CN112003881B - Safety cloud mobile phone system based on private cloud - Google Patents

Safety cloud mobile phone system based on private cloud Download PDF

Info

Publication number
CN112003881B
CN112003881B CN202011167297.2A CN202011167297A CN112003881B CN 112003881 B CN112003881 B CN 112003881B CN 202011167297 A CN202011167297 A CN 202011167297A CN 112003881 B CN112003881 B CN 112003881B
Authority
CN
China
Prior art keywords
key
session key
equipment
private cloud
mobile phone
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011167297.2A
Other languages
Chinese (zh)
Other versions
CN112003881A (en
Inventor
彭东
李高峰
柴勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Tianchen Information Technology Co ltd
Original Assignee
Hunan Tianchen Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Tianchen Information Technology Co ltd filed Critical Hunan Tianchen Information Technology Co ltd
Priority to CN202011167297.2A priority Critical patent/CN112003881B/en
Publication of CN112003881A publication Critical patent/CN112003881A/en
Application granted granted Critical
Publication of CN112003881B publication Critical patent/CN112003881B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/04Protocols for data compression, e.g. ROHC

Abstract

The invention discloses a security cloud mobile phone system based on private cloud, which comprises: the system comprises private cloud mobile phone equipment and a remote control module arranged on a smart phone; the private cloud mobile phone device is used for generating a device key and a device storage key when being connected with the smart mobile phone for the first time, and generating a session key during each message transmission; the system comprises a local ciphertext storage module, a processing module and a processing module, wherein the local ciphertext storage module is used for receiving an encrypted message and an instruction sent by the smart phone and carrying out corresponding operation, receiving an encrypted file, storing the encrypted file in a local ciphertext after decryption, and sending the received encrypted audio and video data to other equipment after decryption; the system is also used for sampling, coding, compressing and encrypting the audio and video data and then sending the audio and video data to the smart phone; the remote control module is used for receiving an equipment key, an equipment storage key and a session key which are sent by the private cloud mobile phone equipment; the private cloud mobile phone equipment is used for sending encrypted messages, instructions, files and audio and video data to the private cloud mobile phone equipment; and the device is also used for exporting the audio and video data from the private cloud mobile phone device and carrying out decryption processing.

Description

Safety cloud mobile phone system based on private cloud
Technical Field
The invention relates to the field of information encryption, in particular to a secure cloud mobile phone system based on a private cloud.
Background
An existing cloud mobile phone system is generally based on a public cloud, and as shown in fig. 1, the existing cloud mobile phone system is a common game cloud architecture, multiple sets of android virtual machines are deployed in an external network server, and a set of control terminal and an audio and video decoding system are deployed in the public cloud mobile phone server. The control software of the client mobile phone is connected with the public cloud mobile phone server through the public network, so that audio and video files and cloud files on the public cloud mobile phone server can be controlled, or game operation and the like can be performed. There are problems in that: the public cloud mobile phone virtual machine is arranged in an external network environment, a cloud mobile phone provider cannot ensure the safety and privacy of the private information of a user, and even the possibility that the service provider abuses user data without authorization of the user exists, so that the risk is brought to the personal data safety of the user, and even malicious operation is carried out on the operation property safety of the user; since the mobile phone virtual machine of the public cloud is generated by server virtualization, the cpu architecture is inconsistent with the ordinary android system, and the compatibility of all android software cannot be guaranteed. The existing public cloud mobile phone technology is that data are encrypted and then uniformly stored in a cloud server, the cloud server has stored data of all users, and although the data among the users are difficult to obtain mutually, the cloud server can check the data of all the users. Once the cloud server is breached or leaked by staff inside the cloud server, all user data will be leaked. Therefore, the internet of things data security storage based on the cloud server cannot guarantee the substantial privacy of the user.
Reference [1] (utility model "a cloud cell-phone safety storage system based on family private cloud" with application number "2019207575281"), as shown in fig. 2, this system is not encrypted when keeping data in the hard disk, and the communication link between with the smart mobile phone is also not encrypted, so this system is also based on privatization deployment, but because its data storage content is the plaintext, the data that the communication link transmitted is also the plaintext, the data during communication very easily restores the privacy information of customer. In addition, the login authority of the system can be easily obtained through the communicated privacy information, and once the login authority is obtained, the client information stored in the system is not safe any more.
Reference document [2] (invention of application number "202010416957X" system for ciphertext storage plaintext access, ciphertext storage and plaintext access method ") introduces a method for ciphertext storage plaintext access inside a device based on a Linux operating system, and a file storage module of a private cloud mobile phone device of the application realizes ciphertext storage plaintext access by using the method.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a security cloud mobile phone system based on a private cloud.
The invention provides a security cloud mobile phone system based on a private cloud, which comprises: the system comprises private cloud mobile phone equipment and a remote control module arranged on a smart phone; wherein the content of the first and second substances,
the private cloud mobile phone device is used for generating a device key and a device storage key for the smart phone when the private cloud mobile phone device is connected with the smart phone for the first time, generating a session key before the private cloud mobile phone device transmits a message to the smart phone each time, encrypting the session key through the device key and then sending the encrypted session key to the smart phone; the device storage key is used for decrypting the received message by using the session key, decrypting the received file by using the device storage key and storing the file in a local ciphertext; the session key is used for decrypting the received instruction and carrying out corresponding operation locally; the system is used for sampling, coding and compressing local audio and video data, encrypting the local audio and video data by using a session key and transmitting the encrypted local audio and video data to the smart phone; the session key is also used for decrypting the received audio and video data and forwarding the decrypted audio and video data to related equipment;
the remote control module is used for receiving an equipment key and an equipment storage key sent by the private cloud mobile phone equipment when the remote control module is connected with the private cloud mobile phone equipment for the first time, and is used for decrypting a received session key by using the equipment key before transmitting a message with the smart phone each time; the system comprises a session key, private cloud mobile phone equipment, a device storage key and a private cloud mobile phone device, wherein the session key is used for encrypting the generated message and sending the message to the private cloud mobile phone equipment, the device storage key is used for encrypting a local file and sending the file to the private cloud mobile phone equipment for ciphertext storage, and the session key is used for encrypting the generated instruction and sending the instruction to the private cloud mobile phone equipment for notification and corresponding operation; the private cloud mobile phone equipment is used for decrypting the encrypted audio and video data sent by the private cloud mobile phone equipment by using the session key; and the system is also used for encrypting locally acquired audio and video data by using the session key and sending the encrypted locally acquired audio and video data to the private cloud mobile phone equipment.
As an improvement of the above system, the private cloud mobile phone device includes an encryption chip, a key management module, a file storage module, and a remote controlled module; wherein the content of the first and second substances,
the encryption chip is used for generating an equipment key and an equipment storage key and sending the equipment key and the equipment storage key to the key management module when the smart phone is connected with the private cloud mobile phone equipment for the first time; the remote control module is also used for generating a session key and sending the session key to the key management module and the remote controlled module; the session key is valid for a single session;
the key management module is used for encrypting the session key sent by the encryption chip by using the device key and sending the session key to the smart phone; the device comprises a session key storage module, a file storage module and a local file storage module, wherein the session key storage module is used for receiving encrypted messages or instructions sent by the smart phone, decrypting the messages or instructions by using the session key, receiving encrypted files sent by the smart phone, decrypting the encrypted files by using the device storage key and sending the decrypted files to the file storage module, and encrypting local files by using the session key and sending the encrypted files to the smart phone;
the file storage module is used for carrying out ciphertext storage on the received file;
the remote controlled module is used for receiving the session key, decrypting the encrypted message or instruction sent by the smart phone by using the session key, and performing corresponding operation according to the message or instruction; the session key is used for decrypting the encrypted audio and video data sent by the smart phone and forwarding the decrypted audio and video data to related equipment; the system is also used for sampling, coding and compressing local audio and video data to obtain a compressed packet, then encrypting the compressed packet through a session key and sending the encrypted compressed packet to the smart phone.
As an improvement of the above system, the specific processing procedure of the key management module is as follows:
receiving an encrypted session key acquisition application sent by the smart phone, decrypting the session key acquisition application by using a pre-obtained device key, sending the decrypted session key to an encryption chip, receiving a session key sent by the encryption chip, encrypting the session key by using the device key, and sending the encrypted session key to the smart phone;
receiving an encrypted file acquisition application sent by the smart phone, decrypting the file acquisition application by using a session key, sending the decrypted file acquisition application to a file storage module, receiving a file sent by the file storage module, encrypting the file by using an equipment storage key, and sending the encrypted file to the smart phone;
and receiving the encrypted file sent by the smart phone, decrypting the encrypted file by using the equipment storage key and sending the decrypted file to the file storage module.
As an improvement of the above system, the private cloud mobile phone device includes an HDMI interface, which is used to access a display or a micro monochromatic LED screen to display a scanned two-dimensional code, so that the smart phone can obtain a device key by scanning the two-dimensional code, thereby achieving the binding between the smart phone and the private cloud mobile phone device.
As an improvement of the above system, when the smart phone scans the two-dimensional code, the private cloud phone device and the smart phone are deployed in the same local area network, and the specific processing procedure of the key management module further includes:
receiving a PIN code set by the smart phone and sending the PIN code to the encryption chip;
setting the smart phone as an administrator of private cloud phone equipment;
and receiving the equipment key and the equipment storage key generated by the encryption chip, and sending the equipment key and the equipment storage key to the smart phone.
As an improvement of the above system, the specific processing procedure of the encryption chip is as follows:
receiving a PIN code sent by a key management module, storing the PIN code after asymmetric encryption processing, generating an equipment key and an equipment storage key, and sending the equipment key and the equipment storage key to the key management module;
and receiving the application for acquiring the session key sent by the key management module, generating the session key, and sending the session key to the key management module and the remote controlled module respectively.
As an improvement of the above system, the implementation process of the remote controlled module is as follows:
receiving a session key sent by an encryption chip;
receiving encrypted sharing permission control marking information sent by the smart phone, decrypting the sharing permission control marking information by using a session key, judging that the sharing permission control marking is false, and disconnecting the network connection between the private cloud mobile phone equipment and other mobile equipment;
receiving an encrypted touch screen clicking control message sent by the smart phone; decrypting the touch screen click control message by using the session key, and finishing corresponding operation according to the touch screen click control message; the touch screen clicking control message comprises the pressing degree of the finger touch screen and the position information of the finger touch screen;
receiving an encrypted control APP instruction sent by the smart phone, decrypting the control APP instruction by using a session key, and operating a local corresponding APP according to the control APP instruction; the APP is installed on both the smart phone and the private cloud phone device;
receiving encrypted audio and video data sent by the smart phone, decrypting the audio and video data by using the session key, and forwarding the encrypted audio and video data to related equipment according to the sending requirement of the smart phone;
receiving an encrypted import audio and video data message sent by a smart phone, decrypting the import audio and video data message by using a session key to generate a graphic configuration message, encrypting the graphic configuration message by using the session key and sending the graphic configuration message to the smart phone, receiving an encrypted image updating frequency message sent by the smart phone, decrypting the image updating frequency message by using the session key, sampling, encoding and compressing output audio and video data according to the image updating frequency message to obtain a compression packet, encrypting the compression packet by using the session key and sending the compression packet to the smart phone; the graphic configuration message includes an image resolution height, width, pixel point color depth, and audio sampling rate.
As an improvement of the above system, the remote control module specifically includes: the device comprises a registration unit, a file access unit, a designated APP operation unit and an audio and video import and export unit; wherein the content of the first and second substances,
the registration unit is used for sending a PIN code when the registration unit is connected with the smart phone for the first time, and then receiving an equipment key and an equipment storage key sent by private cloud mobile phone equipment;
the file access unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, generating an acquisition file application, encrypting the acquisition file application by using the session key and sending the encrypted file application to the private cloud mobile phone equipment, and decrypting the received encrypted file by using an equipment storage key; the device storage key is used for encrypting the local file and sending the encrypted local file to the private cloud mobile phone device;
the appointed APP operation unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, generating an encryption permission sharing control marking message, encrypting the encryption permission sharing control marking message by using the session key and sending the encryption permission sharing control marking message to the private cloud mobile phone equipment; the device comprises a touch screen clicking control message, a private cloud mobile phone device and a session key, wherein the touch screen clicking control message is generated according to the acquired finger touch screen pressing degree and the finger touch screen position information; the session key is used for encrypting the control APP instruction and sending the encrypted control APP instruction to the private cloud mobile phone device;
the audio and video import and export unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, encrypting the collected local audio and video data by using the session key and sending the encrypted local audio and video data to the private cloud mobile phone equipment; the session key is used for encrypting the imported audio and video data message and sending the encrypted imported audio and video data message to the smart phone, the session key is used for decrypting the received encrypted graphic configuration message to obtain a graphic configuration message, then an image updating frequency message is generated according to the graphic configuration message, the session key is used for encrypting the image updating frequency message and sending the image updating frequency message to the smart phone, then the session key is used for decrypting the received encrypted audio and video data, and then the received encrypted audio and video data is decompressed and decoded to obtain the audio and video data.
Compared with the prior art, the invention has the advantages that:
1. the cloud mobile phone is deployed on a public cloud server instead of the prior art, data is stored in own home through the safety cloud mobile phone equipment of a private cloud, and the data is stored in a ciphertext mode during storage, so that the data safety is ensured;
2. according to the invention, the transmission between the private cloud mobile phone equipment and the smart mobile phone is encrypted, so that the private cloud mobile phone equipment is safer;
3. the private cloud mobile phone device not only realizes the storage function of the cloud mobile phone, but also realizes all operations of the entity mobile phone, including functions which can be realized by all mobile phones such as cloud office, cloud games and cloud calls.
Drawings
FIG. 1 is a prior art public cloud storage architecture;
FIG. 2 is a prior art private cloud storage architecture diagram;
FIG. 3 is a diagram of a private cloud based secure cloud handset system configuration provided by the present invention;
FIG. 4 is a timing diagram of the private cloud handset device initialization and interaction with a smart phone of the present invention;
fig. 5 is a timing diagram illustrating a system for implementing remote control of an encrypted storage file on a private cloud mobile phone device by a smart phone according to the present invention.
Detailed Description
The invention provides a security cloud mobile phone system based on a private cloud, which comprises: the system comprises a private cloud mobile phone device and a remote control module arranged on a smart phone. The private cloud cell phone device comprises: the system comprises an encryption chip, a key management module, a file storage module and a remote controlled module.
The technical idea of the system is that data are stored in a home or an enterprise of a client in an encrypted manner, so that the problem of privacy data security caused by the fact that a public cloud server is attacked is solved, all communicated data are encrypted and transmitted through a key management module, and a file is stored on a disk in a ciphertext manner; in addition, in order to perfect the functions of the private cloud mobile phone device, the private cloud mobile phone device also comprises a remote control module inside, videos and audios of the application of the private cloud are encrypted through the remote control module and then transmitted to a client mobile phone, and the state of the private cloud device is controlled through a control protocol so as to realize the complete mobile phone functions.
The technical solution of the present invention is explained in detail below with reference to the accompanying drawings, and fig. 3 shows a component diagram of the system. The system comprises: the system comprises a private cloud mobile phone device and a remote control module arranged on a smart phone.
1. Private cloud cell-phone equipment includes:
1) the android smart phone is provided with a cpu, a mainboard, a running memory and a storage module (including an SD/TF card or a USB hard disk supported by the android smart phone and the like) which are consistent in architecture so as to be completely compatible with any APP on the market; APP, which refers to a third party application;
2) the output device is an HDMI interface and is used for outputting the two-dimensional code to an external display/television or a micro monochromatic LED screen to display the two-dimensional code, so that the smart phone can obtain a device key by scanning the two-dimensional code, and the smart phone can be bound with the private cloud phone device.
3) And the network card equipment compatible with the hardware architecture can be a wired network card or a wireless network card.
4) And the hardware encryption chip is used for storing all keys of the user, and the keys are used in subsequent key management software.
5) Optional interface available for augmentation (not necessary): the camera interface, the microphone interface, the mobile phone SIM card interface, the Bluetooth interface and the like are used for expanding the external functions of the equipment.
6) The device is provided with an android system, a key management module, a file storage module and a remote controlled module. And the client mobile phone needs to be provided with a remote control module.
The private cloud mobile phone device can realize all functions except for portable functions, and has the following advantages:
1) the volume of the mobile phone is larger than that of a mobile phone without carrying, so that the heat dissipation effect of the mobile phone is better than that of a common mobile phone;
2) because the mobile phone is placed at a fixed position, the influence on equipment hardware caused by shaking and falling of the equipment is avoided, so that the stability of the mobile phone is higher than that of a common mobile phone;
3) because a high-definition display screen and a touch screen are not required to be configured, the performance of the mobile phone is much higher than that of a mobile phone with the same price.
2. Key management module
The key management module is system software of the private cloud mobile phone device, is always started and cannot be unloaded, and is responsible for functions of data encryption and decryption, remote control session encryption and decryption, key distribution in a hardware encryption chip, key updating and the like of the private cloud mobile phone device.
When the private cloud mobile phone device is started for the first time, the device and the client smart mobile phone need to be kept in the same local area network, and the following initial PIN code and the administrator key are prevented from being intercepted in the process of external network transmission. After downloading the client mobile phone control software of the system, a client scans a two-dimensional code on equipment output equipment by using a mobile phone, sets a PIN code of a hardware encryption chip in a software interface, sends a user equipment key and an equipment storage key to the client mobile phone after setting the PIN code, and sets the client mobile phone as a manager of private cloud mobile phone equipment. The device storage key is used in the file encryption and decryption software as an encryption and decryption key for storing the file.
Description of PIN code: the pin code needs to be memorized by a client and is only stored in the hardware encryption chip in an asymmetric encryption mode. Besides the step of setting the PIN code for the first time, when a user needs to be added to control private cloud mobile phone equipment, the PIN code needs to be verified, and a user equipment key is issued to a client mobile phone.
User equipment key: the public and private key pairs are symmetrically encrypted and stored in an encryption chip, and before a user mobile phone and private cloud mobile phone equipment carry out conversation, the key is used for encrypting data to apply for a conversation key.
Session key: the encryption key pair is a symmetric encryption key pair, is stored in the private cloud mobile phone equipment, and is effective in a single session. The method is used for encrypting all control operation data in subsequent sessions of the remote control module, remotely controlling video stream data on a screen and the like, and establishing a secure session channel.
3. File storage module
The module is used for carrying out ciphertext storage on the received file and providing plaintext access when other modules of the private cloud mobile phone device or third-party software and APP acquire the file.
The kernel of the android system is based on a Linux operating system, the Linux operating system is provided with a Virtual File System (VFS), a file storage module runs on the android system, and the secret key is stored in a storage unit of the encryption chip.
The file storage module comprises: the function of each unit is as follows:
1) vmobile-Fs kernel unit
The device directory is used for registering a file storage module on an operating system and generating a device directory, and the device directory stores encrypted ciphertexts; the file content data and the operation command transmitted by the virtual file system are sent to the vmobile-Fs file service module; the virtual file system is also used for receiving data processed by the vmobile-Fs file service module, converting the data into a format required by an operating system kernel and sending the format to the virtual file system;
2) vMobile-Fs file service unit
The operation command is used for receiving the operation command sent by the vmobile-Fs kernel unit, and when the operation command is a write command, data sent by the vmobile-Fs kernel unit is encrypted; when the operation command is a read command, decrypting data sent by the vmobile-Fs kernel unit; and the processed data is transmitted back to the vmobile-Fs kernel unit;
3) vmobile-Fs mounting unit
For completing the mapping of the user application layer specified user space to device space.
And after the android system is started, initializing a file storage module.
When other modules in the equipment, third-party software and APP write files in a user space, data are transmitted to a pbox-kernel unit through a virtual file system, the pbox-kernel unit transmits the data to a vmobile-Fs file service unit, then the vmobile-Fs file service unit encrypts plain text and a secret key into a cipher text by using an encryption algorithm, transmits the cipher text to the vmobile-Fs kernel unit, transmits the cipher text to the virtual file system through the vmobile-Fs kernel unit, and calls a write file operation of an android kernel to write the file into the equipment space;
when a user reads a file, the android kernel transmits ciphertext content in the equipment space to the virtual file system, transmits the ciphertext content to the vmobile-Fs file service through the vmobile-Fs kernel unit, decrypts the data by using a key, transmits the decrypted data back to the vmobile-Fs kernel unit, returns the decrypted data to the android kernel, and finally returns to other modules of the private cloud mobile phone equipment or third-party software and APP.
By doing so, any software on the device can read and write files within the user application layer, all files appearing to all software in the device to be in a clear-text accessible state, but all data in the storage device being in an encrypted state. The readable and writable storage device is placed in other computers, because data are stored and encrypted, other computer software cannot read the ciphertext content, and in addition, the readable and writable storage device is placed in another private cloud mobile phone device, and because the secret keys of the encryption chips on the main board are inconsistent, the encrypted file cannot be read.
Therefore, the safe plaintext access in other modules of the private cloud mobile phone device or third-party software can be realized, and the plaintext access is stored in the private cloud mobile phone device as ciphertext content.
4. Remote controlled module
The intelligent mobile phone is used for receiving the session key, decrypting the encrypted message or instruction sent by the intelligent mobile phone by using the session key and carrying out corresponding operation according to the message or instruction; the session key is used for decrypting the encrypted audio and video data sent by the smart phone and forwarding the decrypted audio and video data to related equipment; the system is also used for sampling, coding and compressing local audio and video data to obtain a compressed packet, then encrypting the compressed packet through a session key and sending the encrypted compressed packet to the smart phone.
5. Remote control module of smart phone
The remote control module specifically includes: the device comprises a registration unit, a file access unit, a designated APP operation unit and an audio and video import and export unit; wherein the content of the first and second substances,
the registration unit is used for sending a PIN code when the registration unit is connected with the smart phone for the first time, and then receiving an equipment key and an equipment storage key sent by private cloud mobile phone equipment;
the file access unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the encrypted session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, generating an acquisition file application, encrypting the acquisition file application by using the session key and sending the encrypted file application to the private cloud mobile phone equipment, and decrypting the received encrypted file by using an equipment storage key; the device storage key is used for encrypting the local file and sending the encrypted local file to the private cloud mobile phone device;
the appointed APP operation unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, generating an encryption permission sharing control marking message, encrypting the encryption permission sharing control marking message by using the session key and sending the encryption permission sharing control marking message to the private cloud mobile phone equipment; the device comprises a touch screen clicking control message, a private cloud mobile phone device and a session key, wherein the touch screen clicking control message is generated according to the acquired finger touch screen pressing degree and the finger touch screen position information; the session key is used for encrypting the control APP instruction and sending the encrypted control APP instruction to the private cloud mobile phone device;
the audio and video import and export unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, and encrypting the collected local audio and video data by using the session key and sending the encrypted local audio and video data to the private cloud mobile phone equipment; the session key is used for encrypting the imported audio and video data message and sending the encrypted imported audio and video data message to the smart phone, the session key is used for decrypting the received encrypted graphic configuration message to obtain a graphic configuration message, then an image updating frequency message is generated according to the graphic configuration message, the session key is used for encrypting the image updating frequency message and sending the image updating frequency message to the smart phone, then the session key is used for decrypting the received encrypted audio and video data, and then the received encrypted audio and video data is decompressed and decoded to obtain the audio and video data.
After a safe conversation channel is established, the client mobile phone shares the message of the control mark with the private cloud mobile phone device to tell the private cloud mobile phone device whether to allow a plurality of client mobile phones to perform remote control at the same time, and after receiving the message, the private cloud mobile phone device disconnects other mobile devices if the sharing mark is false.
(1) Audio and video output protocol:
the audio and video data are temporary data, are not required to be stored in a hard disk, are directly encoded and compressed in the memory of the private cloud mobile phone device, and are transmitted and encrypted in a remote image cache mode. The specific implementation method comprises the following steps:
1) the private cloud mobile phone device firstly sends a graphic configuration message to the smart phone, wherein the message comprises: the image resolution height, width, pixel point color depth and audio sampling rate;
2) after receiving the image update request, the smart phone informs the private cloud mobile phone equipment of the image update frequency, namely the number of the images required by each second;
3) the private cloud mobile phone device samples the output audio and video according to the format, encodes and compresses the audio and video, and then encrypts and transmits the audio and video to the client mobile phone;
4) the client handset can modify the graphics configuration of 1) and 2) above through the image settings to achieve the desired graphics quality.
(2) The control input protocol is as follows:
1) clicking a touch screen: when a client mobile phone clicks a touch screen, information such as the pressing degree and the position is generated into a touch screen operation message, the touch screen operation message is encrypted by using a session key and then transmitted to private cloud mobile phone equipment, and the private cloud mobile phone equipment decrypts the touch screen operation message by using the session key to complete the remote control operation of a user.
2) Audio and video input: the data of the client mobile phone camera and the microphone can be subjected to audio and video acquisition and sampling on remote control software of the client mobile phone, transmitted to the private cloud mobile phone device through the encryption channel and forwarded to the target device through the private cloud mobile phone device.
(3) The convenience operation function:
the required software can be resident in the memory conveniently, and can be switched in directly when the software is required, so that the loading time of some mobile phone software is reduced.
Some tedious and repeated steps can be recorded through remote controlled software, and a one-click operation function can be performed. Such as check-in of multiple software, etc.
The private cloud mobile phone equipment is used as private cloud hardware support, the key management software completely supports data encryption transmission, and the remote control software realizes the cloud mobile phone function, so that the privacy safety and the function diversity of the invention can be realized.
Fig. 4 is a timing diagram illustrating initialization and interaction with a smart phone of the private cloud phone device of the present invention.
For example, the following steps are carried out:
taking the scenario that the smart phone remotely controls the private cloud phone device to encrypt and store the file as an example, as shown in fig. 5, the specific process is as follows:
after the client takes the private cloud mobile phone device, the remote control module scans the two-dimensional code on the device, so that the client mobile phone can safely acquire the user device key, and the client mobile phone and the private cloud mobile phone device can be bound by acquiring the user device key. And then setting information such as PIN (personal identification number) codes of the private cloud mobile phone equipment and WiFi (wireless fidelity) network passwords of the user network on the client mobile phones, wherein the PIN codes are used for adding or modifying another client mobile phone by the client to control the private cloud mobile phone equipment.
After obtaining the user equipment key, the remote control module can encrypt the data transmission channel by using the key, negotiate with the private cloud mobile phone equipment and generate a session key.
After the remote control module obtains the session key, the session key encryption channel is used for interacting with the controlled module of the private cloud mobile phone device; the controlled module transmits the audio and video data on the private cloud mobile phone device through the encryption channel, and the interface and the audio and video data of the private cloud mobile phone device can be seen through the remote control software; the remote control module converts user operation into a control instruction through the encryption channel and sends the control instruction to the controlled module, and the controlled module carries out simulation operation on the control instruction on the private cloud mobile phone device.
Through the above operations, all links are encrypted for transmission; when a user operates the private cloud mobile phone device to store a file, the file is stored by using a ciphertext storage plaintext access method, so that the plaintext content of the encrypted storage disk cannot be read even if the encrypted storage disk is stolen by other people, and the privacy data in the private cloud mobile phone device of the user can be protected perfectly.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and are not limited. Although the present invention has been described in detail with reference to the embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (8)

1. A private cloud based secure cloud handset system, the system comprising: the system comprises private cloud mobile phone equipment and a remote control module arranged on a smart phone; wherein the content of the first and second substances,
the private cloud mobile phone device is used for generating a device key and a device storage key for the smart phone when the private cloud mobile phone device is connected with the smart phone for the first time, generating a session key before the private cloud mobile phone device transmits a message to the smart phone each time, encrypting the session key through the device key and then sending the encrypted session key to the smart phone; the device storage key is used for decrypting the received message by using the session key, decrypting the received file by using the device storage key and storing the file in a local ciphertext; the session key is used for decrypting the received instruction and carrying out corresponding operation locally; the system is used for sampling, coding and compressing local audio and video data, encrypting the local audio and video data by using a session key and transmitting the encrypted local audio and video data to the smart phone; the session key is also used for decrypting the received audio and video data and forwarding the decrypted audio and video data to related equipment;
the remote control module is used for receiving an equipment key and an equipment storage key sent by the private cloud mobile phone equipment when the remote control module is connected with the private cloud mobile phone equipment for the first time, and is used for decrypting a received session key by using the equipment key before transmitting a message with the smart phone each time; the system comprises a session key, private cloud mobile phone equipment, a device storage key and a private cloud mobile phone device, wherein the session key is used for encrypting the generated message and sending the message to the private cloud mobile phone equipment, the device storage key is used for encrypting a local file and sending the file to the private cloud mobile phone equipment for ciphertext storage, and the session key is used for encrypting the generated instruction and sending the instruction to the private cloud mobile phone equipment for notification and corresponding operation; the private cloud mobile phone equipment is used for decrypting the encrypted audio and video data sent by the private cloud mobile phone equipment by using the session key; and the system is also used for encrypting locally acquired audio and video data by using the session key and sending the encrypted locally acquired audio and video data to the private cloud mobile phone equipment.
2. The private cloud-based secure cloud phone system of claim 1, wherein the private cloud phone device comprises an encryption chip, a key management module, a file storage module, and a remotely controlled module; wherein the content of the first and second substances,
the encryption chip is used for generating an equipment key and an equipment storage key and sending the equipment key and the equipment storage key to the key management module when the smart phone is connected with the private cloud mobile phone equipment for the first time; the remote control module is also used for generating a session key and sending the session key to the key management module and the remote controlled module; the session key is valid for a single session;
the key management module is used for encrypting the session key sent by the encryption chip by using the device key and sending the session key to the smart phone; the device comprises a session key storage module, a file storage module and a local file storage module, wherein the session key storage module is used for receiving encrypted messages or instructions sent by the smart phone, decrypting the messages or instructions by using the session key, receiving encrypted files sent by the smart phone, decrypting the encrypted files by using the device storage key and sending the decrypted files to the file storage module, and encrypting local files by using the session key and sending the encrypted files to the smart phone;
the file storage module is used for carrying out ciphertext storage on the received file;
the remote controlled module is used for receiving the session key, decrypting the encrypted message or instruction sent by the smart phone by using the session key, and performing corresponding operation according to the message or instruction; the session key is used for decrypting the encrypted audio and video data sent by the smart phone and forwarding the decrypted audio and video data to related equipment; the system is also used for sampling, coding and compressing local audio and video data to obtain a compressed packet, then encrypting the compressed packet through a session key and sending the encrypted compressed packet to the smart phone.
3. The private cloud-based secure cloud phone system according to claim 2, wherein the specific processing procedure of the key management module is as follows:
receiving an encrypted session key acquisition application sent by the smart phone, decrypting the session key acquisition application by using a pre-obtained device key, sending the decrypted session key to an encryption chip, receiving a session key sent by the encryption chip, encrypting the session key by using the device key, and sending the encrypted session key to the smart phone;
receiving an encrypted file acquisition application sent by the smart phone, decrypting the file acquisition application by using a session key, sending the decrypted file acquisition application to a file storage module, receiving a file sent by the file storage module, encrypting the file by using an equipment storage key, and sending the encrypted file to the smart phone;
and receiving the encrypted file sent by the smart phone, decrypting the encrypted file by using the equipment storage key and sending the decrypted file to the file storage module.
4. The private cloud-based secure cloud phone system of claim 2, wherein the private cloud phone device comprises an HDMI interface for accessing a display or a micro monochromatic LED screen to display a scanned two-dimensional code, so that the smart phone can obtain a device key by scanning the two-dimensional code, thereby achieving the binding of the smart phone and the private cloud phone device.
5. The private cloud-based secure cloud phone system according to claim 4, wherein when the smart phone scans the two-dimensional code, the private cloud phone device and the smart phone are deployed in the same local area network, and the specific processing procedure of the key management module further includes:
receiving a PIN code set by the smart phone and sending the PIN code to the encryption chip;
setting the smart phone as an administrator of private cloud phone equipment;
and receiving the equipment key and the equipment storage key generated by the encryption chip, and sending the equipment key and the equipment storage key to the smart phone.
6. The private cloud-based secure cloud phone system according to claim 3, wherein the specific processing procedure of the encryption chip is as follows:
receiving a PIN code sent by a key management module, storing the PIN code after asymmetric encryption processing, generating an equipment key and an equipment storage key, and sending the equipment key and the equipment storage key to the key management module;
and receiving the application for acquiring the session key sent by the key management module, generating the session key, and sending the session key to the key management module and the remote controlled module respectively.
7. The private cloud-based secure cloud phone system according to claim 3, wherein the remotely controlled module is implemented by:
receiving a session key sent by an encryption chip;
receiving encrypted sharing permission control marking information sent by the smart phone, decrypting the sharing permission control marking information by using a session key, judging that the sharing permission control marking is false, and disconnecting the network connection between the private cloud mobile phone equipment and other mobile equipment;
receiving an encrypted touch screen clicking control message sent by the smart phone; decrypting the touch screen click control message by using the session key, and finishing corresponding operation according to the touch screen click control message; the touch screen clicking control message comprises the pressing degree of the finger touch screen and the position information of the finger touch screen;
receiving an encrypted control APP instruction sent by the smart phone, decrypting the control APP instruction by using a session key, and operating a local corresponding APP according to the control APP instruction; the APP is installed on both the smart phone and the private cloud phone device;
receiving encrypted audio and video data sent by the smart phone, decrypting the audio and video data by using the session key, and forwarding the encrypted audio and video data to related equipment according to the sending requirement of the smart phone;
receiving an encrypted import audio and video data message sent by a smart phone, decrypting the import audio and video data message by using a session key to generate a graphic configuration message, encrypting the graphic configuration message by using the session key and sending the graphic configuration message to the smart phone, receiving an encrypted image updating frequency message sent by the smart phone, decrypting the image updating frequency message by using the session key, sampling, encoding and compressing output audio and video data according to the image updating frequency message to obtain a compression packet, encrypting the compression packet by using the session key and sending the compression packet to the smart phone; the graphic configuration message includes an image resolution height, width, pixel point color depth, and audio sampling rate.
8. The private cloud-based secure cloud phone system of claim 1, wherein the remote control module specifically comprises: the device comprises a registration unit, a file access unit, a designated APP operation unit and an audio and video import and export unit; wherein the content of the first and second substances,
the registration unit is used for sending a PIN code when the registration unit is connected with the smart phone for the first time, and then receiving an equipment key and an equipment storage key sent by private cloud mobile phone equipment;
the file access unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, generating an acquisition file application, encrypting the acquisition file application by using the session key and sending the encrypted file application to the private cloud mobile phone equipment, and decrypting the received encrypted file by using an equipment storage key; the device storage key is used for encrypting the local file and sending the encrypted local file to the private cloud mobile phone device;
the appointed APP operation unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, generating an encryption permission sharing control marking message, encrypting the encryption permission sharing control marking message by using the session key and sending the encryption permission sharing control marking message to the private cloud mobile phone equipment; the device comprises a touch screen clicking control message, a private cloud mobile phone device and a session key, wherein the touch screen clicking control message is generated according to the acquired finger touch screen pressing degree and the finger touch screen position information; the session key is used for encrypting the control APP instruction and sending the encrypted control APP instruction to the private cloud mobile phone device;
the audio and video import and export unit is used for generating a session key acquisition application, encrypting the session key acquisition application by using an equipment key and sending the session key acquisition application to the private cloud mobile phone equipment, decrypting the received encrypted session key by using the equipment key to obtain a session key, encrypting the collected local audio and video data by using the session key and sending the encrypted local audio and video data to the private cloud mobile phone equipment; the session key is used for encrypting the imported audio and video data message and sending the encrypted imported audio and video data message to the smart phone, the session key is used for decrypting the received encrypted graphic configuration message to obtain a graphic configuration message, then an image updating frequency message is generated according to the graphic configuration message, the session key is used for encrypting the image updating frequency message and sending the image updating frequency message to the smart phone, then the session key is used for decrypting the received encrypted audio and video data, and then the received encrypted audio and video data is decompressed and decoded to obtain the audio and video data.
CN202011167297.2A 2020-10-28 2020-10-28 Safety cloud mobile phone system based on private cloud Active CN112003881B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011167297.2A CN112003881B (en) 2020-10-28 2020-10-28 Safety cloud mobile phone system based on private cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011167297.2A CN112003881B (en) 2020-10-28 2020-10-28 Safety cloud mobile phone system based on private cloud

Publications (2)

Publication Number Publication Date
CN112003881A CN112003881A (en) 2020-11-27
CN112003881B true CN112003881B (en) 2021-02-02

Family

ID=73475167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011167297.2A Active CN112003881B (en) 2020-10-28 2020-10-28 Safety cloud mobile phone system based on private cloud

Country Status (1)

Country Link
CN (1) CN112003881B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112668031A (en) * 2021-03-15 2021-04-16 尤尼泰克(嘉兴)信息技术有限公司 Coding and decoding method and device for network file protection
CN114567479B (en) * 2022-02-28 2022-11-15 中国科学院软件研究所 Intelligent equipment safety control reinforcement and monitoring early warning method
CN114780470B (en) * 2022-03-25 2023-08-11 北京百度网讯科技有限公司 Cloud mobile phone management system, method, device, electronic equipment and readable storage medium
CN114938408B (en) * 2022-04-30 2023-07-14 苏州浪潮智能科技有限公司 Data transmission method, system, equipment and medium of cloud mobile phone

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016160517A1 (en) * 2015-03-27 2016-10-06 Interactive Intelligence Group, Inc. System and method for provisioning and registration
CN105245502A (en) * 2015-09-06 2016-01-13 江苏马上游科技股份有限公司 Cloud computing data security solving method
CN109639697A (en) * 2018-12-24 2019-04-16 广州微算互联信息技术有限公司 Cloud mobile phone safe throws method, mobile terminal and the server of screen
CN110750326B (en) * 2019-09-02 2022-10-14 福建升腾资讯有限公司 Disk encryption and decryption method and system for virtual machine
CN111314452B (en) * 2020-02-11 2022-08-26 安超云软件有限公司 Shell access method, device, equipment and storage medium of cloud mobile phone
CN111416807B (en) * 2020-03-13 2022-06-07 苏州科达科技股份有限公司 Data acquisition method, device and storage medium

Also Published As

Publication number Publication date
CN112003881A (en) 2020-11-27

Similar Documents

Publication Publication Date Title
CN112003881B (en) Safety cloud mobile phone system based on private cloud
US10182255B2 (en) Method, terminal, and system for communication pairing of a digital television terminal and a mobile terminal
CN107786331B (en) Data processing method, device, system and computer readable storage medium
CN111343202B (en) Internet of things data security storage system based on private cloud
CN107993073B (en) Face recognition system and working method thereof
CN113992346B (en) Implementation method of security cloud desktop based on national security reinforcement
CN107579903B (en) Picture message secure transmission method and system based on mobile device
CN112436936B (en) Cloud storage method and system with quantum encryption function
CN113301431A (en) Video data encryption and decryption method and device, electronic equipment and system
CN106131008B (en) Video and audio monitoring equipment, security authentication method thereof and video and audio display equipment
JP2014082717A (en) Wireless communication system, portable terminal, digital camera, communication method, and program
CN112511892B (en) Screen sharing method, device, server and storage medium
CN105744294A (en) Video chaotic secure communication method implemented in cellphone
US11303630B2 (en) Method for opening a secure session on a computer terminal
KR100931986B1 (en) Terminal and method for transmitting message and receiving message
CN110996132A (en) Video image splitting, encrypting and transmitting method, device and system
CN106385684B (en) Method and device for sharing wireless network and method and device for accessing wireless network
CN111934995B (en) Internet of things gateway system
CN113709088B (en) Data transmission method, device, equipment and storage medium based on wearable equipment
KR101144074B1 (en) System for transferring certification between user terminals
CN108958771A (en) Update method, device, server and the storage medium of application program
CN114124880B (en) Secret communication method and device based on public cloud, computer equipment and storage medium
CN114679287B (en) Data processing method, system, electronic device and storage medium
Bertels Design of a pairing protocol for the AR. Drone 2.0
CN117180727A (en) Cloud desktop service system, and single-machine game cooperative operation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant