CN115022024A

CN115022024A - Method and device for encrypted call, storage medium and electronic equipment

Info

Publication number: CN115022024A
Application number: CN202210610240.8A
Authority: CN
Inventors: 郭茂文; 卢燕青; 张�荣; 黎艳; 叶佥昱; 胡鹏
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-05-31
Filing date: 2022-05-31
Publication date: 2022-09-06
Anticipated expiration: 2042-05-31
Also published as: CN115022024B

Abstract

The present disclosure provides a method, an apparatus, an electronic device and a storage medium for encrypting a call, wherein the method comprises: under the condition that the calling party and the called party are determined to meet the call encryption condition, applying to a key server to obtain a session key and key identification information; sending an update parameter request message carrying a first encryption algorithm set and key identification information supported by a calling party terminal to a called party terminal; receiving indication information carrying successful synchronization of the session key and an update parameter response message of a target encryption algorithm, which are returned by the called party terminal in response to the update parameter request message; and analyzing the update parameter response message, determining that the session key is successfully synchronized, obtaining a target encryption algorithm, and carrying out encryption communication with the called party terminal based on the target encryption algorithm and the session key. The method can realize the judgment of the terminal capability, the state and the key negotiation information by carrying the relevant information in the call signaling, and ensure the normal call, connection and conversation of the VoLTE terminal.

Description

Method and device for encrypted call, storage medium and electronic equipment

Technical Field

The present disclosure relates to the field of mobile communications technologies, and in particular, to a method and an apparatus for encrypted communication, a storage medium, and an electronic device.

Background

VoLTE (Voice over Long Term Evolution, Long Term Evolution Voice bearer) is a high-speed wireless communication standard. It may enable voice data to be transported in an LTE data bearer network based on an IMS (Internet Protocol Multimedia Subsystem) network. When the VoLTE provides a voice data transmission service, how to ensure the safety of VoLTE voice data transmission is an urgent problem to be solved. The common VoLTE voice secret speech technical schemes include the following two: (1) and carrying key negotiation information in IMS call signaling. (2) After the call is connected, the key negotiation is carried out by using the media stream of the user plane. If the negotiation is successful, entering a secret conversation state; if the negotiation fails, the plain-text is continued.

In the related art, the problem that the calling party cannot determine whether the called terminal supports the VoLTE voice encryption service and cannot determine whether the called terminal resides in the 4G/5G network during calling exists in the scheme (1). The problem of the secret communication delay exists in the scheme (2), and the party initiating the key agreement can not determine whether the opposite terminal is in the 4G/5G network.

It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.

Disclosure of Invention

The present disclosure is directed to a method, an apparatus, an electronic device, and a storage medium for encrypted communication, which overcome, at least to some extent, the problems of the related art that the state of a called terminal cannot be determined during a call and a delay in encrypted communication is not guaranteed.

Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.

According to an aspect of the present disclosure, there is provided a method for encrypting a call, applied to a calling party terminal, including: under the condition that the calling party and the called party are determined to meet the call encryption condition, applying to a key server to obtain a session key and corresponding key identification information; sending a parameter updating request message carrying first call encryption information to a called party terminal; wherein, the first conversation encryption information comprises: a first encryption algorithm set and key identification information supported by a calling party terminal; receiving an update parameter response message which is returned by the called party terminal in response to the update parameter request message and carries second communication encryption information; wherein the second communication encryption information includes: indication information and a target encryption algorithm of successful session key synchronization; and analyzing the update parameter response message, determining that the session key is successfully synchronized, obtaining a target encryption algorithm, and carrying out encryption communication with the called party terminal based on the target encryption algorithm and the session key.

In one embodiment of the present disclosure, the call encryption condition includes: the calling party and the called party have signed voice encryption service, the calling party terminal and the called party terminal are in an appointed network-resident state, and the calling party terminal and the called party terminal both support the encrypted session function; the method also comprises the following steps of determining that the calling party and the called party meet the call encryption condition: under the condition that a calling party terminal is in a designated network-resident state and supports a confidential call function, sending a call request message carrying first indication information to an application server, so that the application server forwards the call request message to a called party terminal under the condition that the calling party and the called party are determined to meet a first condition; wherein the first indication information includes: the calling party terminal supports the function of secret communication; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in a designated network-on state; receiving a call response message returned by the called party terminal in response to the call request message, and analyzing the call response message; under the condition of analyzing the call response message to obtain second indication information, determining that the calling party and the called party meet a call encryption condition; wherein the second indication information includes: the called party terminal supports the function of secret communication.

In one embodiment of the present disclosure, applying for obtaining a session key and corresponding key identification information from a key server includes: sending a calling session key application carrying call information to a key server so that the key server performs first authentication on a calling party based on the call information; wherein, the call information includes: a calling party number, a called party number and a session identifier; and receiving the session key and the key identification information returned by the key server after the first authentication is determined to pass.

According to another aspect of the present disclosure, there is provided a method for encrypting a call, applied to a called party terminal, including: receiving an update parameter request message which is sent by a calling party terminal and carries first call encryption information; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the communication encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by a calling party terminal; acquiring a session key from a key server in response to the update parameter request message to determine that the session key is successfully synchronized, and determining a target encryption algorithm based on the update parameter request message; the session key is stored in the key server after the calling party terminal applies to the key server; sending an update parameter response message carrying second communication encryption information to the calling party terminal; wherein the second communication encryption information includes: indication information of successful session key synchronization and a target encryption algorithm.

In an embodiment of the present disclosure, before receiving an update parameter request message carrying first session encryption information sent by a calling party terminal, the method further includes: receiving a call request message which is forwarded by an application server and carries first indication information under the condition that a calling party and a called party meet a first condition; wherein, the call request message is sent by the calling party terminal, and the first indication information includes: the calling party terminal supports the function of secret communication; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in a designated network-on state; analyzing the call request message, responding to the first indication information obtained by analysis, and inquiring whether the called party terminal supports the secret call function or not; under the condition that the called party terminal is confirmed to support the encrypted call function, sending a call response message carrying second indication information to the calling party terminal; wherein the second indication information includes: the called party terminal supports the function of secret communication.

In one embodiment of the present disclosure, obtaining a session key from a key server in response to an update parameter request message includes: analyzing the update parameter request message to obtain a first encryption algorithm set and key identification information supported by the calling party terminal; sending a called session key application carrying the calling information and the key identification information to a key server so that the key server performs second authentication on the called party based on the calling information; wherein, the call information includes: a calling party number, a called party number and a session identifier; and receiving the session key returned by the key server based on the key identification information after the second authentication is determined to pass.

In one embodiment of the present disclosure, determining a target encryption algorithm based on the update parameter request message includes: inquiring a second encryption algorithm set supported by the called party terminal; a target encryption algorithm is determined based on the first set of encryption algorithms and the second set of encryption algorithms.

According to another aspect of the present disclosure, there is provided a method for encrypting a call, applied to an application server, including: receiving a call request message which is sent by a calling party terminal and carries first indication information; the call request message is sent by the calling party terminal under the condition that the calling party terminal is confirmed to be in the specified network-resident state and supports the encrypted call function, and the first indication information comprises: the calling party terminal supports the function of secret communication; inquiring whether a calling party and a called party meet a first condition; the first condition includes: the calling party and the called party have signed a voice encryption service, and the called party terminal is in a specified network-resident state; and under the condition that the calling party and the called party meet the first condition, forwarding the call request message carrying the first indication information to the called party terminal.

In one embodiment of the present disclosure, querying whether the calling party and the called party satisfy the first condition includes: inquiring a unified data management network element (UDM) and/or a Home Subscriber Server (HSS) to obtain user signing data of a calling party and a called party and obtain the current network residence condition of a called party terminal; judging whether a calling party and a called party sign a voice encryption service according to user signed data, and judging whether a called party terminal is in an appointed network-residing state according to the current network-residing condition; wherein, the designated network residing state comprises: and the network is resident on a 4G network or a 5G network.

In one embodiment of the present disclosure, the method for encrypting a call further includes: under the condition that the calling party and the called party are determined not to meet the first condition, removing the first indication information in the call request message to obtain a common call request message; and forwarding the common call request message to the called party terminal.

According to another aspect of the present disclosure, there is provided a method for encrypting a call, applied to a key server, including: responding to a calling session key application sent by a calling party terminal, and sending a session key and corresponding key identification information to the calling party terminal; the calling session key application is sent by a calling party terminal under the condition that the calling party and a called party meet a call encryption condition; responding to a called session key application carrying key identification information and sent by a called party terminal, and sending a session key corresponding to the key identification information to the called party terminal; the called session key application is sent by the called party terminal in response to the request message for updating parameters sent by the calling party terminal.

In one embodiment of the present disclosure, sending a session key and corresponding key identification information to a calling party terminal in response to a calling party session key application sent by the calling party terminal, includes: receiving a calling session key application carrying calling information sent by a calling party terminal; wherein, the call information includes: a calling party code number, a called party code number and a session identifier; performing first authentication on the calling party based on the calling information; after the first authentication is determined to pass, generating and storing a session key and corresponding key identification information; and sending the session key and the key identification information to the calling party terminal.

In one embodiment of the present disclosure, sending a session key corresponding to key identification information to a called party terminal in response to a called session key application carrying the key identification information sent by the called party terminal, includes: receiving a called session key application carrying call information and key identification information sent by a called party terminal; wherein, the call information includes: a calling party number, a called party number and a session identifier; performing second authentication on the called party based on the calling information; after the second authentication is determined to pass, determining a session key corresponding to the key identification information; and sending the session key to the called party terminal.

According to still another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to a calling party terminal, including: the first key acquisition module is used for applying for acquiring a session key and corresponding key identification information from a key server under the condition that a calling party and a called party are determined to meet a call encryption condition; the first sending module is used for sending a parameter updating request message carrying first call encryption information to the called party terminal; wherein, the first conversation encryption information comprises: a first encryption algorithm set and key identification information supported by a calling party terminal; the first receiving module is used for receiving an update parameter response message which is returned by the called party terminal in response to the update parameter request message and carries the second communication encryption information; wherein the second communication encryption information includes: indication information and a target encryption algorithm of successful session key synchronization; and the analysis module is used for analyzing the update parameter response message, determining that the session key is successfully synchronized and obtaining a target encryption algorithm, and further carrying out encryption conversation with the called party terminal based on the target encryption algorithm and the session key.

According to still another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to a called party terminal, including: the second receiving module is used for receiving a parameter updating request message which is sent by the calling party terminal and carries the first call encryption information; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the communication encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by a calling party terminal; the second key acquisition module is used for responding to the update parameter request message to acquire the session key from the key server so as to determine that the session key is successfully synchronized and determine a target encryption algorithm based on the update parameter request message; the session key is stored in the key server after the calling party terminal applies to the key server; the second sending module is used for sending an update parameter response message carrying second communication encryption information to the calling party terminal; wherein the second communication encryption information includes: indication information of successful session key synchronization and a target encryption algorithm.

According to another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to an application server, including: the third receiving module is used for receiving a call request message which is sent by the calling party terminal and carries the first indication information; the call request message is sent by the calling party terminal under the condition that the calling party terminal is confirmed to be in the specified network-resident state and supports the confidential call function, and the first indication information comprises: the calling party terminal supports the function of secret communication; the query module is used for querying whether the calling party and the called party meet a first condition or not; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in a designated network-on state; and the third sending module is used for forwarding the call request message carrying the first indication information to the called party terminal under the condition that the calling party and the called party are determined to meet the first condition.

According to another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to a key server, including: a fourth sending module, configured to send a session key and corresponding key identification information to the calling party terminal in response to a calling session key application sent by the calling party terminal; the calling session key application is sent by a calling party terminal under the condition that the calling party and a called party meet a call encryption condition; the fourth sending module is also used for responding to a called session key application carrying the key identification information and sent by the called party terminal and sending a session key corresponding to the key identification information to the called party terminal; the called session key application is sent by the called party terminal in response to the request message for updating parameters sent by the calling party terminal.

According to yet another aspect of the present disclosure, there is provided a system for encrypting a call, the system comprising: a calling party terminal, a called party terminal, an application server and a key server; a calling party terminal configured to perform a method for encrypted call applied to the calling party terminal; a called party terminal configured to perform a method for encrypted call applied to the called party terminal; an application server configured to perform a method for encrypting a call applied to the application server; a key server configured to perform a method for encrypting a call applied to the key server.

According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method for encrypting a call described above.

According to still another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the above-described method for encrypting a call via execution of the executable instructions.

In the method for encrypted call provided by the embodiment of the disclosure, on one hand, a calling party terminal and a called party terminal can respectively carry indication information of whether a local machine supports a secret call function in respective sent messages (including a request message and a response message); on the other hand, the application server can respond to the request message sent by the calling party terminal to inquire whether both the calling party and the called party have signed the voice encryption service, and whether the called party terminal is in the designated network-resident state, and carry out subsequent message forwarding processing; on the other hand, the calling party terminal and the called party terminal can respectively carry identification information related to the session key and the encryption algorithm in respective sent messages to negotiate the encryption algorithm and the session key, and then can use the negotiated encryption algorithm and the session key to perform subsequent call flow so as to realize encrypted call. Therefore, by the method for encrypting the call provided by the disclosure, the identification information such as the terminal capability, the network residing state, the key negotiation and the like can be carried in the call signaling (such as the IMS call signaling, including the request message and the response message) on the premise of not changing the existing voice (such as VoLTE) service mode and the user experience, and the identification information carried in the call signaling is processed in a terminal and network cooperation mode, so that the judgment on the terminal capability, the network residing state, the subscription service and the key negotiation information is realized, the normal call, connection and call of the terminal are ensured, the voice encryption service is realized, and the problem of communication delay is also avoided.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.

Fig. 1 illustrates a network architecture diagram of a method for encrypting a call according to an embodiment of the present disclosure;

fig. 2 shows a flowchart of a method for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure;

fig. 3 shows a flowchart of a method for encrypting a call applied to a called party terminal in an embodiment of the present disclosure;

fig. 4 is a flowchart illustrating a method for encrypting a call applied to an application server in an embodiment of the present disclosure;

FIG. 5 is a flow chart illustrating a method for encrypting a call applied to a key server in an embodiment of the present disclosure;

FIG. 6 illustrates an interaction flow diagram of a method for encrypting a call of one embodiment of the present disclosure;

FIG. 7 illustrates a flow diagram of a method for encrypting a call of yet another embodiment of the present disclosure;

fig. 8 is a block diagram illustrating an apparatus for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure;

fig. 9 is a block diagram illustrating an apparatus for encrypting a call applied to a called party terminal in an embodiment of the present disclosure;

fig. 10 is a block diagram illustrating an apparatus for encrypting a call applied to an application server in an embodiment of the present disclosure;

FIG. 11 is a block diagram illustrating an apparatus for encrypting a call applied to a key server in an embodiment of the present disclosure; and

fig. 12 shows a block diagram of a computer device for encrypting a call in an embodiment of the present disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.

Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present disclosure, "a plurality" means at least two, e.g., two, three, etc., unless explicitly specifically limited otherwise.

To address the technical problems in the related art, embodiments of the present disclosure provide a method for encrypting a call to solve at least one or all of the technical problems.

Fig. 1 shows a network architecture diagram of a method for encrypting a call according to an embodiment of the present disclosure.

AS shown in fig. 1, the system architecture may include a calling party terminal 101, a called party terminal 102, an Application Server (AS) 103, and a Key Server (KS) 104. Among them, the terminals (including the calling party terminal 101 and the called party terminal 102) and the server (including the application server 103 and the key server 104) can perform Data communication through a Network, and the Network can perform Data communication, for example, including a Data Network (DN), an IMS (IP Multimedia Subsystem) and a 4G/5G Network; the network may be a wired network or a wireless network.

In an exemplary embodiment, the wired or wireless networks described above use standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network may be represented using techniques and/or formats including Hypertext Mark-up Language (HTML), Extensible markup Language (XML), and the like. In addition, all or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Virtual Private Network (VPN), Internet protocol Security (IPsec), and so on. In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.

In an exemplary embodiment, the calling party terminal 101, the called party terminal 102 may be various electronic devices including, but not limited to, smart phones, tablets, laptop portable computers, desktop computers, wearable devices, Augmented Reality (AR) devices, Virtual Reality (VR) devices, and the like. Alternatively, the operating systems running on the calling party terminal 101 and the called party terminal 102 may include, but are not limited to, an android system, an IOS system, a Linux system, a Windows system, and the like.

Illustratively, the procedure of the calling party terminal 101 implementing the method for encrypting a call may be: the calling party terminal 101 applies for obtaining a session key and corresponding key identification information from a key server under the condition that the calling party and the called party are determined to meet the call encryption condition; a calling party terminal 101 sends a parameter updating request message carrying first call encryption information to a called party terminal; wherein, the first conversation encryption information comprises: a first encryption algorithm set and key identification information supported by a calling party terminal; the calling party terminal 101 receives an update parameter response message which is returned by the called party terminal in response to the update parameter request message and carries second communication encryption information; wherein the second communication encryption information includes: indication information and a target encryption algorithm of successful session key synchronization; the calling party terminal 101 analyzes the update parameter response message, determines that the session key synchronization is successful and obtains a target encryption algorithm, and then performs encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

Illustratively, the process of the called party terminal 102 implementing the method for encrypting the call may be: a called party terminal 102 receives an update parameter request message which is sent by a calling party terminal and carries first call encryption information; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the communication encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by a calling party terminal; the called party terminal 102 acquires the session key from the key server in response to the parameter updating request message to determine that the session key synchronization is successful, and determines a target encryption algorithm based on the parameter updating request message; the session key is stored in the key server after the calling party terminal applies to the key server; the called party terminal 102 sends an update parameter response message carrying second communication encryption information to the calling party terminal; wherein the second communication encryption information includes: indication information of successful session key synchronization and a target encryption algorithm.

In an exemplary embodiment, the application server 103 and the key server 104 may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be cloud servers providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, CDN (Content Delivery Network), big data, and an artificial intelligence platform.

Illustratively, the process of the application server 103 implementing the method for encrypting a call may be: the application server 103 receives a call request message carrying first indication information sent by a calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is confirmed to be in the specified network-resident state and supports the confidential call function, and the first indication information comprises: the calling party terminal supports the function of secret communication; the application server 103 inquires whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called party have signed a voice encryption service, and the called party terminal is in a specified network-resident state; the application server 103 forwards the call request message carrying the first indication information to the called party terminal under the condition that the calling party and the called party are determined to meet the first condition.

Illustratively, the process by which the key server 104 implements the method for encrypting a call may be: the key server 104 responds to a calling session key application sent by the calling party terminal, and sends a session key and corresponding key identification information to the calling party terminal; the calling session key application is sent by a calling party terminal under the condition that the calling party and a called party meet a call encryption condition; the key server 104 responds to a called session key application carrying key identification information and sent by the called party terminal, and sends a session key corresponding to the key identification information to the called party terminal; the called session key application is sent by the called party terminal in response to the request message for updating parameters sent by the calling party terminal.

Those skilled in the art will appreciate that the number of the calling party terminal 101, the called party terminal 102, the application server 103 and the key server 104 in fig. 1 is only illustrative, and any number of the calling party terminal 101, the called party terminal 102, the application server 103 and the key server 104 may be provided according to actual needs, and the disclosure is not limited thereto.

In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the steps of the method for encrypting a call in the exemplary embodiment of the present disclosure will be described in more detail below with reference to the drawings and the embodiments.

Fig. 2 shows a flowchart of a method for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be performed by the calling party terminal 101 as shown in fig. 1, but the present disclosure is not limited thereto.

As shown in fig. 2, a method for encrypting a call provided by an embodiment of the present disclosure may include the following steps.

Step S201, under the condition that the calling party and the called party are determined to meet the conversation encryption condition, applying for obtaining a conversation key and corresponding key identification information from a key server.

In some embodiments, the call encryption conditions may include: the calling party and the called party have signed a voice encryption service, the calling party terminal and the called party terminal are in an appointed network-resident state, and the calling party terminal and the called party terminal support a session-encrypting function. In some practical applications, the terminals (including the calling party terminal and the called party terminal) are in a specified network-residing state, which may be that the network resides on a 4G network or a 5G network; the function of supporting the secret talk may be a function of supporting Voice over LTE (Voice over LTE) encryption communication.

In some practical applications, if the calling party terminal determines that both parties (i.e. the calling party and the called party) do not satisfy the call encryption condition, the call encryption can be directly performed according to a common call flow, for example: the ordinary parameter updating request message is directly sent to the called party terminal without executing the step of requesting the session key and the corresponding key identification information from the key server, thereby avoiding unnecessary process steps.

In some embodiments, the step of applying for obtaining the session key and the corresponding key identification information from the key server may include: sending a calling session key application carrying call information to a key server so that the key server performs first authentication on a calling party based on the call information; wherein, the call information includes: a calling party number, a called party number and a session identifier; and receiving the session key and the key identification information returned by the key server after the first authentication is determined to pass.

The calling party terminal can determine whether the calling party and the called party meet the call encryption condition, and then send different signaling according to different conditions. For example, if the calling party terminal determines that both parties (i.e., the calling party and the called party) satisfy the call encryption condition, the method for encrypting a call according to the present disclosure and the called terminal may perform negotiation determination of an encryption algorithm and a session key; if the calling party terminal determines that the two parties do not meet the communication encryption condition, the subsequent processing can be carried out according to the common call flow, so that unnecessary negotiation is avoided, and communication delay caused by whether encrypted communication is carried out or not after call connection is avoided.

In this step, the session key and the key identification information applied for obtaining from the key server are paired, the key identification information may be used to synchronize the session key at the called party terminal in the subsequent step, and the session key may encrypt the communication data (such as voice data, image data, etc.) when the two parties actually communicate.

In some embodiments, before applying for obtaining the session key and the corresponding key identification information from the key server, the method for encrypting the call may further include determining that the calling party and the called party satisfy the call encryption condition according to the following method:

under the condition that a calling party terminal is in a designated network-resident state and supports a confidential call function, sending a call request message carrying first indication information to an application server, so that the application server forwards the call request message to a called party terminal under the condition that the calling party and the called party are determined to meet a first condition; wherein the first indication information may include: the calling party terminal supports the function of secret communication; the first condition may include: the calling party and the called party have signed voice encryption service, and the called party terminal is in a designated network-on state; receiving a call response message returned by the called party terminal in response to the call request message, and analyzing the call response message; under the condition that the call response message is analyzed to obtain second indication information, the calling party and the called party are determined to meet a call encryption condition; wherein the second indication information includes: the called party terminal supports the function of secret communication.

It can be seen from this embodiment that, after the calling party terminal receives the call response message returned by the called party terminal in response to the call request message, it can be determined whether both parties have satisfied the call encryption condition. In the process that the calling party terminal sends a calling request message to the called party terminal and the called party terminal returns a calling response message to the calling party terminal, the application server and the called party terminal can respectively undertake the judgment of each condition in the communication encryption conditions.

Specifically, the calling party terminal may determine whether the calling party terminal is in the designated network-resident state and whether the calling party terminal supports the private call function, the application server may determine whether both the calling party and the called party have signed the voice encryption service and whether the called party terminal is in the designated network-resident state, and the called party terminal may determine whether the called party terminal supports the private call function.

In addition, in some practical applications, the call request message in this embodiment may be a SIP (Session Initiation Protocol) request message with a request line method format of Invite, and the call response message may be a SIP response message with a status line status code of 183(Session progress, for prompting progress information for establishing a Session).

Step S203, sending a request message of updating parameters carrying first call encryption information to the called party terminal; wherein, the first conversation encryption information comprises: a first set of encryption algorithms and key identification information supported by the calling party terminal.

In this step, the update parameter request message may be sent to the application server, and then the application server forwards the update parameter request message to the called terminal.

In some practical applications, the first set of encryption algorithms supported by the calling party terminal may be obtained by querying by the calling party terminal itself, and the encryption algorithms may include, for example, a conventional block encryption algorithm, a national secret block encryption algorithm, and the like, which is not limited by the present disclosure.

In addition, in some practical applications, the Update parameter request message in this step may be a SIP request message in the format of Update (Update session parameter) of a request line method, where the request message means that the calling party terminal wishes to negotiate related parameter information with the called party terminal.

Step S205, receiving an update parameter response message which is returned by the called party terminal in response to the update parameter request message and carries the second communication encryption information; wherein the second communication encryption information includes: indication information of successful session key synchronization and a target encryption algorithm.

In this step, after receiving the update parameter request message carrying the first session encryption information, the called party terminal may synchronize the session key and return a corresponding update parameter response message, so that the calling party terminal knows the result of successful processing of the called party terminal after receiving the update parameter response message.

In some practical applications, the update parameter response message in this step may be a SIP response message with a status line status code of 200(OK, request success).

Step S207, analyzing the update parameter response message, determining that the session key synchronization is successful and obtaining a target encryption algorithm, and then carrying out encryption communication with the called party terminal based on the target encryption algorithm and the session key.

In this step, after the calling party terminal analyzes the updated parameter response message to obtain the session key synchronization success and obtain the target encryption algorithm, it can be confirmed that the called party terminal completes the session key synchronization, and the negotiated encryption algorithm of the two parties can be obtained from the response message returned by the called party terminal, so that the negotiated encryption algorithm and the session key can be used for subsequent call flow, thereby performing the encrypted call.

In the method for encrypted call provided by the present disclosure, on one hand, a calling party terminal and a called party terminal can respectively carry indication information of whether a local machine supports a secret call function in respective sent messages (including a request message and a response message); on the other hand, the application server can respond to the request message sent by the calling party terminal to inquire whether both the calling party and the called party have signed the voice encryption service, and whether the called party terminal is in the designated network-resident state, and carry out subsequent message forwarding processing; on the other hand, the calling party terminal and the called party terminal can respectively carry identification information related to the session key and the encryption algorithm in respective sent messages to negotiate the encryption algorithm and the session key, and then can use the negotiated encryption algorithm and the session key to perform subsequent call flow so as to realize encrypted call. Therefore, by the method for encrypting the call provided by the disclosure, the identification information such as the terminal capability, the network residing state, the key negotiation and the like can be carried in the call signaling (such as the IMS call signaling, including the request message and the response message) on the premise of not changing the existing voice (such as VoLTE) service mode and the user experience, and the identification information carried in the call signaling is processed in a terminal and network cooperation mode, so that the judgment on the terminal capability, the network residing state, the subscription service and the key negotiation information is realized, the normal call, connection and call of the terminal are ensured, the voice encryption service is realized, and the problem of communication delay is also avoided.

Based on the same inventive concept, under the network architecture shown in fig. 1, the embodiment of the present disclosure also provides a method for encrypted call, which may be applied to, but is not limited to, the called party terminal 102 shown in fig. 1, but the present disclosure is not limited thereto.

Fig. 3 shows a flowchart of a method for encrypting a call applied to a called party terminal in the embodiment of the present disclosure, and as shown in fig. 3, the method includes the following steps.

Step S301, receiving an update parameter request message carrying first call encryption information sent by a calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the communication encryption condition; the first call encryption information includes: a first set of encryption algorithms and key identification information supported by the calling party terminal.

In some embodiments, before receiving an update parameter request message carrying first call encryption information sent by a calling party terminal, the method for encrypting a call may further include: receiving a call request message which is forwarded by an application server and carries first indication information under the condition that a calling party and a called party meet a first condition; wherein, the call request message is sent by the calling party terminal, and the first indication information includes: the calling party terminal supports the function of secret communication; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in a designated network-on state; analyzing the call request message, responding to the first indication information obtained by analysis, and inquiring whether the called party terminal supports the secret call function or not; under the condition that the called party terminal is determined to support the encrypted call function, sending a call response message carrying second indication information to the calling party terminal; wherein the second indication information includes: the called party terminal supports the function of secret communication.

In some practical applications, if it is determined that the called party terminal is not subscribed to the voice encryption service and is in a specified network-resident state (e.g., in a 4G/5G state), the called party terminal may reply a normal 183 message to the application server; if it is confirmed that the called party terminal is not in the designated network-on state (e.g., in the 2G/3G state), the called party terminal may reply a ringing message (180) to the application server.

In some practical applications, if the called party terminal confirms that the local phone does not support the encrypted phone function, a call response message (e.g., a call response message in a normal call flow) that does not carry indication information related to the encrypted phone function may be sent to the calling party terminal.

Step S303, obtaining a session key from a key server in response to the update parameter request message to determine that the session key is successfully synchronized, and determining a target encryption algorithm based on the update parameter request message; the session key is stored in the key server after the calling party terminal applies to the key server.

In some embodiments, obtaining the session key from the key server in response to the update parameter request message comprises: analyzing the update parameter request message to obtain a first encryption algorithm set and key identification information supported by the calling party terminal; sending a called session key application carrying the calling information and the key identification information to a key server so that the key server performs second authentication on the called party based on the calling information; wherein, the call information includes: a calling party code number, a called party code number and a session identifier; and receiving the session key returned by the key server based on the key identification information after the second authentication is determined to pass.

In some embodiments, determining the target encryption algorithm based on the update parameter request message comprises: inquiring a second encryption algorithm set supported by the called party terminal; a target encryption algorithm is determined based on the first set of encryption algorithms and the second set of encryption algorithms.

Step S305, sending an update parameter response message carrying second communication encryption information to the calling party terminal; wherein the second communication encryption information includes: indication information of successful session key synchronization and a target encryption algorithm.

Therefore, by the method for encrypting the call provided by the disclosure, the identification information such as the terminal capability, the network residing state, the key negotiation and the like can be carried in the call signaling (such as the IMS call signaling, including the request message and the response message) on the premise of not changing the existing voice (such as VoLTE) service mode and the user experience, and the identification information carried in the call signaling is processed in a terminal and network cooperation mode, so that the judgment on the terminal capability, the network residing state, the subscription service and the key negotiation information is realized, the normal call, connection and call of the terminal are ensured, the voice encryption service is realized, and the problem of communication delay is also avoided.

Other contents of the embodiment of fig. 3 may refer to the other embodiments described above, and are not described herein again.

Based on the same inventive concept, under the network architecture shown in fig. 1, the embodiment of the present disclosure further provides a method for encrypted call, which can be applied to, but is not limited to, the application server 103 shown in fig. 1, but the present disclosure is not limited thereto.

Fig. 4 is a flowchart illustrating a method for encrypting a call applied to an application server in the embodiment of the present disclosure, and as shown in fig. 4, the method includes the following steps.

Step S401, receiving a call request message carrying first indication information sent by a calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is confirmed to be in the specified network-resident state and supports the confidential call function, and the first indication information comprises: the calling party terminal supports the function of secret communication.

Step S403, inquiring whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called party have signed the voice encryption service, and the called party terminal is in the designated network-on state.

In some embodiments, querying whether the calling party and the called party satisfy the first condition comprises: inquiring a unified data management network element (UDM) and/or a Home Subscriber Server (HSS) to obtain user signing data of a calling party and a called party and obtain the current network residence condition of a called party terminal; judging whether a calling party and a called party sign a voice encryption service according to user signed data, and judging whether a called party terminal is in an appointed network-residing state according to the current network-residing condition; wherein, the network residing state comprises: and the network is resident on a 4G network or a 5G network.

Step S405, under the condition that the calling party and the called party are determined to meet the first condition, the calling request message carrying the first indication information is forwarded to the called party terminal.

In some embodiments, the method for encrypting a call further comprises: under the condition that the calling party and the called party are determined not to meet the first condition, removing the first indication information in the call request message to obtain a common call request message; and forwarding the common call request message to the called party terminal.

In this embodiment, if the application server determines that the calling party and the called party do not satisfy the first condition, the first indication information in the call request message sent by the calling party terminal may be deleted, because the ordinary called party terminal that does not satisfy the first condition cannot generally process the indication information carried in the call request message, and deleting the first indication information may make the ordinary call request message obtained after deletion consistent with a message structure in an ordinary call flow, thereby facilitating the ordinary called party terminal to perform message receiving processing.

In some embodiments, the application server is further configured to forward messages (including request messages and reply messages) between the calling party terminal and the called party terminal, including: and forwarding a call response message and an update parameter response message which are sent by the called party terminal to the calling party terminal.

Other contents of the embodiment in fig. 4 may refer to the other embodiments described above, and are not described herein again.

Based on the same inventive concept, under the network architecture shown in fig. 1, the embodiment of the present disclosure also provides a method for encrypting a call, which can be applied to, but is not limited to, the key server 104 shown in fig. 1, but the present disclosure is not limited thereto.

Fig. 5 is a flowchart illustrating a method for encrypting a call applied to a key server in an embodiment of the present disclosure, where the method includes the following steps, as shown in fig. 5.

Step S501, responding to a calling session key application sent by a calling party terminal, and sending a session key and corresponding key identification information to the calling party terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party are determined to meet the call encryption condition.

In some embodiments, in response to a calling session key application sent by a calling party terminal, sending a session key and corresponding key identification information to the calling party terminal, including: receiving a calling session key application carrying calling information sent by a calling party terminal; wherein, the call information includes: a calling party number, a called party number and a session identifier; performing first authentication on the calling party based on the calling information; after the first authentication is determined to pass, generating and storing a session key and corresponding key identification information; and sending the session key and the key identification information to the calling party terminal.

In this embodiment, the first authentication may be, for example, inquiring the application server based on the call information in the calling session key application to implement authentication, and the inquiry content may be, for example, whether the calling party and the called party in the current session sign a secure session service or not. After the first authentication passes, the key server may establish a mapping relationship with the calling party code number, the called party code number, and the session identifier (e.g., VoLTE session ID), and then securely return the session key and the key identifier information to the calling party terminal by using a protection mechanism of the network operator.

Step S503, responding to the called session key application carrying the key identification information sent by the called party terminal, and sending the session key corresponding to the key identification information to the called party terminal; the called session key application is sent by the called party terminal in response to the request message for updating parameters sent by the calling party terminal.

In some embodiments, in response to a called session key application carrying key identification information and sent by a called party terminal, sending a session key corresponding to the key identification information to the called party terminal, includes: receiving a called session key application carrying call information and key identification information sent by a called party terminal; wherein, the call information includes: a calling party number, a called party number and a session identifier; performing second authentication on the called party based on the calling information; after the second authentication is determined to pass, determining a session key corresponding to the key identification information; and sending the session key to the called party terminal.

In this embodiment, the second authentication may be, for example, to perform an inquiry to the application server based on the call information in the called session key application to implement the authentication, and the inquiry content may be, for example, whether the calling party and the called party in the session sign a close session service or not. After the second authentication passes, the key server may perform an inquiry based on the mapping relationship established in the previous step to obtain a session key corresponding to the key identification information, and then securely return the session key to the calling party terminal by using a protection mechanism of a network operator.

Other contents of the embodiment in fig. 5 may refer to the other embodiments described above, and are not described herein again.

Fig. 6 shows an interaction flow diagram of a method for encrypting a call according to one embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be performed by the calling party terminal 101, the called party terminal 102, the application server 103, and the key server 104 as shown in fig. 1, but the present disclosure is not limited thereto, and as shown in fig. 6, the method may include the following steps.

Step S01, the calling party terminal sends an SIP invite message (call request message) carrying the indication of the VoLTE voice encryption function supported by the local terminal to the application server.

And step S02, the application server judges the signing situation of the calling and called number, and inquires the 4G/5G network-resident state of the called terminal to the HSS/UDM.

Step S03, when the application server determines that the calling party and the called party satisfy the first condition, the application server forwards the SIP invite message containing the indication information (the calling party terminal supports the VoLTE voice encryption function) to the called party terminal. Wherein the first condition comprises: the calling party and the called party have signed the voice encryption service, and the called party terminal is in the designated network-on state.

In step S04, the called party terminal parses the SIP invite message containing the indication information.

Step S05, the called party terminal sends a 183session progress message (call answer message) carrying the indication of the VoLTE voice encryption supported by the local machine to the application server.

Step S06, the application server forwards the 183session progress message to the calling party terminal.

Step S07, the calling party terminal parses the 183session message containing the indication information.

Step S08, when the calling party terminal determines that the called party terminal also supports the voice encryption function, the calling party terminal applies for a session key (carrying the calling and called numbers and the SIP session ID) from the key server.

Step S09, the key server performs authentication to generate a session key and a key identifier.

Step S10, the key server securely returns the session key and the key identifier to the calling party terminal.

Step S11, the calling party terminal sends an SIP update message (update parameter request message) carrying the encryption algorithm and key identification information supported by the local device to the application server.

Step S12, the application server forwards the SIP update message to the called party terminal.

In step S13, the called party terminal parses the SIP update message containing the indication information.

In step S14, the called party terminal applies for a session key (carrying the number of the calling and called party, SIP session ID and key identification information) from the key server.

And step S15, the key server carries out authentication and obtains the session key requested by the calling party terminal based on the key identification information matching.

In step S16, the key server securely returns the session key to the called party terminal.

In step S17, the called party terminal determines the encryption algorithm of the session.

Step S18, the called party terminal returns a SIP update 200 OK message (update parameter response message) to the application server, and the SIP update 200 OK message may carry the current session encryption algorithm and the session key synchronization success indication information.

Step S19, the application server forwards the SIP update 200 OK message carrying the indication information to the calling party terminal.

Step S20, the calling party terminal analyzes the SIP update 200 OK, and determines that the session is a VoLTE encrypted call.

Then, the calling party terminal and the called party terminal can perform subsequent call flow and VoLTE encrypted conversation by using the encryption algorithm and the session key determined in the process.

Other contents of the embodiment of fig. 6 may refer to the other embodiments described above, and are not described herein again.

Fig. 7 shows a flowchart of a method for encrypting a call according to still another embodiment of the present disclosure, which may include the following steps, as shown in fig. 7.

Firstly, the calling and called terminals respectively carry the indication of the VoLTE encryption function supported by the local terminal in the SIP message (including the call request message and the call response message). The calling party terminal is inserted into a relevant field of the SIP invite message (call request message). The called party terminal determines whether the VoLTE encryption function indication exists in the received calling invite message or not, if the calling invite message contains the VoLTE encryption function indication and the called party confirms that the local machine supports the function, the indication that the local machine supports the VoLTE encryption function is inserted into a returned 183session progress message (call response message) field, otherwise, the local machine VoLTE encryption function indication is not inserted.

Secondly, the application server can firstly inquire according to the calling and called numbers to judge whether the user signs a contract or not. If the user signs a contract and the calling invite message carries a local VoLTE encryption function indication, the network-resident state of the called party terminal can be inquired to a called subscriber database HSS/UDM, and if the network is in a 4G/5G network state, the calling invite message is forwarded to the called party terminal by the application server; otherwise, the application server deletes the secret call supporting function indication carried in the calling invite message, and then performs normal call message forwarding.

Thirdly, the calling party terminal analyzes and judges 183session progress messages returned by the called party terminal, and if the 183session progress messages of the called party carry VoLTE encryption function instructions, the calling party terminal applies for a session key to a key server; if not, the normal call flow is continued.

Then, after the calling party terminal applies for the session key, the key identifier and the encryption algorithm information supported by the local machine may be carried in the update message (update parameter request message) sent to the called party terminal.

Then, the called party terminal analyzes and judges the received calling update message, and if the calling update message carries the key identification information, the called party terminal can apply the same session key as the calling party to the key server.

Then, after the called party terminal applies for the session key, the determined encryption algorithm and the information that the session key synchronization is successful can be inserted into the SIP update 200 ok message (update parameter response message) sent to the calling party terminal.

And finally, after the calling party terminal receives and analyzes the SIP update 200 ok message, the session can be determined to be VoLTE encrypted conversation, and the calling party and the called party can continue the subsequent call flow to realize the VoLTE encrypted conversation.

Other contents of the embodiment of fig. 7 may refer to the other embodiments described above, and are not described herein again.

It is to be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to an exemplary embodiment of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.

Fig. 8 is a block diagram illustrating an apparatus for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure. As shown in fig. 8, an apparatus 800 for encrypting a call includes:

a first key obtaining module 801, configured to apply for obtaining a session key and corresponding key identification information from a key server under the condition that it is determined that a calling party and a called party satisfy a call encryption condition;

a first sending module 802, configured to send a parameter update request message carrying first session encryption information to a called party terminal; wherein, the first conversation encryption information comprises: a first encryption algorithm set and key identification information supported by a calling party terminal;

a first receiving module 803, configured to receive an update parameter response message carrying second session encryption information, which is returned by the called party terminal in response to the update parameter request message; wherein the second communication encryption information includes: indication information and a target encryption algorithm of successful session key synchronization;

the analysis module 804 is configured to analyze the update parameter response message, determine that the session key is successfully synchronized, obtain a target encryption algorithm, and further perform an encrypted call with the called party terminal based on the target encryption algorithm and the session key.

Other aspects of the embodiment of fig. 8 may be found in relation to other embodiments described above.

Fig. 9 is a block diagram illustrating an apparatus for encrypting a call applied to a called party terminal in an embodiment of the present disclosure. As shown in fig. 9, the apparatus 900 for encrypting a call includes:

a second receiving module 901, configured to receive a parameter updating request message carrying first session encryption information sent by a calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the communication encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by a calling party terminal;

a second key obtaining module 902, configured to obtain a session key from the key server in response to the update parameter request message, to determine that synchronization of the session key is successful, and determine a target encryption algorithm based on the update parameter request message; the session key is stored in the key server after the calling party terminal applies to the key server;

a second sending module 903, configured to send an update parameter response message carrying second communication encryption information to the calling party terminal; wherein the second communication encryption information includes: indication information of successful session key synchronization and a target encryption algorithm.

Other aspects of the embodiment of fig. 9 may be found in relation to other embodiments described above.

Fig. 10 shows a block diagram of an apparatus for encrypting a call applied to an application server in an embodiment of the present disclosure. As shown in fig. 10, the apparatus 1000 for encrypting a call includes:

a third receiving module 1001, configured to receive a call request message carrying the first indication information and sent by a calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is confirmed to be in the specified network-resident state and supports the confidential call function, and the first indication information comprises: the calling party terminal supports the function of secret communication;

the query module 1002 is configured to query whether a calling party and a called party satisfy a first condition; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in a designated network-on state;

a third sending module 1003, configured to forward the call request message carrying the first indication information to the called party terminal when it is determined that the calling party and the called party satisfy the first condition.

Other aspects of the embodiment of fig. 10 may be found in relation to other embodiments described above.

Fig. 11 is a block diagram illustrating an apparatus for encrypting a call applied to a key server in an embodiment of the present disclosure. As shown in fig. 11, an apparatus 1100 for encrypting a call includes:

a fourth sending module 1101, configured to send a session key and corresponding key identification information to a calling party terminal in response to a calling party session key application sent by the calling party terminal; the calling session key application is sent by a calling party terminal under the condition that the calling party and a called party meet a call encryption condition; and the number of the first and second groups,

the fourth sending module 1101 is further configured to send a session key corresponding to the key identification information to the called party terminal in response to a called session key application carrying the key identification information and sent by the called party terminal; the called session key application is sent by the called party terminal in response to the request message for updating parameters sent by the calling party terminal.

Other aspects of the embodiment of fig. 11 may be found in relation to other embodiments described above.

As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Accordingly, various aspects of the present invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.

Fig. 12 shows a block diagram of a computer device for encrypting a call in an embodiment of the present disclosure. It should be noted that the illustrated electronic device is only an example, and should not bring any limitation to the functions and the scope of the embodiments of the present invention.

An electronic device 1200 according to this embodiment of the invention is described below with reference to fig. 12. The electronic device 1200 shown in fig. 12 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.

As shown in fig. 12, the electronic device 1200 is embodied in the form of a general purpose computing device. The components of the electronic device 1200 may include, but are not limited to: the at least one processing unit 1210, the at least one memory unit 1220, and a bus 1230 connecting the various system components including the memory unit 1220 and the processing unit 1210.

Wherein the memory unit stores program code that is executable by the processing unit 1210 such that the processing unit 1210 performs steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present specification. For example, the processing unit 1210 may perform a method as shown in fig. 2.

The storage unit 1220 may include a readable medium in the form of a volatile memory unit, such as a random access memory unit (RAM)12201 and/or a cache memory unit 12202, and may further include a read only memory unit (ROM) 12203.

Storage unit 1220 may also include a program/utility 12204 having a set (at least one) of program modules 12205, such program modules 12205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Bus 1230 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 1200 may also communicate with one or more external devices 1300 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1200, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 1200 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 1250. Also, the electronic device 1200 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 1260. As shown, the network adapter 1260 communicates with the other modules of the electronic device 1200 via the bus 1230. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 1200, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary method" of this description, when said program product is run on said terminal device.

According to the program product for implementing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.

Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. A method for encrypting a call, applied to a calling party terminal, comprising:

under the condition that the calling party and the called party are determined to meet the call encryption condition, applying to a key server to obtain a session key and corresponding key identification information;

sending a parameter updating request message carrying first call encryption information to a called party terminal; wherein the first call encryption information includes: a first encryption algorithm set supported by the calling party terminal and the key identification information;

receiving an update parameter response message which is returned by the called party terminal in response to the update parameter request message and carries second communication encryption information; wherein the second communication encryption information comprises: indication information and a target encryption algorithm of successful session key synchronization;

and analyzing the update parameter response message, determining that the session key is successfully synchronized, obtaining the target encryption algorithm, and carrying out encryption communication with the called party terminal based on the target encryption algorithm and the session key.

2. The method of claim 1, wherein the call encryption conditions comprise: the calling party and the called party are signed with voice encryption services, the calling party terminal and the called party terminal are in an appointed network-resident state, and the calling party terminal and the called party terminal both support a secret call function;

the method further comprises the following steps of determining that the calling party and the called party meet the call encryption condition:

under the condition that the calling party terminal is in a designated network-resident state and supports a confidential call function, sending a call request message carrying first indication information to an application server, so that the application server forwards the call request message to the called party terminal under the condition that the calling party and the called party are determined to meet a first condition; wherein the first indication information includes: the calling party terminal supports the function of encrypted call; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in an appointed network-residing state;

receiving a call response message returned by the called party terminal in response to the call request message, and analyzing the call response message;

under the condition of analyzing the call response message to obtain second indication information, determining that the calling party and the called party meet a call encryption condition; wherein the second indication information includes: the called party terminal supports the function of secret communication.

3. The method of claim 1 or 2, wherein applying for obtaining the session key and the corresponding key identification information from the key server comprises:

sending a calling session key application carrying call information to the key server so that the key server performs first authentication on the calling party based on the call information; wherein the call information includes: a calling party number, a called party number and a session identifier;

and receiving the session key and the key identification information returned by the key server after the first authentication is determined to pass.

4. A method for encrypting a call, applied to a called party terminal, comprises:

receiving a parameter updating request message which is sent by a calling party terminal and carries first call encryption information; the updating parameter request message is sent by the calling party terminal under the condition that the calling party and the called party are determined to meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal;

acquiring a session key from a key server in response to the update parameter request message to determine that the session key synchronization is successful, and determining a target encryption algorithm based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server;

sending an update parameter response message carrying second communication encryption information to the calling party terminal; wherein the second communication encryption information comprises: and indicating information that the session key is successfully synchronized and the target encryption algorithm.

5. The method according to claim 4, wherein before receiving the update parameter request message carrying the first session encryption information sent by the calling party terminal, the method further comprises:

receiving a call request message which is forwarded by an application server and carries first indication information under the condition that a calling party and a called party meet a first condition; wherein the call request message is sent by the calling party terminal, and the first indication information includes: the calling party terminal supports the function of secret communication; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in a designated network-on state;

analyzing the call request message, responding to the first indication information obtained by analysis, and inquiring whether the called party terminal supports a secret call function or not;

under the condition that the called party terminal is determined to support the secret call function, sending a call response message carrying second indication information to the calling party terminal; wherein the second indication information includes: the called party terminal supports the function of secret communication.

6. The method of claim 4 or 5, wherein obtaining a session key from a key server in response to the update parameter request message comprises:

analyzing the update parameter request message to obtain the first encryption algorithm set and the key identification information supported by the calling party terminal;

sending a called session key application carrying call information and the key identification information to the key server so that the key server performs second authentication on a called party based on the call information; wherein the call information includes: a calling party code number, a called party code number and a session identifier;

and receiving the session key returned by the key server based on the key identification information after the second authentication is determined to pass.

7. The method of claim 6, wherein determining a target encryption algorithm based on the update parameter request message comprises:

inquiring a second encryption algorithm set supported by the called party terminal;

determining a target encryption algorithm based on the first set of encryption algorithms and the second set of encryption algorithms.

8. A method for encrypting a call, applied to an application server, comprising:

receiving a call request message which is sent by a calling party terminal and carries first indication information; wherein, the call request message is sent by the calling party terminal under the condition that the calling party terminal is confirmed to be in a specified network-resident state and supports a secret phone function, and the first indication information includes: the calling party terminal supports the function of secret communication;

inquiring whether a calling party and a called party meet a first condition; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in an appointed network-residing state;

and under the condition that the calling party and the called party are determined to meet a first condition, forwarding the call request message carrying the first indication information to the called party terminal.

9. The method of claim 8, wherein querying whether the calling party and the called party satisfy the first condition comprises:

inquiring a unified data management network element (UDM) and/or a Home Subscriber Server (HSS) to obtain user signing data of the calling party and the called party and obtain the current network residence situation of the called party terminal;

judging whether the calling party and the called party sign the voice encryption service according to the user signing data, and judging whether the called party terminal is in an appointed network-residing state according to the current network-residing condition; wherein, the network residing state comprises: and the network is resident on a 4G network or a 5G network.

10. The method of claim 8, further comprising:

under the condition that the calling party and the called party are determined not to meet a first condition, removing the first indication information in the call request message to obtain a common call request message;

and forwarding the common call request message to the called party terminal.

11. A method for encrypting a call, applied to a key server, comprising:

responding to a calling session key application sent by a calling party terminal, and sending a session key and corresponding key identification information to the calling party terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet a call encryption condition; and the number of the first and second groups,

responding to a called session key application carrying the key identification information and sent by a called party terminal, and sending the session key corresponding to the key identification information to the called party terminal; the called session key application is sent by the called party terminal in response to a parameter updating request message sent by the calling party terminal.

12. The method of claim 11, wherein sending a session key and corresponding key identification information to a calling party terminal in response to a calling session key application sent by the calling party terminal, comprises:

receiving a calling session key application carrying calling information sent by a calling party terminal; wherein the call information includes: a calling party number, a called party number and a session identifier;

performing first authentication on the calling party based on the calling information;

after the first authentication is determined to pass, generating and storing a session key and corresponding key identification information;

and sending the session key and the key identification information to the calling party terminal.

13. The method of claim 11, wherein sending the session key corresponding to the key identification information to the called party terminal in response to a called session key application carrying the key identification information sent by the called party terminal comprises:

receiving a called session key application carrying call information and the key identification information and sent by a called party terminal; wherein the call information includes: a calling party number, a called party number and a session identifier;

performing second authentication on the called party based on the calling information;

after the second authentication is determined to pass, determining the session key corresponding to the key identification information;

and sending the session key to the called party terminal.

14. An apparatus for encrypting a call, applied to a calling party terminal, comprising:

the first key acquisition module is used for applying for acquiring a session key and corresponding key identification information from a key server under the condition that a calling party and a called party are determined to meet a call encryption condition;

the first sending module is used for sending a parameter updating request message carrying first call encryption information to the called party terminal; wherein the first call encryption information includes: a first encryption algorithm set supported by the calling party terminal and the key identification information;

a first receiving module, configured to receive an update parameter response message carrying second session encryption information, where the update parameter response message is returned by the called party terminal in response to the update parameter request message; wherein the second communication encryption information comprises: indication information and a target encryption algorithm of successful session key synchronization;

and the analysis module is used for analyzing the update parameter response message, determining that the session key is successfully synchronized and obtaining the target encryption algorithm, and further carrying out encryption conversation with the called party terminal based on the target encryption algorithm and the session key.

15. An apparatus for encrypting a call, applied to a called party terminal, comprising:

the second receiving module is used for receiving a parameter updating request message which is sent by the calling party terminal and carries the first call encryption information; the updating parameter request message is sent by the calling party terminal under the condition that the calling party and the called party are determined to meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal;

the second key acquisition module is used for responding to the update parameter request message to acquire a session key from a key server so as to determine that the session key is successfully synchronized and determine a target encryption algorithm based on the update parameter request message; the session key is stored in the key server after the calling party terminal applies for the key server;

the second sending module is used for sending an update parameter response message carrying second communication encryption information to the calling party terminal; wherein the second communication encryption information comprises: and indicating information that the session key is successfully synchronized and the target encryption algorithm.

16. An apparatus for encrypting a call, applied to an application server, comprising:

the third receiving module is used for receiving a call request message which is sent by the calling party terminal and carries the first indication information; wherein, the call request message is sent by the calling party terminal under the condition that the calling party terminal is confirmed to be in a specified network-resident state and supports a secret phone function, and the first indication information includes: the calling party terminal supports the function of secret communication;

the query module is used for querying whether the calling party and the called party meet a first condition or not; the first condition includes: the calling party and the called party have signed voice encryption service, and the called party terminal is in an appointed network-residing state;

a third sending module, configured to forward the call request message carrying the first indication information to the called party terminal when it is determined that the calling party and the called party satisfy the first condition.

17. An apparatus for encrypting a call, applied to a key server, comprising:

a fourth sending module, configured to send a session key and corresponding key identification information to a calling party terminal in response to a calling party session key application sent by the calling party terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet a call encryption condition; and the number of the first and second groups,

the fourth sending module is further configured to send the session key corresponding to the key identification information to the called party terminal in response to a called session key application carrying the key identification information and sent by the called party terminal; the called session key application is sent by the called party terminal in response to a parameter updating request message sent by the calling party terminal.

18. A system for encrypting a call, the system comprising: a calling party terminal, a called party terminal, an application server and a key server;

a calling party terminal configured to perform the method for encrypting a call according to any one of claims 1 to 3;

a called party terminal configured to perform the method for encrypting a call according to any one of claims 4 to 7;

an application server configured to perform the method for encrypting a call according to any one of claims 8 to 10;

a key server configured to perform the method for encrypting a call according to any one of claims 11 to 13.

19. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method for encrypting a call as claimed in any one of claims 1 to 13.

20. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out a method for encrypting a call as claimed in any one of claims 1 to 13.