CN113839784B - Secure call method and device, electronic equipment and storage medium - Google Patents
Secure call method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113839784B CN113839784B CN202111138340.7A CN202111138340A CN113839784B CN 113839784 B CN113839784 B CN 113839784B CN 202111138340 A CN202111138340 A CN 202111138340A CN 113839784 B CN113839784 B CN 113839784B
- Authority
- CN
- China
- Prior art keywords
- token
- message
- calling
- call
- called
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012790 confirmation Methods 0.000 claims abstract description 41
- 238000012795 verification Methods 0.000 claims abstract description 38
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 abstract description 21
- 230000006870 function Effects 0.000 description 13
- 230000005540 biological transmission Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/164—Adaptation or special uses of UDP protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Communication Control (AREA)
Abstract
The invention relates to the field of equipment communication, and discloses a safe call method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: after the message token is generated by the calling terminal, the message token is uploaded to the message server by using a UDP protocol for storage and verification, when the message token is successfully verified by the message server, the calling terminal sends a call request to the called terminal, the called terminal generates a token index of the calling terminal according to the call request, so that the message token corresponding to the calling terminal is inquired in the message server by using the UDP protocol, and when the message token identity returned by the message server is successfully verified, the called terminal sends a signature value confirmation request of the message token to the message server by using an HTTPS protocol, so that the call request of the calling terminal is received or refused through the result of the signature value confirmation request. The invention can ensure the safe call of the called terminal on the basis of not increasing the operation cost.
Description
Technical Field
The present invention relates to the field of device communication, and in particular, to a method and apparatus for secure communication, an electronic device, and a computer readable storage medium.
Background
With the rapid development of the internet, network security is more and more important, and particularly in the network call scene, many fraud, illegal phones and the like can appear, so that certain losses are brought to many users, and therefore, how to ensure the security of the network call is important.
At present, network communication generally only displays a mobile phone number or a fixed number of a user, and cannot identify the identity of the user, so that many fraud, illegal phones and the like cannot be accurately identified, and if the mobile phone number or the fixed number of the user is transmitted and loaded through an operator, larger operation cost is required.
Disclosure of Invention
In order to solve the technical problems or at least partially solve the technical problems, the invention provides a secure call method, a secure call device, an electronic device and a computer readable storage medium, which can solve the problem of ensuring the secure call of a called terminal on the basis of not increasing the operation cost.
In a first aspect, the present invention provides a method for secure call, where the method is applied to a called terminal, and includes:
when a call request is received, acquiring calling information and called information of the call request;
generating a token index according to the calling information and the called information;
Inquiring a message token of a calling terminal of the call request from a message server by using a UDP protocol through the token index, and checking the identity of the message token;
and when the identity verification of the message token is successful, transmitting a signature value confirmation request of the message token to the message server by using an HTTPS protocol so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request.
It can be seen that, in the embodiment of the invention, the token index of the calling terminal is generated through the calling information of the calling terminal and the called terminal, so that the quick search of the message token of the calling terminal can be realized; secondly, the embodiment of the invention sends the token index to the preset message server by utilizing the UDP protocol, so that the message server is utilized to execute the inquiry of the message token of the calling terminal according to the token index, the quick search of the message token can be realized, and the identity of the message token returned by the message server is checked, so that whether the message token is sent by the calling terminal or not can be identified, and the identity consistency of the calling terminal can be ensured; further, the embodiment of the invention can ensure the safe transmission of the signature value of the calling terminal and ensure the identity uniqueness confirmation of the calling terminal on the basis of not accessing an operator by sending the signature value confirmation request of the message token to the message server by using the HTTPS protocol so as to answer or reject the call request of the calling terminal by using the result of the signature value confirmation request. Therefore, the safety call method applied to the called terminal provided by the embodiment of the invention can realize the verification of identity consistency and uniqueness of the calling terminal, and can ensure the safety call of the called terminal on the basis of not increasing the operation cost.
In one possible implementation manner of the first aspect, when the call request is received, obtaining the calling information of the calling terminal and the called information of the called terminal includes:
identifying the call parameters of the call request, and splitting the call parameters according to the call object to obtain a calling parameter and a called parameter;
and respectively extracting information features of the calling parameter and the called parameter, and respectively taking the extracted information features as the calling information and the called information.
In a possible implementation manner of the first aspect, the generating a token index of the calling terminal according to the calling information and the called information includes:
inquiring the calling number and signature time in the calling information and the called number in the called information;
cutting the called number to obtain a cutting number;
and constructing the hash value of the calling number, the signature time and the cutting number, and taking the hash value as a token index of the calling terminal.
In a possible implementation manner of the first aspect, the verifying the identity of the message token returned by the message server includes:
Acquiring a calling number in the returned message token, and identifying whether the calling number in the message token is consistent with the calling number in the token index;
if the calling number in the message token is inconsistent with the calling number in the token index, the identity verification of the message token fails;
if the calling number in the message token and the calling in the token index
In a possible implementation manner of the first aspect, the answering or rejecting the call request of the calling terminal through the result of the signature value confirmation request includes:
if the signature value corresponding to the signature value confirmation request is inquired in the message server, receiving a call request of the calling terminal;
and if the signature value corresponding to the signature value confirmation request is not queried in the message server, rejecting the call request of the calling terminal.
In a second aspect, the present invention provides a secure call method, where the method is applied to a calling terminal, and includes:
acquiring a call data packet of the calling terminal, and defining a message token of the calling terminal according to the call data packet;
transmitting the message token to a preset message server by using a UDP protocol so as to carry out message verification on the message token through the message server;
And when the message of the message token is successfully checked, sending a call request of the calling terminal to the called terminal by using a call protocol.
In a third aspect, the present invention provides a secure call device, the device being applied to a called terminal, comprising:
the call information acquisition module is used for responding to a call request of a calling terminal and acquiring calling information of the calling terminal and called information of the called terminal;
the token index generation module is used for generating a token index of the calling terminal according to the calling information and the called information;
the identity information checking module is used for sending the token index to a preset message server by utilizing a UDP protocol, so that the message server can execute the inquiry of the message token of the calling terminal according to the token index, and the identity checking is carried out on the message token returned by the message server;
and the call request execution module is used for sending a signature value confirmation request of the message token to the message server by using an HTTPS protocol when the identity verification of the message token is successful, so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request.
In a fourth aspect, the present invention provides a secure call device, the device being applied to a calling terminal, comprising:
the message token definition module is used for acquiring a call data packet of the calling terminal and defining a message token of the calling terminal according to the call data packet;
the message token checking module is used for transmitting the message token to a preset message server by using a UDP protocol so as to check the message of the message token through the message server;
and the call request sending module is used for sending the call request of the calling terminal to the called terminal by using a call protocol when the message verification of the message token is successful.
In a fifth aspect, the present invention provides an electronic device, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor;
wherein the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the secure talk method as described in any one of the first and second aspects above.
In a sixth aspect, the present invention provides a computer readable storage medium storing a computer program which when executed by a processor implements the secure talk method according to any one of the first and second aspects above.
In summary, the method for secure call provided by the embodiment of the invention realizes uploading, querying and verifying the message token of the calling terminal in the message server by adopting a multi-protocol mode, so that the problem of operation cost caused by the fact that the identity information of the calling terminal is required to be transmitted and loaded by an operator in the prior art can be solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1 is a schematic system architecture diagram of a method for secure communication according to an embodiment of the present invention;
fig. 2 is a flow chart of a method for secure call applied to a calling terminal according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for secure call applied to a called terminal according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a secure call device applied to a calling terminal according to an embodiment of the present invention;
fig. 5 is a schematic block diagram of a secure call device applied to a called terminal according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an internal structure of an electronic device for implementing a secure call method according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the embodiment of the invention, the safe call method is realized through interaction among a message server, a calling terminal and a called terminal, and the core of the embodiment of the invention is as follows: before a calling terminal sends a call request to a called terminal, firstly generating a message token, uploading the message token to a message server by using a UDP protocol for storage and verification, and when the message server successfully verifies the message token, sending the call request to the called terminal; and the called terminal generates a token index of the calling terminal according to the call request, requests to inquire a message token of the calling terminal corresponding to the token index from a message server by using a UDP protocol, and when the identity of the message token returned by the message server is successfully checked, sends a signature value confirmation request of the message token to the message server by using an HTTPS protocol so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request. The method for the safe call provided by the embodiment of the invention can solve the problem of operation cost caused by the transmission and loading of the identity information of the calling terminal through an operator in the prior art by adopting a multi-protocol mode to realize the uploading, the inquiry and the verification of the message token of the calling terminal in the message server, and simultaneously can realize the information consistency and the uniqueness verification of the calling terminal by adopting the multi-protocol mode, thereby accurately identifying the identity information of the calling terminal and guaranteeing the safe call of the called terminal.
The following describes the implementation principle of the security call method according to the present invention with reference to fig. 1 to 3.
Fig. 1 is a schematic diagram of a system architecture of a secure call method according to an embodiment of the invention. The system architecture comprises a message server 1, a calling terminal 2 and a called terminal 3.
In the embodiment of the present invention, the message server 1 is understood to be a server for receiving, transmitting and forwarding a message, such as a routing service server, a mail server, etc. In the embodiment of the present invention, the message server 1 is configured to store and verify a message token of the calling terminal 2, and transmit the message token to the called terminal 3, so that the called terminal 3 can perform identity verification on the calling terminal 2 when answering a call request of the calling terminal 2, thereby guaranteeing call security of the called terminal 3. The calling terminal 2 and the called terminal 3 may be understood as a device having a call function, such as a mobile phone, a tablet, etc., where the calling terminal 2 is configured to send a call request to the called terminal 3, and the called terminal 3 is configured to answer or reject the call request sent by the calling terminal 2.
Further, in the embodiment of the present invention, any two of the message server 1, the calling terminal 2 and the called terminal 3 are in communication connection, so as to implement message transfer between the message server 1 and the calling terminal 2 and the called terminal 3, and voice call between the calling terminal 2 and the called terminal 3, respectively.
Fig. 2 is a flow chart of a method for secure communication according to a first embodiment of the present invention. The method described in fig. 2 is applied to a calling terminal, and includes:
s30, acquiring a call data packet of the calling terminal, and defining a message token of the calling terminal according to the call data packet.
In the embodiment of the invention, the call data packet refers to a data packet of the calling terminal needing to send a call request, which includes a call link, called terminal information, calling terminal information and the like, and it should be understood that, in the process of performing a trusted call, the calling terminal sends a token indicating identity information to the message server to determine the security reliability of the calling terminal. As an embodiment of the present invention, the message token of the calling terminal may be constructed by calling terminal information in the call data packet, where the calling terminal information includes signature time, serial number, calling destination, signature value, authority credential, identity ticket, etc. of the calling terminal.
S31, transmitting the message token to a preset message server by using a UDP protocol, so as to carry out message verification on the message token through the message server.
In the embodiment of the present invention, the UDP protocol (User Datagram Protocol), also called user datagram protocol, is a connectionless transport layer protocol in the open system interconnection (Open System Interconnection, OSI) reference model, and provides a transaction-oriented simple unreliable information transmission service, and since the UDP has the characteristics of low resource consumption and fast data transmission, the embodiment of the present invention uses the UDP protocol to transmit the message token to a preset message server, so as to achieve fast transmission of the message token, and the preset message server may refer to the description in fig. 1 and is not further described herein.
Further, since the phenomenon of data packet loss occurs when the message token is transmitted by adopting UDP, the message server performs message verification on the message token to ensure the integrity of the message token. As an embodiment of the present invention, the message verification of the message token may include verification of the length, hash, data format, etc. of the message token.
In the embodiment of the present invention, when the message verification of the message token is successful, the message server returns success information to the calling terminal, and when the message verification of the message token is successful, the message server returns failure information to the calling terminal.
And S32, when the message verification of the message token is successful, sending a call request of the calling terminal to the called terminal by using a call protocol.
It should be appreciated that when the message verification of the message token is successful, it indicates that the message token has been successfully stored in the message server, so that the embodiment of the present invention sends the call request of the calling terminal to the called terminal through the call protocol, so as to implement the call precondition of the subsequent calling terminal and the called terminal. In one embodiment of the present invention, the session protocol includes a session initiation protocol (Session Initiation Protocol, SIP), which is a multimedia communication protocol formulated by the internet engineering task force for creating, modifying, and releasing sessions of one or more participants. Further, the SIP includes components such as a SIP user agent, a SIP registration server, a SIP proxy server, and a SIP redirect server, where the SIP user agent may be understood as an end user device, such as a calling terminal and a called terminal in the present invention, and is used to send a call message, the SIP registration server is a database containing positions of all user agents in a domain, and is used to retrieve IP and information of a call object, and the SIP proxy server accepts a call request of the SIP user agent and queries the SIP registration server to obtain address information of the call object, and the SIP redirect server is used to allow the SIP proxy server to direct S the IP call invitation information to an external domain.
Fig. 3 is a flowchart of a method for secure communication according to a first embodiment of the present invention. The method described in fig. 3 is applied to the called terminal, and includes:
s20, when a call request is received, acquiring calling information and called information of the call request.
In the embodiment of the invention, the calling information comprises a calling number, a calling time and the like, and the called information comprises a called number, a called time and the like.
As an embodiment of the present invention, when receiving a call request, obtaining calling information and called information of the call request includes: identifying call parameters of the call request, splitting the call parameters into calling parameters and called parameters according to call objects, respectively extracting information features of the calling parameters and the called parameters, and respectively taking the extracted information features as the calling information and the called information.
The call object refers to a terminal object to which the call parameter belongs, and is used for further splitting the call parameter to distinguish information between subsequent calling and called terminals, so as to avoid information confusion between the calling and called terminals. The call parameters refer to specific contents of the calling and called terminals carried in the call request, such as contents of IP, protocol, link, number, time, signature and the like of the calling and called terminals. The information feature is an identity attribute which can characterize the calling terminal in the call request and is used for guaranteeing the premise that the called terminal performs identity verification on the calling terminal.
Further, in an optional embodiment of the present invention, the identification of the call parameter may be implemented by searching for a query object of the call request by using a query statement, where the query statement may be an SQL statement, such as a select statement, and the information feature may be set as a calling number, a called number, a calling time, a signature time, or the like, and may also be set according to an actual service scenario.
S21, generating a token index of the calling terminal according to the calling information and the called information.
In the embodiment of the invention, the token index of the calling terminal is generated through the calling information and the called information so as to realize quick search of the message token of the calling terminal, wherein the token index can be understood as a search tool for searching the message token of the calling terminal.
As one embodiment of the present invention, the generating a token index of the calling terminal according to the calling information and the called information includes: inquiring the calling number and signature time in the calling information and the called number in the called information, cutting the called number to obtain a cutting number, constructing hash values of the calling number, the signature time and the cutting number by utilizing a hash algorithm, and taking the hash values as a token index of the calling terminal.
It should be understood that, the token index is used for retrieving the message token of the calling terminal, that is, for querying the identity of the calling terminal, so that the embodiment of the invention ensures the reliability of the subsequent message token lookup through the calling number, the signature time and the called number, and it should be noted that the embodiment of the invention ensures the security of the called number by clipping the called number so as to ensure that the called number is not revealed when the message token is retrieved later.
Further, in an optional embodiment of the present invention, the clipping process of the called number may be set to reserve the last three digits of the called number, or may be set according to an actual service scenario, the hash algorithm may be an SM3 algorithm, and specifically, the construction of the hash value may be implemented by the following formula:
token index:: = H (last three digits of the primary call number ||called number || "@" | String (TimeCount))
Where tokenIndex represents a hash value, H () represents a hash algorithm, and TimeCount represents a signature time function, where the TimeCount function is used to set that the signature time can use the same hash value within a preset time variation range, for example, for TimeCount: = (seconds of signalizing time)/100, the TimeCount represents hash values with signature time within 100 seconds are all the same hash value.
S22, inquiring a message token of the calling terminal of the call request from a message server by using a UDP protocol through the token index, and carrying out identity verification on the message token.
As described above, since the UDP has the features of low resource consumption and fast data transmission, the embodiment of the present invention uses the UDP protocol to send the token index to a preset message server, so as to ensure fast search of the message token by the message server executing the query of the message token of the calling terminal according to the token index. The preset message server may refer to the description in fig. 1, and will not be further described herein.
Further, before the message token of the calling terminal of the call request is queried from the message server by using the UDP protocol through the token index, the embodiment of the present invention further includes: and checking the token index by using the message server to ensure the safety and reliability of the transmitted token index, wherein the check of the token index can be realized by checking whether the length of the token index accords with the length of the token index.
Further, the embodiment of the invention identifies whether the message token is sent out by the calling terminal or not by carrying out identity verification on the message token returned by the message server, thereby ensuring the identity consistency of the calling terminal and improving the safety of the call between the calling terminal and the called terminal.
As an embodiment of the present invention, the verifying the identity of the message token returned by the message server includes: acquiring a calling number in the returned message token, identifying whether the calling number in the message token is consistent with the calling number in the token index, if not, failing to verify the identity of the message token, and if so, succeeding in verifying the identity of the message token.
It should be noted that, another embodiment of the present invention further includes: and when the message server does not inquire the message token of the calling terminal according to the token index, the message server returns an alarm prompt to the called terminal so as to characterize the identity unsafe and uncertainty of the calling terminal.
And S23, when the identity verification of the message token is successful, transmitting a signature value confirmation request of the message token to the message server by using an HTTPS protocol, so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request.
It should be appreciated that when the identity verification of the message token is successful, the identity consistency between the calling terminal of the call request and the calling terminal of the message token is indicated, so as to further ensure whether the identity of the calling terminal is unique, in the embodiment of the present invention, the signature value confirmation request of the message token is sent to the message server by using the HTTPS protocol, so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request.
It should be noted that, because the signature value confirmation request includes the unique authentication of the signature, in the embodiment of the present invention, the HTTPS protocol is an HTTP channel that targets security, and ensures the security of the transmission process through transmission encryption and identity authentication on the basis of HTTP; further, the signature value confirmation request can be understood as a confirmation instruction sent after the called terminal decrypts the signature value of the message token.
In an optional embodiment of the present invention, before the sending, by using HTTPS protocol, a signature value confirmation request of the message token to the message server, the method further includes: the signature time, the calling destination, the calling number and the called number in the message token are obtained, the signature time, the calling destination, the calling number and the called number in the message token are combined, the signature value of the message token is obtained, and a signature value confirmation request of the message token is generated according to the signature value.
Further, in an embodiment of the present invention, the answering or rejecting the call request of the calling terminal through the result of the signature value confirmation request includes: if the signature value corresponding to the signature value confirmation request is inquired in the message server, receiving a call request of the calling terminal; and if the signature value corresponding to the signature value confirmation request is not queried in the message server, rejecting the call request of the calling terminal.
It can be seen that in the embodiment of the invention, firstly, the token index of the calling terminal is generated through the call information of the calling terminal and the called terminal, so that the quick search of the message token of the calling terminal can be realized; secondly, the embodiment of the invention sends the token index to the preset message server by utilizing the UDP protocol, so that the message server is utilized to execute the inquiry of the message token of the calling terminal according to the token index, the quick search of the message token can be realized, and the identity of the message token returned by the message server is checked, so that whether the message token is sent by the calling terminal or not can be identified, and the identity consistency of the calling terminal can be ensured; further, the embodiment of the invention can ensure the identity uniqueness of the calling terminal by sending the signature value confirmation request of the message token to the message server by using the HTTPS protocol so as to answer or reject the call request of the calling terminal by using the result of the signature value confirmation request. Therefore, the safety call method applied to the called terminal provided by the embodiment of the invention can realize the verification of identity consistency and uniqueness of the calling terminal and ensure the safety call of the called terminal.
Fig. 4 is a schematic block diagram of a secure call device applied to a calling terminal according to an embodiment of the present invention.
The safety talking device 400 of the present invention can be installed in an electronic apparatus. Depending on the implemented functionality, the secure telephony device 400 may include a message token definition module 401, a message token check module 402, and a telephony request sending module 403. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the message token definition module 401 is configured to obtain a call data packet of the calling terminal, and define a message token of the calling terminal according to the call data packet;
the message token checking module 402 is configured to transmit the message token to a preset message server by using a UDP protocol, so as to perform message checking on the message token through the message server;
the call request sending module 403 is configured to send a call request of the calling terminal to a called terminal by using a call protocol when the message verification of the message token is successful.
In detail, the modules in the secure communication device 400 in the embodiment of the present invention use the same technical means as the secure communication method applied to the calling terminal described in fig. 2 and can produce the same technical effects, which are not described herein.
Fig. 5 is a schematic block diagram of a secure communication device applied to a called terminal according to an embodiment of the present invention.
The safety talking device 500 of the present invention can be installed in an electronic apparatus. Depending on the implemented functions, the secure telephony device 500 may include a telephony information acquisition module 501, a token index generation module 502, an identity information verification module 503, and a telephony request execution module 504. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the call information obtaining module 501 is configured to obtain, in response to a call request of a calling terminal, calling information of the calling terminal and called information of the called terminal;
The token index generating module 502 is configured to generate a token index of the calling terminal according to the calling information and the called information;
the identity information checking module 503 is configured to send the token index to a preset message server by using a UDP protocol, so as to perform, by using the message server, a query of a message token of the calling terminal according to the token index, and perform identity checking on the message token returned by the message server;
the call request execution module 504 is configured to send a signature value confirmation request of the message token to the message server by using HTTPS protocol when the identity verification of the message token is successful, so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request.
In detail, the modules in the secure communication device 500 in the embodiment of the present invention use the same technical means as the secure communication method applied to the called terminal described in fig. 3, and can produce the same technical effects, which are not described herein.
Fig. 6 is a schematic diagram of an internal structure of an electronic device for implementing a secure call method according to an embodiment of the present invention.
The electronic device may comprise a processor 60, a memory 61, a communication bus 62 and a communication interface 63, and may further comprise a computer program, such as a secure talk program, stored in the memory 61 and executable on the processor 60.
The processor 60 may be formed by an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed by a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing unit, CPU), a microprocessor, a digital processing chip, a graphics processor, a combination of various control chips, and the like. The processor 60 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device and processes data by running or executing programs or modules (e.g., executing a secure call program, etc.) stored in the memory 61, and calling data stored in the memory 61.
The memory 61 includes at least one type of readable storage media including flash memory, a removable hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 61 may in some embodiments be an internal storage unit of the electronic device, such as a mobile hard disk of the electronic device. The memory 61 may also be an external storage device of the electronic device in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like. Further, the memory 61 may also include both an internal storage unit and an external storage device of the electronic device. The memory 61 may be used not only for storing application software installed in the electronic device and various data such as codes of a secure call program, but also for temporarily storing data that has been output or is to be output.
The communication bus 62 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 61 and at least one processor 60 etc.
The communication interface 63 is used for communication between the electronic device and other devices, including a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
Fig. 6 shows only an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 6 is not limiting of the electronic device and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and the power source may be logically connected to the at least one processor 60 through a power management device, so that functions of charge management, discharge management, and power consumption management are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.
It should be understood that the embodiments described are for illustrative purposes only and are not limited in scope by this configuration.
The secure talk program stored in the memory 61 of the electronic device 6 is a combination of a plurality of computer programs, which when run in the processor 60, can implement:
After the calling terminal generates the message token, the message token is uploaded to a message server by using a UDP protocol for storage and verification;
when the message server checks successfully, the calling terminal sends a call request to the called terminal;
the called terminal generates a token index of the calling terminal according to the call request, so as to query a message server for a message token of the corresponding calling terminal by using a UDP protocol;
when the identity of the message token returned by the message server is successfully checked, the called terminal sends a signature value confirmation request of the message token to the message server by using an HTTPS protocol, so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request.
In particular, the specific implementation method of the processor 60 on the computer program may refer to the description of the relevant steps in the corresponding embodiment, which is not repeated herein.
Further, the integrated modules/units of the electronic device 6 may be stored in a non-volatile computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device, can implement:
after the calling terminal generates the message token, the message token is uploaded to a message server by using a UDP protocol for storage and verification;
when the message server checks successfully, the calling terminal sends a call request to the called terminal;
the called terminal generates a token index of the calling terminal according to the call request, so as to query a message server for a message token of the corresponding calling terminal by using a UDP protocol;
when the identity of the message token returned by the message server is successfully checked, the called terminal sends a signature value confirmation request of the message token to the message server by using an HTTPS protocol, so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. The method for the safe call is characterized by being applied to a called terminal and comprising the following steps:
when a call request is received, acquiring calling information and called information of the call request;
generating a token index according to the calling information and the called information;
inquiring a message token of a calling terminal of the call request from a message server by using a UDP protocol through the token index, and checking the identity of the message token;
when the identity of the message token is successfully checked, a signature value confirmation request of the message token is sent to the message server by using an HTTPS protocol, so that the call request of the calling terminal is received or refused through the result of the signature value confirmation request;
wherein the generating a token index of the calling terminal according to the calling information and the called information includes:
inquiring the calling number and signature time in the calling information and the called number in the called information;
cutting the called number to obtain a cutting number;
constructing hash values of the calling number, the signature time and the cutting number, and taking the hash values as token indexes of the calling terminal;
The identity verification of the message token comprises the following steps:
acquiring a calling number in the returned message token, and identifying whether the calling number in the message token is consistent with the calling number in the token index;
if the calling number in the message token is inconsistent with the calling number in the token index, the identity verification of the message token fails;
and if the calling number in the message token is consistent with the calling number in the token index, the identity of the message token is checked successfully.
2. The method for secure call according to claim 1, wherein the step of obtaining the calling information of the calling terminal and the called information of the called terminal when the call request is received comprises:
identifying the call parameters of the call request, and splitting the call parameters according to the call object to obtain a calling parameter and a called parameter;
and respectively extracting information features of the calling parameter and the called parameter, and respectively taking the extracted information features as the calling information and the called information.
3. The secure talk method according to any one of claims 1 to 2, wherein the answering or rejecting the talk request of the calling terminal by the result of the signature value confirmation request comprises:
If the signature value corresponding to the signature value confirmation request is inquired in the message server, receiving a call request of the calling terminal;
and if the signature value corresponding to the signature value confirmation request is not queried in the message server, rejecting the call request of the calling terminal.
4. A method for secure call, the method being applied to a calling terminal and comprising:
acquiring a call data packet of the calling terminal, and defining a message token of the calling terminal according to the call data packet;
transmitting the message token to a preset message server by using a UDP protocol so as to carry out message verification on the message token through the message server;
and when the message verification of the message token is successful, sending a call request of the calling terminal to a called terminal by using a call protocol, wherein the called terminal is used for executing the safety call method as claimed in any one of claims 1-3.
5. A secure telephony device, for use with a called terminal, comprising:
the call information acquisition module is used for responding to a call request of a calling terminal and acquiring calling information of the calling terminal and called information of the called terminal;
The token index generation module is used for generating a token index of the calling terminal according to the calling information and the called information;
the identity information checking module is used for sending the token index to a preset message server by utilizing a UDP protocol, so that the message server can execute the inquiry of the message token of the calling terminal according to the token index, and the identity checking is carried out on the message token returned by the message server;
the call request execution module is used for sending a signature value confirmation request of the message token to the message server by using an HTTPS protocol when the identity verification of the message token is successful, so as to answer or reject the call request of the calling terminal through the result of the signature value confirmation request;
wherein the generating a token index of the calling terminal according to the calling information and the called information includes:
inquiring the calling number and signature time in the calling information and the called number in the called information;
cutting the called number to obtain a cutting number;
constructing hash values of the calling number, the signature time and the cutting number, and taking the hash values as token indexes of the calling terminal;
The identity verification of the message token comprises the following steps:
acquiring a calling number in the returned message token, and identifying whether the calling number in the message token is consistent with the calling number in the token index;
if the calling number in the message token is inconsistent with the calling number in the token index, the identity verification of the message token fails;
and if the calling number in the message token is consistent with the calling number in the token index, the identity of the message token is checked successfully.
6. A secure telephony device, for use with a calling terminal, comprising:
the message token definition module is used for acquiring a call data packet of the calling terminal and defining a message token of the calling terminal according to the call data packet;
the message token checking module is used for transmitting the message token to a preset message server by using a UDP protocol so as to check the message of the message token through the message server;
and the call request sending module is used for sending the call request of the calling terminal to the called terminal by using a call protocol when the message verification of the message token is successful, wherein the called terminal is used for executing the safe call method as claimed in any one of claims 1-3.
7. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the secure talk method according to any one of claims 1 to 4.
8. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the secure talk method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111138340.7A CN113839784B (en) | 2021-09-27 | 2021-09-27 | Secure call method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111138340.7A CN113839784B (en) | 2021-09-27 | 2021-09-27 | Secure call method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113839784A CN113839784A (en) | 2021-12-24 |
| CN113839784B true CN113839784B (en) | 2023-07-28 |
Family
ID=78970671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111138340.7A Active CN113839784B (en) | 2021-09-27 | 2021-09-27 | Secure call method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113839784B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1997042784A1 (en) * | 1996-05-03 | 1997-11-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for facilitating law enforcement agency monitoring of cellular telephone calls |
| US7685206B1 (en) * | 2004-02-12 | 2010-03-23 | Microsoft Corporation | Authorization and access control service for distributed network resources |
| CN105578461A (en) * | 2014-11-10 | 2016-05-11 | 阿里巴巴集团控股有限公司 | Method and device for establishing communication mobile terminals, communication answering method and device, communication calling method and devices, and system |
| CN106231144A (en) * | 2016-09-05 | 2016-12-14 | 北京小米移动软件有限公司 | Obtain the method and device of dialing user identity |
| CN111371797A (en) * | 2020-03-12 | 2020-07-03 | 北京链安区块链科技有限公司 | Credible identity authentication method and system in communication session |
| CN112422751A (en) * | 2020-10-27 | 2021-02-26 | 中国科学院大学 | Calling method and system for displaying calling party multimedia identity based on called party |
| CN112929339A (en) * | 2021-01-21 | 2021-06-08 | 艾迪通证技术(北京)有限公司 | Message transmitting method for protecting privacy |
| CN113114858A (en) * | 2021-04-13 | 2021-07-13 | 艾迪通证技术(北京)有限公司 | Method and device for adding credible identification for call based on gateway |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8196175B2 (en) * | 2008-03-05 | 2012-06-05 | Microsoft Corporation | Self-describing authorization policy for accessing cloud-based resources |
-
2021
- 2021-09-27 CN CN202111138340.7A patent/CN113839784B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1997042784A1 (en) * | 1996-05-03 | 1997-11-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for facilitating law enforcement agency monitoring of cellular telephone calls |
| US7685206B1 (en) * | 2004-02-12 | 2010-03-23 | Microsoft Corporation | Authorization and access control service for distributed network resources |
| CN105578461A (en) * | 2014-11-10 | 2016-05-11 | 阿里巴巴集团控股有限公司 | Method and device for establishing communication mobile terminals, communication answering method and device, communication calling method and devices, and system |
| CN106231144A (en) * | 2016-09-05 | 2016-12-14 | 北京小米移动软件有限公司 | Obtain the method and device of dialing user identity |
| CN111371797A (en) * | 2020-03-12 | 2020-07-03 | 北京链安区块链科技有限公司 | Credible identity authentication method and system in communication session |
| CN112422751A (en) * | 2020-10-27 | 2021-02-26 | 中国科学院大学 | Calling method and system for displaying calling party multimedia identity based on called party |
| CN112929339A (en) * | 2021-01-21 | 2021-06-08 | 艾迪通证技术(北京)有限公司 | Message transmitting method for protecting privacy |
| CN113114858A (en) * | 2021-04-13 | 2021-07-13 | 艾迪通证技术(北京)有限公司 | Method and device for adding credible identification for call based on gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113839784A (en) | 2021-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106101258B (en) | Interface calling method, device and system of hybrid cloud | |
| CN103916244B (en) | Verification method and device | |
| US20100088752A1 (en) | Identifier Binding for Automated Web Processing | |
| JP2021504832A (en) | Model training system and method and storage medium | |
| US10693863B2 (en) | Methods and systems for single sign-on while protecting user privacy | |
| CN106685907B (en) | A kind of generation method and device of session key | |
| CN106664308B (en) | Device authentication prior to enrollment | |
| WO2019081816A1 (en) | Anonymity system for goods delivery | |
| CN103139761B (en) | The method and communication terminal of a kind of information real-time show | |
| CN110493207A (en) | A kind of data processing method, device, electronic equipment and storage medium | |
| CN110602214A (en) | Evidence storing and processing method, device, equipment and medium of judicial chain | |
| CN105162604A (en) | Feature image identification based verification method and system, and verification server | |
| CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
| CN102802150A (en) | Phone number validation method and system as well as terminal | |
| CN114095220A (en) | Telephone communication verification method, device, equipment and storage medium | |
| JPWO2010119626A1 (en) | ID authentication system, method and program | |
| CN106453349A (en) | An account number login method and apparatus | |
| CN115130075A (en) | Digital signature method and device, electronic equipment and storage medium | |
| CN113129008B (en) | Data processing method, device, computer readable medium and electronic equipment | |
| CN106022090A (en) | User login information processing method, user login information processing device and electronic equipment | |
| CN113839784B (en) | Secure call method and device, electronic equipment and storage medium | |
| CN111698097A (en) | Certificate authentication method and device | |
| CN110858132B (en) | Configuration security detection method and device for printing equipment | |
| CN114554251B (en) | Multimedia data requesting method and device, storage medium and electronic device | |
| CN109818915B (en) | Information processing method and device, server and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |