using AES;
Step 220:First terminal receives the procotol IP ground of the carrying second terminal that voice exchange is returned The call of location, call are encrypted using AES;
Step 230:IP (Internet Protocol, procotol) of the first terminal based on second terminal Location sends interaction message to second terminal, and interaction message is encrypted using AES.
It should be noted that first terminal can be used for common call.
In the embodiment of the present invention, the first terminal sends the electricity for carrying the second terminal to voice exchange Before the call request of words number, also including following operation:
First terminal sends registration request to voice exchange, and registration request is encrypted using AES;
The registration response that first terminal reception voice exchange is returned, registration response carry out adding using AES It is close.
In the embodiment of the present invention, first terminal determines that the mode of AES has various, optionally, can adopt Use following manner:
First terminal obtains AES from the portable encryption device being associated with first terminal, will obtain AES as determine AES;Or
First terminal is using the AES for pre-setting as the AES for determining.
Wherein, the portable encryption device being associated with first terminal can be the USB being inserted on first terminal (Universal Serial Bus, USB (universal serial bus)) Key, has prestored AES in USB-Key, In this manner, the trigger condition for triggering first terminal acquisition AES is that USB-Key inserts first In terminal, that is to say, that when USB-Key inserts first terminal, first terminal is obtained from USB-Key Take AES.The mode of USB-Key insertion first terminals has various, and optionally, USB-Key passes through USB port insertion first terminal on first terminal.
In the embodiment of the present invention, first terminal is obtained from the portable encryption device being associated with first terminal During AES, in first terminal, increase a module, the module passes through to read USB device driver, plus The AES and digital certificate in USB-Key is carried, and when USB-Key is plugged, difference can be triggered The registration and unregistration flow process of first terminal.
In the embodiment of the present invention, user can decide in its sole discretion and whether extract portable encryption device as needed, If extracting, first terminal is automatically logged out offline, now, and first terminal is only used for common call, because And, this mode can accomplish the purpose that level of confidentiality phone is carried with and taken care of.
In the embodiment of the present invention, AES is stored in portable encryption device, can be upgraded at any time With the replacement AES, the efficiency to AES operation is improve.
First terminal is using the AES for pre-setting as the AES for determining, that is to say, that will encryption Algorithm is stored in advance in first terminal, in this case, can only store this set of in first terminal AES, now, when first terminal and second terminal are commonly conversed, first terminal and second terminal Between the message of interaction need not be encrypted, in this case, in first terminal, can also store common AES, now, when first terminal and second terminal are commonly conversed, first terminal and second terminal Between interaction message be encrypted using common encryption algorithm.
In the embodiment of the present invention, in order to verify the safety of portable encryption device, first terminal is from first When obtaining AES in the associated portable encryption device of terminal, first terminal determine AES it Before, also including following operation:
First terminal obtains PIN code, and PIN code is proved to be successful.
In the embodiment of the present invention, optionally, first terminal provides input PIN code and changes the man-machine of PIN code Operation interface, is input into the interface of PIN code, as shown in Figure 2 B, certainly, the man-machine behaviour in first terminal It is optional as interface, it is not necessary to, here is not specifically limited.
That is, the safety in order to improve portable encryption device, first terminal is verified into PIN code After work(, just AES is obtained from the portable encryption device being associated with first terminal.
In the embodiment of the present invention, in order to verify the safety of first terminal, first terminal receives voice exchange Call before, also including following operation:
First terminal obtains the digital certificate of first terminal, and digital certificate is sent to voice exchange, so, Voice exchange just can be verified to the safety of first terminal.
In the embodiment of the present invention, first terminal and voice exchange are also predefined the key of AES, and this is close Key is consulted by asymmetric arithmetic, and the cipher key technique of consulted encryption algorithm is the technology of comparative maturity, Here is no longer described in detail.
In the embodiment of the present invention, optionally, AES includes the first AES and the second AES;
First algorithm is used for the safety of the content for verifying interaction message, and the second AES is used to verify interaction The integrity of message.
So, second terminal is assured that first according to AES when interaction message is received Whether the interaction message that terminal sends is tampered, and the integrity of interaction message.
In the embodiment of the present invention, need to operate multiple touch screens of at least two-way call on first terminal, it is multiple A touch screen in touch screen is used for common call, and other touch screens are conversed for level of confidentiality.Certainly, touch Touch screen to be replaced with button, here is not specifically limited.
In the embodiment of the present invention, in order to improve Consumer's Experience, for multi-way call in call of not going the same way can set The different ring of meter and flash lamp mode, so, user, can when the different rings that first terminal sends are heard To distinguish level of confidentiality call or common call, in the same manner, user is in the different sudden strains of a muscle for seeing that first terminal sends During lamp pattern, it is also possible to distinguish level of confidentiality call or common call.
In the embodiment of the present invention, need to plan normal phone numbers, level of confidentiality telephone number on voice exchange Two independent number segments are distributed telephone numbers, and talk phone number is used for common call, and level of confidentiality telephone number is used for Level of confidentiality is conversed, and as shown in table 1, and passes through call policy, normal phone numbers and level of confidentiality telephone number two Individual number segment is unable to intercommunication.In addition, to level of confidentiality telephone number section, SIP is adopted on voice exchange (Transport Layer Security pacify (Session Initiation Protocol, Session initiation Protocol) TLS Full transport layer protocol) transmission interaction message.
1 normal phone numbers of table and level of confidentiality telephone number
Wherein, commonly conversing the AES that adopts can be for:Symmetric encipherment algorithm is AES (Advanced Encryption Standard, Advanced Encryption Standard), rivest, shamir, adelman is RSA, digest algorithm is SHA (Secure Hash Algorithm, Secure Hash Algorithm) 1;The AES that adopts of level of confidentiality call can be for: Symmetric encipherment algorithm, rivest, shamir, adelman, digest algorithm.
In this scenario, the first terminal that can be used for common call can be used for level of confidentiality call, so, When realizing that level of confidentiality is conversed, it is not necessary to by arranging two phone systems, one is used to realize common leading to Words, one is used to realize that level of confidentiality is conversed, therefore, reduce the complexity of level of confidentiality call.
Refering to shown in Fig. 3, in the embodiment of the present invention, another kind of flow process of encryption of conversing is as follows:
Step 300:Voice exchange receives exhaling for the telephone number of the carrying second terminal that first terminal sends Request, call request is made to be encrypted using AES, AES is conversed for level of confidentiality;
Step 310:Call request is forwarded to second terminal by voice exchange;
Step 320:Voice exchange receives second terminal and sends the network protocol IP address for carrying second terminal Call, call is encrypted using AES;
Step 330:Call is forwarded to first terminal by voice exchange.
In the embodiment of the present invention, it should be noted that first terminal can be used for common call.
In the embodiment of the present invention, prevent by steal-number, illegally pretended to be and registered and free call on sb. else's expense through illegal means to improve safety, Before call is forwarded to first terminal by voice exchange, also including following operation:
Voice exchange receives the digital certificate of the first terminal that first terminal sends, by digital certificate authentication The safety of the identity of first terminal.
So, voice exchange determines the identity security of first terminal, just call is sent to first Terminal.
In the embodiment of the present invention, voice exchange receives the phone number of the carrying second terminal that first terminal sends Before the call request of code, also including following operation:
Voice exchange receives the AES that first terminal sends;
When voice exchange determines that the AES that the AES of storage is determined with first terminal matches, to First terminal sends AES and confirms response.
In the embodiment of the present invention, after voice exchange sends AES confirmation response to first terminal, connect Before the call request of the telephone number for receiving the carrying second terminal that first terminal sends, also including following behaviour Make:
Voice exchange receives the registration request that first terminal sends, and registration request carries out adding using AES It is close;
Voice exchange sends registration response to first terminal, and registration response is encrypted using AES.
After said process, first terminal and second terminal can just realize that level of confidentiality is conversed.
In the embodiment of the present invention, optionally, AES includes the first AES and the second AES;
First algorithm be used for verify first terminal and second terminal interaction message content safety, second AES is used for the integrity of the interaction message for verifying first terminal and second terminal.
In the embodiment of the present invention, need to operate multiple touch screens of at least two-way call on first terminal, it is multiple A touch screen in touch screen is used for common call, and other are conversed for level of confidentiality.Certainly, touch screen Can be replaced with button, here is not specifically limited.
In the embodiment of the present invention, in order to improve Consumer's Experience, for multi-way call in call of not going the same way can set The different ring of meter and flash lamp mode, so, user, can when the different rings that first terminal sends are heard To distinguish level of confidentiality call or common call, in the same manner, user is in the different sudden strains of a muscle for seeing that first terminal sends During lamp pattern, it is also possible to distinguish level of confidentiality call or common call.
In this scenario, the first terminal that can be used for common call can be used for level of confidentiality call, so, When realizing that level of confidentiality is conversed, it is not necessary to by arranging two phone systems, one is used to realize common leading to Words, one is used to realize that level of confidentiality is conversed, therefore, reduce the complexity of level of confidentiality call.
For the ease of understanding such scheme, below registration process is illustrated, refering to shown in Fig. 4:
In this embodiment, prestore in the USB-Key being associated with first terminal and first terminal The corresponding unique X.509 digital certificate of 900011 numbers, meanwhile, prestore in USB-Key and add Close algorithm symmetry algorithm, asymmetric arithmetic and digest algorithm.
In the enforcement sample, root certificate is prestored in voice exchange, the root certificate and USB-Key In X.509 digital certificate can set up trusting relationship, can be used for verify first terminal digital certificate conjunction Method.
Step 400:First terminal obtains symmetric encipherment algorithm, non-from the USB-Key of insertion first terminal X.509, symmetric encipherment algorithm, digest algorithm and X.509 digital certificate, digital certificate and symmetric cryptography will calculate Method is sent to voice exchange;
Step 410:Voice exchange is according to the root certificate for storing to X.509 digital certificate authentication;
Step 420:After first terminal determines voice exchange to X.509 digital certificate authentication success, to language Sound switch sends registration request, and registration request is based on symmetric encipherment algorithm and digest algorithm is encrypted;
Step 430:Voice exchange obtains symmetric encipherment algorithm and digest algorithm according to rivest, shamir, adelman Key, according to obtain key to registration request decrypt, and to first terminal send registration response, registration Response is encrypted using symmetric encipherment algorithm and digest algorithm;
Step 440:First terminal please to the calling that voice exchange sends the telephone number for carrying second terminal Ask, call request is encrypted using symmetric encipherment algorithm and digest algorithm;
Step 450:Voice exchange sends the call request for carrying the telephone number of second terminal to second Terminal, and the call of the carrying IP address of the transmission of second terminal is received, call is using symmetrical AES and digest algorithm are encrypted;
Step 460:IP address of the first terminal based on second terminal sends interaction message to second terminal, hands over Mutually message is encrypted using symmetric encipherment algorithm and digest algorithm.
In the embodiment of the present invention, first terminal, second terminal and voice exchange will determine that symmetric cryptography is calculated Method and the key of digest algorithm encryption, obtain key particular by asymmetric arithmetic, using asymmetric AES obtains the technology that key is comparative maturity, and here is no longer described in detail.
Refering to shown in Fig. 5, in the embodiment of the present invention, a kind of first terminal, including microphone and main frame are proposed, Main frame includes that CPU, CPU include determining module 50, sending module 51 and receiver module 52, wherein;
Determining module 50, during for determining that carry out level of confidentiality with second terminal converses, determining AES, encrypting Algorithm is conversed for level of confidentiality;
Sending module 51, the calling for the telephone number for carrying second terminal is sent to voice exchange please Ask, call request is encrypted using AES;
Receiver module 52, for receiving the procotol IP ground of the carrying second terminal of voice exchange return The call of location, call are encrypted using AES;
Sending module 51 is additionally operable to, and the IP address based on second terminal sends interaction message to second terminal, Interaction message is encrypted using AES.
Further, sending module 51 is additionally operable to, and sends registration request, registration request to voice exchange It is encrypted using AES;
Receiver module 52 is additionally operable to, and the registration response of reception voice exchange return, registration response are adopted and added Close algorithm is encrypted.
Optionally, determining module 50 is specifically for from the portable encryption device being associated with first terminal Middle acquisition AES, using the AES for obtaining as the AES for determining;Or, will pre-set AES as determine AES.
Further, receiver module 52 is additionally operable to, and obtains PIN code, and PIN code is proved to be successful.
Further, sending module 51 is additionally operable to, and AES is sent to voice exchange;
Receiver module 52 is additionally operable to, and receives the AES confirmation response that voice exchange is returned, and encryption is calculated Method confirms response and calculates for the AES stored in representing voice exchange and the encryption that first terminal determines Method matches.
Refering to shown in Fig. 6, in the embodiment of the present invention, propose a kind of voice exchange, including cabinet, internal memory, CPU, CPU include receiver module 60, sending module 61, wherein:
Receiver module 60, the calling for receiving the telephone number of the carrying second terminal of first terminal transmission please Ask, call request is encrypted using AES, AES is conversed for level of confidentiality;
Sending module 61, for call request is forwarded to second terminal;
Receiver module 60 is additionally operable to, and receives the calling sound that second terminal sends the IP address for carrying second terminal Should, call is encrypted using AES;
Sending module 61 is additionally operable to, and call is forwarded to first terminal.
Further, receiver module 60 is additionally operable to, and receives the AES that first terminal sends;
Sending module 61 is additionally operable to, it is determined that the AES phase that the AES of storage is determined with first terminal During matching, AES is sent to first terminal and confirm response.
Further, receiver module 60 is additionally operable to, and receives the registration request that first terminal sends, and registration please Ask and be encrypted using AES;
Sending module 61 is additionally operable to, and sends registration response to first terminal, and registration response adopts AES It is encrypted.
In the embodiment of the present invention, a kind of system of call encryption, including first terminal as shown in Figure 5 are proposed, And voice exchange as shown in Figure 6.
In the embodiment of the present invention, optionally, first terminal includes microphone and main frame, and main frame includes CPU, CPU includes determining module, sending module and receiver module, wherein;
Determining module, during for determining that carry out level of confidentiality with second terminal converses, determines AES, and encryption is calculated Method is conversed for level of confidentiality;
Sending module, for the call request of the telephone number for carrying second terminal is sent to voice exchange, Call request is encrypted using AES;
Receiver module, for receiving the network protocol IP address of the carrying second terminal of voice exchange return Call, call is encrypted using AES;
Sending module is additionally operable to, and the IP address based on second terminal sends interaction message to second terminal, hands over Mutually message is encrypted using AES.
In the embodiment of the present invention, optionally, voice exchange includes cabinet, internal memory, CPU, and CPU includes Receiver module, sending module, wherein:
Receiver module, the calling for receiving the telephone number of the carrying second terminal of first terminal transmission please Ask, call request is encrypted using AES, AES is conversed for level of confidentiality;
Sending module, for call request is forwarded to second terminal;
Receiver module is additionally operable to, and receives the network protocol IP address of second terminal transmission carrying second terminal Call, call are encrypted using AES;
Sending module is additionally operable to, and call is forwarded to first terminal.
The present invention be with reference to method according to embodiments of the present invention, equipment (system), and computer program produce The flow chart and/or block diagram of product is describing.It should be understood that can by computer program instructions flowchart and / or block diagram in each flow process and/or square frame and flow chart and/or the flow process in block diagram and/ Or the combination of square frame.These computer program instructions can be provided to general purpose computer, special-purpose computer, embedded The processor of formula datatron or other programmable data processing devices is producing a machine so that by calculating The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one The device of individual flow process or one square frame of multiple flow processs and/or block diagram or the function in multiple square frames.
These computer program instructions may be alternatively stored in and computer or other programmable datas process can be guided to set In the standby computer-readable memory for working in a specific way so that be stored in the computer-readable memory Instruction produce and include the manufacture of command device, command device realization is in one flow process or multiple of flow chart Function in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions can be also loaded in computer or other programmable data processing devices, made Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one The step of flow process or one square frame of multiple flow processs and/or block diagram or the function in multiple square frames.
, but those skilled in the art once know base although preferred embodiments of the present invention have been described This creative concept, then can make other change and modification to these embodiments.So, appended right will Ask and be intended to be construed to include preferred embodiment and fall into the had altered of the scope of the invention and change.
Obviously, those skilled in the art can carry out various changes and modification and not take off to the embodiment of the present invention From the spirit and scope of the embodiment of the present invention.So, if these modifications of the embodiment of the present invention and modification belong to Within the scope of the claims in the present invention and its equivalent technologies, then the present invention be also intended to comprising these change and Including modification.

Claims (19)

1. a kind of method that call is encrypted, it is characterised in that include:
When first terminal determines that level of confidentiality is carried out with second terminal converses, determine AES, the AES Converse for level of confidentiality;
The first terminal please to the calling that voice exchange sends the telephone number for carrying the second terminal Ask, the call request is encrypted using the AES;
The first terminal receives the procotol of the carrying second terminal that the voice exchange is returned The call of IP address, the call are encrypted using the AES;
IP address of the first terminal based on the second terminal sends interaction message to the second terminal, The interaction message is encrypted using the AES.
2. the method for claim 1, it is characterised in that the first terminal is to voice exchange Before sending the call request of the telephone number for carrying the second terminal, also include:
The first terminal sends registration request to the voice exchange, and the registration request is added using described Close algorithm is encrypted;
The first terminal receives the registration response that the voice exchange is returned, and the registration response adopts institute State AES to be encrypted.
3. method as claimed in claim 1 or 2, it is characterised in that first terminal determines AES, Including:
The first terminal obtains described adding from the portable encryption device being associated with the first terminal Close algorithm, using the AES for obtaining as the AES for determining;Or
The first terminal is using the AES for pre-setting as the AES for determining.
4. method as claimed in claim 3, it is characterised in that the first terminal is from described first When obtaining the AES in the associated portable encryption device of terminal, the first terminal determines described Before AES, also include:
The first terminal obtains PIN code, and the PIN code is proved to be successful.
5. the method as described in any one of claim 1-4, it is characterised in that the first terminal is to language Before sound switch sends the call request of the telephone number for carrying the second terminal, also include:
The first terminal sends the AES to the voice exchange;
The first terminal receives the AES confirmation response that the voice exchange is returned, and the encryption is calculated The AES that method confirms response for storing in representing the voice exchange is determined with the first terminal AES match.
6. a kind of method that call is encrypted, it is characterised in that include:
Voice exchange receives the call request of the telephone number of the carrying second terminal that first terminal sends, institute State call request to be encrypted using AES, the AES is conversed for level of confidentiality;
The call request is forwarded to the second terminal by the voice exchange;
The voice exchange receives the second terminal and sends procotol IP for carrying the second terminal The call of address, the call are encrypted using the AES;
The call is forwarded to the first terminal by the voice exchange.
7. method as claimed in claim 6, it is characterised in that the voice exchange receives first eventually Before the call request of the telephone number of the carrying second terminal that end sends, also include:
The voice exchange receives the AES that the first terminal sends;
The voice exchange determines the AES phase that the AES of storage is determined with the first terminal During matching, AES is sent to the first terminal and confirm response.
8. method as claimed in claim 7, it is characterised in that the voice exchange is to described first After terminal sends AES confirmation response, the phone number of the carrying second terminal that first terminal sends is received Before the call request of code, also include:
The voice exchange receives the registration request that the first terminal sends, and the registration request adopts institute State AES to be encrypted;
The voice exchange is sent to the first terminal registers response, and the registration response is added using described Close algorithm is encrypted.
9. a kind of first terminal, it is characterised in that including microphone and main frame, the main frame includes centre Reason device CPU, the CPU include determining module, sending module and receiver module, wherein;
The determining module, during for determining that carry out level of confidentiality with second terminal converses, determines AES, institute State AES and converse for level of confidentiality;
The sending module, for exhaling for the telephone number for carrying the second terminal is sent to voice exchange Request, the call request is made to be encrypted using the AES;
The receiver module, for receiving the network of the carrying second terminal that the voice exchange is returned The call of Protocol IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the IP address based on the second terminal is sent to the second terminal Interaction message, the interaction message are encrypted using the AES.
10. first terminal as claimed in claim 9, it is characterised in that the sending module is additionally operable to, Registration request is sent to the voice exchange, the registration request is encrypted using the AES;
The receiver module is additionally operable to, and receives the registration response that the voice exchange is returned, and the registration rings Should be encrypted using the AES.
11. first terminals as described in claim 9 or 10, it is characterised in that the determining module tool Body is used for, and the AES is obtained from the portable encryption device being associated with the first terminal, will The AES of acquisition is used as the AES for determining;Or, using the AES for pre-setting as determination AES.
12. first terminals as claimed in claim 11, it is characterised in that the receiver module is additionally operable to, PIN code is obtained, and the PIN code is proved to be successful.
13. first terminals as described in any one of claim 9-12, it is characterised in that the transmission mould Block is additionally operable to, and the AES is sent to the voice exchange;
The receiver module is additionally operable to, and receives the AES confirmation response that the voice exchange is returned, institute State the AES and described first that AES confirms that response is stored in being used to represent the voice exchange The AES that terminal determines matches.
14. a kind of voice exchanges, it is characterised in that including cabinet, internal memory, central processor CPU, The CPU includes receiver module, sending module, wherein:
The receiver module, for receiving the calling of the telephone number of the carrying second terminal of first terminal transmission Request, the call request are encrypted using AES, and the AES is conversed for level of confidentiality;
The sending module, for the call request is forwarded to the second terminal;
The receiver module is additionally operable to, and receives the second terminal and sends the network association for carrying the second terminal The call of view IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the call is forwarded to the first terminal.
15. voice exchanges as claimed in claim 14, it is characterised in that the receiver module is also used In the AES that the reception first terminal sends;
The sending module is additionally operable to, it is determined that the AES of storage is calculated with the encryption that the first terminal determines When method matches, AES is sent to the first terminal and confirm response.
16. voice exchanges as claimed in claim 15, it is characterised in that the receiver module is also used In, the registration request that the first terminal sends is received, the registration request is carried out using the AES Encryption;
The sending module is additionally operable to, and sends registration response to the first terminal, and the registration response is adopted The AES is encrypted.
17. a kind of systems of call encryption, it is characterised in that include such as any one of claim 9-13 institute The first terminal stated, and the voice exchange as described in any one of claim 14-16.
18. systems as claimed in claim 17, it is characterised in that the first terminal include microphone and Main frame, the main frame include central processor CPU, the CPU include determining module, sending module and Receiver module, wherein;
The determining module, during for determining that carry out level of confidentiality with second terminal converses, determines AES, institute State AES and converse for level of confidentiality;
The sending module, for exhaling for the telephone number for carrying the second terminal is sent to voice exchange Request, the call request is made to be encrypted using the AES;
The receiver module, for receiving the network of the carrying second terminal that the voice exchange is returned The call of Protocol IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the IP address based on the second terminal is sent to the second terminal Interaction message, the interaction message are encrypted using the AES.
19. systems as described in claim 17 or 18, it is characterised in that the voice exchange includes Cabinet, internal memory, central processor CPU, the CPU include receiver module, sending module, wherein:
The receiver module, for receiving the calling of the telephone number of the carrying second terminal of first terminal transmission Request, the call request are encrypted using AES, and the AES is conversed for level of confidentiality;
The sending module, for the call request is forwarded to the second terminal;
The receiver module is additionally operable to, and receives the second terminal and sends the network association for carrying the second terminal The call of view IP address, the call are encrypted using the AES;
The sending module is additionally operable to, and the call is forwarded to the first terminal.
CN201510633296.5A 2015-09-29 2015-09-29 Method, device and system for encrypting call Active CN106559393B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510633296.5A CN106559393B (en) 2015-09-29 2015-09-29 Method, device and system for encrypting call

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510633296.5A CN106559393B (en) 2015-09-29 2015-09-29 Method, device and system for encrypting call

Publications (2)

Publication Number Publication Date
CN106559393A true CN106559393A (en) 2017-04-05
CN106559393B CN106559393B (en) 2021-02-05

Family

ID=58417115

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510633296.5A Active CN106559393B (en) 2015-09-29 2015-09-29 Method, device and system for encrypting call

Country Status (1)

Country Link
CN (1) CN106559393B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116321134A (en) * 2023-05-18 2023-06-23 成都瑞安云科技股份有限公司 Call encryption testing method and system for voice call

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1355645A (en) * 2000-12-01 2002-06-26 刘跃凯 Communication method and device over Internet
CN101060552A (en) * 2006-04-21 2007-10-24 倍捷科技股份有限公司 Network telephone device and method with multiple services
CN200990610Y (en) * 2006-10-27 2007-12-12 上海复旦微电子股份有限公司 Communication ciphered cell phone
CN101917711A (en) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 Mobile communication system and voice call encryption method thereof
US20120020297A1 (en) * 2010-07-23 2012-01-26 Albert Cecchini Mobile handheld for voice communication over the internet
US8462942B2 (en) * 2008-12-31 2013-06-11 Verizon Patent And Licensing Inc. Method and system for securing packetized voice transmissions
CN103179557A (en) * 2011-12-26 2013-06-26 宇龙计算机通信科技(深圳)有限公司 Real-time encryption and decryption method and system for communication data and mobile terminal
CN103546481A (en) * 2013-10-31 2014-01-29 曙光云计算技术有限公司 Initiating and receiving method and device of communication session
US20140122880A1 (en) * 2011-09-30 2014-05-01 Avaya Inc. System and Method for Facilitating Communications Based on Trusted Relationships
WO2014159220A1 (en) * 2013-03-14 2014-10-02 Vonage Network Llc Secure transmission of media during a communication session
CN104184873A (en) * 2013-05-27 2014-12-03 韩国电子通信研究院 Information security attachment device for voice communication and information security method
CN104394266A (en) * 2014-11-12 2015-03-04 深圳市中兴移动通信有限公司 Terminal working state switching method and system
CN104640108A (en) * 2015-01-28 2015-05-20 深圳市比维视创科技有限公司 Terminal communication voice encryption method and system

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1355645A (en) * 2000-12-01 2002-06-26 刘跃凯 Communication method and device over Internet
CN101060552A (en) * 2006-04-21 2007-10-24 倍捷科技股份有限公司 Network telephone device and method with multiple services
CN200990610Y (en) * 2006-10-27 2007-12-12 上海复旦微电子股份有限公司 Communication ciphered cell phone
US8462942B2 (en) * 2008-12-31 2013-06-11 Verizon Patent And Licensing Inc. Method and system for securing packetized voice transmissions
US20120020297A1 (en) * 2010-07-23 2012-01-26 Albert Cecchini Mobile handheld for voice communication over the internet
CN101917711A (en) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 Mobile communication system and voice call encryption method thereof
US20140122880A1 (en) * 2011-09-30 2014-05-01 Avaya Inc. System and Method for Facilitating Communications Based on Trusted Relationships
CN103179557A (en) * 2011-12-26 2013-06-26 宇龙计算机通信科技(深圳)有限公司 Real-time encryption and decryption method and system for communication data and mobile terminal
WO2014159220A1 (en) * 2013-03-14 2014-10-02 Vonage Network Llc Secure transmission of media during a communication session
CN104184873A (en) * 2013-05-27 2014-12-03 韩国电子通信研究院 Information security attachment device for voice communication and information security method
CN103546481A (en) * 2013-10-31 2014-01-29 曙光云计算技术有限公司 Initiating and receiving method and device of communication session
CN104394266A (en) * 2014-11-12 2015-03-04 深圳市中兴移动通信有限公司 Terminal working state switching method and system
CN104640108A (en) * 2015-01-28 2015-05-20 深圳市比维视创科技有限公司 Terminal communication voice encryption method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116321134A (en) * 2023-05-18 2023-06-23 成都瑞安云科技股份有限公司 Call encryption testing method and system for voice call
CN116321134B (en) * 2023-05-18 2023-09-08 成都瑞安云科技股份有限公司 Call encryption testing method and system for voice call

Also Published As

Publication number Publication date
CN106559393B (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN109672539B (en) SM2 algorithm collaborative signature and decryption method, device and system
CN105634737B (en) Data transmission method, terminal and system
CN103458400B (en) A kind of key management method in voice encryption communication system
CN109525989A (en) Data processing, identity identifying method and system, terminal
CN109561056B (en) Secret communication method, system, mobile terminal and wearable device
EP3196768B1 (en) Communication system and program
CN112533202A (en) Identity authentication method and device
JP2015201844A5 (en)
CN109861946A (en) Method, system and the call receiving apparatus of calling number verification
WO2024093426A1 (en) Federated machine learning-based model training method and apparatus
CN109309566A (en) A kind of authentication method, device, system, equipment and storage medium
CN109361512A (en) Data transmission method
CN103458401B (en) A kind of voice encryption communication system and communication means
CN112534790B (en) Encryption device, communication system and method for exchanging encrypted data in a communication network
CN105162592B (en) A kind of method and system of certification wearable device
CN101001143A (en) Method for authenticating system equipment by terminal equipment
US20150156173A1 (en) Communication system utilizing fingerprint information and use thereof
EP3304955B1 (en) Methods and systems for establishing an encrypted-audio session
KR102530723B1 (en) Method and system for arranging communication sessions instead of encryption endpoints
CN105072094B (en) A kind of method and car-mounted terminal of voice data encryption
CN106559393A (en) A kind of method of call encryption, apparatus and system
WO2016204700A1 (en) System for secure transmission of voice communication via communication network and method of secure transmission of voice communication
KR20120087550A (en) Encrypted Communication Method and Encrypted Communication System Using the Same
KR101658861B1 (en) Key distribution method and system for key distribution
KR102146493B1 (en) Secure Communication System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant