CN115022024B

CN115022024B - Method and device for encrypting call, storage medium and electronic equipment

Info

Publication number: CN115022024B
Application number: CN202210610240.8A
Authority: CN
Inventors: 郭茂文; 卢燕青; 张�荣; 黎艳; 叶佥昱; 胡鹏
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-05-31
Filing date: 2022-05-31
Publication date: 2023-09-29
Anticipated expiration: 2042-05-31
Also published as: CN115022024A

Abstract

The disclosure provides a method, a device, an electronic device and a storage medium for encrypting a call, wherein the method comprises the following steps: under the condition that the calling party and the called party meet the call encryption condition, applying for obtaining a session key and key identification information from a key server; sending an update parameter request message carrying a first encryption algorithm set supported by the calling party terminal and key identification information to the called party terminal; receiving indication information which is returned by the called party terminal in response to the parameter updating request message and carries successful session key synchronization and a parameter updating response message of a target encryption algorithm; and analyzing the updated parameter response message, determining that the session key is successfully synchronized, acquiring a target encryption algorithm, and further carrying out encrypted communication with the called party terminal based on the target encryption algorithm and the session key. The method can realize the judgment of terminal capability, state and key negotiation information by carrying relevant information in call signaling, thereby ensuring the normal call, connection and conversation of the VoLTE terminal.

Description

Method and device for encrypting call, storage medium and electronic equipment

Technical Field

The disclosure relates to the technical field of mobile communication, and in particular relates to a method and a device for encrypting a call, a storage medium and electronic equipment.

Background

VoLTE (Voice over Long Term Evolution, long term evolution voice bearer) is a high-speed wireless communication standard. It may enable voice data to be transmitted in an LTE data bearer network based on an IMS (Internet Protocol Multimedia Subsystem ) network. While the VoLTE provides voice data transmission service, how to ensure the security of VoLTE voice data transmission is an urgent problem to be solved. The common VoLTE voice secret call technical scheme comprises the following two types: (1) carrying key agreement information in IMS call signaling. (2) After the call is put through, key agreement is carried out by using the media stream of the user plane. If the negotiation is successful, entering a secret talk state; if the negotiation fails, the clear call continues to be maintained.

In the related art, the problem that the caller cannot determine whether the called terminal supports the VoLTE voice encryption service and the caller cannot determine whether the called terminal resides in the 4G/5G network during the call exists in the scheme (1). In the scheme (2), there is a problem of a secure communication delay, and the party initiating the key agreement cannot determine whether the counterpart terminal resides in the 4G/5G network.

It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.

Disclosure of Invention

The present disclosure aims to provide a method, an apparatus, an electronic device and a storage medium for encrypting a call, which at least overcome the problems that in the related art, the state of a called terminal cannot be determined and a secret communication is delayed during a call to some extent.

Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.

According to one aspect of the present disclosure, there is provided a method for encrypting a call, applied to a calling party terminal, including: under the condition that the calling party and the called party meet the call encryption condition, applying for obtaining a session key and corresponding key identification information from a key server; sending an updating parameter request message carrying first call encryption information to a called party terminal; wherein the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; receiving an updating parameter response message carrying second session encryption information returned by the called party terminal in response to the updating parameter request message; wherein the second session encryption information includes: indication information of successful session key synchronization and a target encryption algorithm; and analyzing the updated parameter response message, determining that the session key is successfully synchronized, acquiring a target encryption algorithm, and further carrying out encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

In one embodiment of the present disclosure, the call encryption conditions include: the calling party and the called party Fang Jun sign up for voice encryption service, the calling party terminal and the called party terminal are in a specified network-resident state, and the calling party terminal and the called party terminal support a secret call function; the method further comprises the step of determining that the calling party and the called party meet call encryption conditions according to the following method: under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, sending a call request message carrying first indication information to an application server, so that the application server forwards the call request message to a called party terminal under the condition that a first condition of a calling party and a called party Fang Manzu is determined; wherein the first indication information includes: the calling party terminal supports a secret call function; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state; receiving a call response message returned by the called party terminal in response to the call request message, and analyzing the call response message; under the condition that the call response message is analyzed to obtain second indication information, determining that the calling party and the called party meet the call encryption condition; wherein the second indication information includes: the called party terminal supports the secret talk function.

In one embodiment of the present disclosure, applying for obtaining a session key and corresponding key identification information from a key server includes: sending a calling session key application carrying calling information to a key server so that the key server carries out first authentication on a calling party based on the calling information; wherein, the call information includes: calling party number, called Fang Ma number and session identification; the receiving key server returns the session key and key identification information after determining that the first authentication passes.

According to another aspect of the present disclosure, there is provided a method for encrypting a call, applied to a called party terminal, including: receiving an updating parameter request message carrying first call encryption information sent by a calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; acquiring a session key from a key server in response to the update parameter request message to determine that session key synchronization is successful, and determining a target encryption algorithm based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server; sending an updating parameter response message carrying second session encryption information to the calling party terminal; wherein the second session encryption information includes: the indication information of successful session key synchronization and the target encryption algorithm.

In one embodiment of the present disclosure, before receiving the update parameter request message carrying the first call encryption information sent by the calling party terminal, the method further includes: receiving a call request message carrying first indication information forwarded by an application server under the condition that a first condition of a calling party and a called party Fang Manzu is determined; wherein the call request message is sent by the calling party terminal, and the first indication information comprises: the calling party terminal supports a secret call function; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state; analyzing the call request message, and inquiring whether the called party terminal supports the secret call function or not in response to the first indication information obtained by analysis; under the condition that the called party terminal supports the secret call function, sending a call response message carrying second indication information to the calling party terminal; wherein the second indication information includes: the called party terminal supports the secret talk function.

In one embodiment of the present disclosure, obtaining a session key from a key server in response to an update parameter request message includes: analyzing the parameter updating request message to obtain a first encryption algorithm set and key identification information supported by the calling party terminal; sending a called session key application carrying call information and key identification information to a key server so that the key server authenticates the called Fang Jinhang based on the call information; wherein, the call information includes: calling party number, called Fang Ma number and session identification; the receiving key server returns a session key based on the key identification information after determining that the second authentication passes.

In one embodiment of the present disclosure, determining a target encryption algorithm based on an update parameter request message includes: inquiring a second encryption algorithm set supported by the called party terminal; a target encryption algorithm is determined based on the first set of encryption algorithms and the second set of encryption algorithms.

According to yet another aspect of the present disclosure, there is provided a method for encrypting a call, applied to an application server, including: receiving a call request message carrying first indication information sent by a calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, and the first indication information comprises: the calling party terminal supports a secret call function; inquiring whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state; in case a first condition of the calling party and the called Fang Manzu is determined, forwarding a call request message carrying a first indication information to the called party terminal.

In one embodiment of the present disclosure, querying whether the calling party and the called party satisfy a first condition includes: inquiring a unified data management network element (UDM) and/or a Home Subscriber Server (HSS) to obtain user subscription data of a calling party and a called party, and obtaining the current network residence condition of a terminal of the called party; judging whether the calling party signs voice encryption service with the called party according to the user signing data, and judging whether the called party terminal is in a specified network residence state according to the current network residence condition; wherein the at the designated resident network state comprises: the residing network is on a 4G network or a 5G network.

In one embodiment of the present disclosure, the method for encrypting a call further comprises: removing the first indication information in the call request message to obtain a common call request message under the condition that the calling party and the called party are determined not to meet the first condition; and forwarding the common call request message to the called party terminal.

According to yet another aspect of the present disclosure, there is provided a method for encrypting a call, applied to a key server, including: responding to a calling session key application sent by a calling terminal, and sending a session key and corresponding key identification information to the calling terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; responding to a called session key application carrying key identification information sent by a called party terminal, and sending a session key corresponding to the key identification information to the called party terminal; the called party terminal responds to the update parameter request message sent by the calling party terminal.

In one embodiment of the present disclosure, in response to a caller session key application sent by a caller terminal, sending a session key and corresponding key identification information to the caller terminal includes: receiving a calling session key application carrying calling information sent by a calling party terminal; wherein, the call information includes: calling party number, called Fang Ma number and session identification; performing first authentication on the calling party based on the call information; after determining that the first authentication passes, generating and storing a session key and corresponding key identification information; and sending the session key and the key identification information to the calling party terminal.

In one embodiment of the present disclosure, in response to a called session key application carrying key identification information sent by a called party terminal, sending a session key corresponding to the key identification information to the called party terminal, including: receiving a called session key application carrying call information and key identification information sent by a called party terminal; wherein, the call information includes: calling party number, called Fang Ma number and session identification; authenticating the called Fang Jinhang second authentication based on the call information; after the second authentication is confirmed to pass, a session key corresponding to the key identification information is confirmed; and sending the session key to the called party terminal.

According to still another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to a calling party terminal, including: the first key acquisition module is used for applying for obtaining a session key and corresponding key identification information from the key server under the condition that the calling party and the called party are determined to meet the call encryption condition; the first sending module is used for sending an updating parameter request message carrying first call encryption information to the called party terminal; wherein the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; the first receiving module is used for receiving an updating parameter response message carrying second session encryption information returned by the called party terminal in response to the updating parameter request message; wherein the second session encryption information includes: indication information of successful session key synchronization and a target encryption algorithm; and the analysis module is used for analyzing the updated parameter response message, determining that the session key is successfully synchronized and obtaining a target encryption algorithm, and further carrying out encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

According to still another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to a called party terminal, including: the second receiving module is used for receiving an update parameter request message carrying the first call encryption information sent by the calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; the second key acquisition module is used for responding to the update parameter request message to acquire the session key from the key server so as to determine that the session key is successfully synchronized, and determining a target encryption algorithm based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server; the second sending module is used for sending an updating parameter response message carrying second communication encryption information to the calling party terminal; wherein the second session encryption information includes: the indication information of successful session key synchronization and the target encryption algorithm.

According to yet another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to an application server, including: the third receiving module is used for receiving a call request message carrying first indication information sent by the calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, and the first indication information comprises: the calling party terminal supports a secret call function; the inquiry module is used for inquiring whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state; and a third sending module, configured to forward the call request message carrying the first indication information to the called party terminal if the first condition of the calling party and the called party Fang Manzu is determined.

According to yet another aspect of the present disclosure, there is provided an apparatus for encrypting a call, applied to a key server, including: a fourth sending module, configured to send a session key and corresponding key identification information to the calling party terminal in response to a calling session key application sent by the calling party terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the fourth sending module is further used for responding to a called session key application carrying key identification information sent by the called party terminal and sending a session key corresponding to the key identification information to the called party terminal; the called party terminal responds to the update parameter request message sent by the calling party terminal.

According to yet another aspect of the present disclosure, there is provided a system for encrypting a call, the system comprising: the system comprises a calling party terminal, a called party terminal, an application server and a key server; a calling party terminal configured to perform a method for encrypting a call applied to the calling party terminal; a called party terminal configured to perform a method for encrypting a call applied to the called party terminal; an application server configured to perform a method for encrypting a call applied to the application server; a key server configured to perform a method for encrypting a call applied to the key server.

According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described method for encrypting a call.

According to still another aspect of the present disclosure, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the above-described method for encrypting a call via execution of the executable instructions.

According to the method for encrypting the call provided by the embodiment of the disclosure, on one hand, the calling party terminal and the called party terminal can respectively carry indication information of whether the local machine supports the secret call function in messages (including request messages and response messages) sent by the calling party terminal and the called party terminal; on the other hand, the application server can respond to the request message sent by the calling party terminal to inquire whether the calling party and the called party Fang Jun have signed up voice encryption service, inquire whether the called party terminal is in a specified network-resident state, and carry out subsequent message forwarding processing; in still another aspect, the calling party terminal and the called party terminal may respectively carry identification information related to the session key and the encryption algorithm in the messages sent by the calling party terminal and the called party terminal, so as to negotiate the encryption algorithm and the session key, and further, may use the negotiated encryption algorithm and session key to perform a subsequent call flow so as to implement encrypted call. Therefore, by the method for encrypting the call, the identification information such as the terminal capability, the network residence state and the key negotiation can be carried in the call signaling (such as the IMS call signaling, including the request message and the response message) on the premise of not changing the existing voice (such as VoLTE) service mode and user experience, the identification information carried in the call signaling is processed in a mode that the terminal cooperates with the network, judgment of the terminal capability, the network residence state, the subscription service and the key negotiation information is realized, normal calling, connection and call of the terminal are ensured, voice encryption service is realized, and meanwhile, the problem of secret communication delay is avoided.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.

FIG. 1 illustrates a network architecture diagram of a method for encrypting a call according to an embodiment of the present disclosure;

fig. 2 illustrates a flowchart of a method for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure;

fig. 3 illustrates a flowchart of a method for encrypting a call applied to a called party terminal in an embodiment of the present disclosure;

FIG. 4 illustrates a flow chart of a method for encrypting a call for application to an application server in an embodiment of the present disclosure;

FIG. 5 illustrates a flow chart of a method for encrypting a call applied to a key server in an embodiment of the present disclosure;

FIG. 6 illustrates an interactive flow diagram of a method for encrypting a call according to one embodiment of the present disclosure;

FIG. 7 illustrates a flow chart of a method for encrypting a call according to yet another embodiment of the present disclosure;

fig. 8 shows a block diagram of an apparatus for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure;

fig. 9 shows a block diagram of an apparatus for encrypting a call applied to a called party terminal in an embodiment of the present disclosure;

FIG. 10 illustrates a block diagram of an apparatus for encrypting a call for application to an application server in an embodiment of the present disclosure;

FIG. 11 illustrates a block diagram of an apparatus for encrypting a call applied to a key server in an embodiment of the present disclosure; and

fig. 12 shows a block diagram of a computer device for encrypting a call in an embodiment of the present disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.

Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present disclosure, the meaning of "a plurality" is at least two, such as two, three, etc., unless explicitly specified otherwise.

In view of the technical problems in the related art, embodiments of the present disclosure provide a method for encrypting a call, which is used to at least solve one or all of the technical problems.

Fig. 1 shows a network architecture diagram of a method for encrypting a call according to an embodiment of the present disclosure.

AS shown in fig. 1, the system architecture may include a calling party terminal 101, a called party terminal 102, an application Server (Application Server, AS) 103, and a Key Server (Key Server, KS) 104. Wherein, the terminals (including the calling party terminal 101 and the called party terminal 102) and the servers (including the application server 103 and the key server 104) can communicate Data through a Network, and the Network can include a Data Network (DN), an IMS (IP Multimedia Subsystem, an IP multimedia subsystem) and a 4G/5G Network for example; the network may be a wired network or a wireless network.

In an exemplary embodiment, the wired or wireless network described above uses standard communication techniques and/or protocols. The network is typically the Internet, but may be any network including, but not limited to, a local area network (Local Area Network, LAN), metropolitan area network (Metropolitan Area Network, MAN), wide area network (Wide Area Network, WAN), mobile, wired or wireless network, private network, or any combination of virtual private networks. In some embodiments, techniques and/or formats including HyperText Mark-up Language (HTML), extensible markup Language (Extensible MarkupLanguage, XML), and the like may be used to represent data exchanged over a network. In addition, all or some of the links may also be encrypted using conventional encryption techniques such as secure socket layer (Secure Socket Layer, SSL), transport layer security (Transport Layer Security, TLS), virtual private network (Virtual Private Network, VPN), internet protocol security (Internet ProtocolSecurity, IPsec), and so on. In other embodiments, custom and/or dedicated data communication techniques may also be used in place of or in addition to the data communication techniques described above.

In an exemplary embodiment, the calling party terminal 101, the called party terminal 102 may be various electronic devices including, but not limited to, smartphones, tablet computers, laptop computers, desktop computers, wearable devices, augmented Reality (Augmented Reality, AR) devices, virtual Reality (VR) devices, and the like. Alternatively, the operating systems running on the calling party terminal 101, the called party terminal 102 may include, but are not limited to, android systems, IOS systems, linux systems, windows systems, etc.

Illustratively, the procedure by which the calling party terminal 101 implements the method for encrypting a call may be: under the condition that the calling party and the called party meet the call encryption condition, the calling party terminal 101 applies for obtaining a session key and corresponding key identification information from a key server; the calling party terminal 101 sends an update parameter request message carrying first call encryption information to a called party terminal; wherein the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; the calling party terminal 101 receives an updating parameter response message carrying second session encryption information, which is returned by the called party terminal in response to the updating parameter request message; wherein the second session encryption information includes: indication information of successful session key synchronization and a target encryption algorithm; the calling party terminal 101 analyzes the updated parameter response message, determines that the session key is successfully synchronized and obtains the target encryption algorithm, and then performs encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

Illustratively, the procedure by which the called party terminal 102 implements the method for encrypting a call may be: the called party terminal 102 receives an update parameter request message carrying first call encryption information sent by a calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; the called party terminal 102 obtains the session key from the key server in response to the update parameter request message to determine that the session key synchronization is successful, and determines a target encryption algorithm based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server; the called party terminal 102 sends an update parameter response message carrying second session encryption information to the calling party terminal; wherein the second session encryption information includes: the indication information of successful session key synchronization and the target encryption algorithm.

In an exemplary embodiment, the application server 103 and the key server 104 may be separate physical servers, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network ), and basic cloud computing services such as big data and artificial intelligence platforms.

Illustratively, the process by which the application server 103 implements the method for encrypting a call may be: the application server 103 receives a call request message carrying first indication information sent by a calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, and the first indication information comprises: the calling party terminal supports a secret call function; the application server 103 queries whether the calling party and the called party meet the first condition; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state; the application server 103 forwards the call request message carrying the first indication information to the called party terminal in case the first condition of the calling party and the called Fang Manzu is determined.

Illustratively, the process by which the key server 104 implements the method for encrypting a call may be: the key server 104 responds to the calling session key application sent by the calling terminal and sends a session key and corresponding key identification information to the calling terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the key server 104 responds to the called session key application carrying the key identification information sent by the called party terminal and sends a session key corresponding to the key identification information to the called party terminal; the called party terminal responds to the update parameter request message sent by the calling party terminal.

Those skilled in the art will appreciate that the number of calling party terminals 101, called party terminals 102, application servers 103, and key servers 104 in fig. 1 is merely illustrative, and any number of calling party terminals 101, called party terminals 102, application servers 103, and key servers 104 may be provided as desired, and the disclosure is not limited in this regard.

In order to enable those skilled in the art to better understand the technical solutions of the present disclosure, the following describes in more detail each step of a method for encrypting a call in an exemplary embodiment of the present disclosure with reference to the accompanying drawings and embodiments.

Fig. 2 shows a flowchart of a method for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure. The method provided by the embodiments of the present disclosure may be performed by the calling party terminal 101 as shown in fig. 1, but the present disclosure is not limited thereto.

As shown in fig. 2, a method for encrypting a call provided by an embodiment of the present disclosure may include the following steps.

Step S201, under the condition that the calling party and the called party meet the call encryption condition, the session key and corresponding key identification information are applied to a key server.

In some embodiments, the call encryption conditions may include: the calling party and the called party Fang Jun sign up for voice encryption service, the calling party terminal and the called party terminal are in a specified network-resident state, and the calling party terminal and the called party terminal support a secret call function. In some practical applications, the terminal (including the calling party terminal and the called party terminal) is in a specified network-resident state, and may be a network-resident state on a 4G network or a 5G network; the support of the Voice over LTE (Voice over LTE) encryption communication function may be support.

In some practical applications, if the calling party terminal determines that the two parties (i.e. the calling party and the called party) do not meet the call encryption condition, the method may be performed directly according to a common call flow, for example: the general update parameter request message is directly transmitted to the called party terminal without performing the step of requesting the session key and the corresponding key identification information from the key server, thereby avoiding unnecessary flow steps.

In some embodiments, the step of applying for obtaining the session key and corresponding key identification information from the key server may include: sending a calling session key application carrying calling information to a key server so that the key server carries out first authentication on a calling party based on the calling information; wherein, the call information includes: calling party number, called Fang Ma number and session identification; the receiving key server returns the session key and key identification information after determining that the first authentication passes.

The calling party terminal can firstly determine whether the calling party and the called party meet the call encryption condition, and then send different signaling according to different conditions. For example, if the calling party terminal determines that both parties (i.e., the calling party and the called party) meet the call encryption condition, the method for encrypting the call provided by the present disclosure may perform negotiation determination of the encryption algorithm and the session key with the called terminal; if the calling party terminal determines that the two parties do not meet the call encryption condition, the following processing can be carried out according to the common call flow, so that unnecessary negotiation is avoided, and communication delay caused by whether to carry out encrypted call or not after the call is connected is avoided.

In this step, the session key and the key identification information obtained from the key server application are paired, and the key identification information can be used to synchronize the session key with the called party terminal in the subsequent step, and the session key can encrypt communication data (such as voice data, image data, etc.) when both parties actually talk.

In some embodiments, the method for encrypting a call may further include determining that the calling party and the called party satisfy call encryption conditions prior to applying for obtaining the session key and corresponding key identification information from the key server as follows:

Under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, sending a call request message carrying first indication information to an application server, so that the application server forwards the call request message to a called party terminal under the condition that a first condition of a calling party and a called party Fang Manzu is determined; the first indication information may include: the calling party terminal supports a secret call function; the first condition may include: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state; receiving a call response message returned by the called party terminal in response to the call request message, and analyzing the call response message; under the condition that the call response message is analyzed to obtain second indication information, determining that the calling party and the called party meet the call encryption condition; wherein the second indication information includes: the called party terminal supports the secret talk function.

It can be seen from this embodiment that after the calling party terminal receives the call response message returned by the called party terminal in response to the call request message, it can be determined whether the two parties have satisfied the call encryption condition. In the process that the calling party terminal sends a call request message to the called party terminal and the called party terminal returns a call response message to the calling party terminal, the application server and the called party terminal can respectively bear the judgment of each condition in the call encryption conditions.

Specifically, the calling party terminal may determine whether the calling party terminal is in a specified network-resident state and whether the calling party terminal supports a secret call function, the application server may determine whether the calling party and the called party are both subscribed to the voice encryption service and whether the called party terminal is in the specified network-resident state, and the called party terminal may determine whether the called party terminal supports the secret call function.

In addition, in some practical applications, the call request message in this embodiment may be a SIP (Session Initiation Protocol ) request message with a request line method format of Invite (initiate session Invite), and the call answer message may be a SIP answer message with a state line status code of 183 (session progress, for prompting to establish progress information of a session).

Step S203, send the request message of updating parameter carrying the first conversation encryption information to the called party terminal; wherein the first call encryption information includes: a first set of encryption algorithms supported by the calling party terminal and key identification information.

In this step, the update parameter request message may be sent to the application server first, and then the application server forwards the update parameter request message to the called party terminal.

In some practical applications, the first set of encryption algorithms supported by the calling party terminal may be obtained by the calling party terminal itself through query, and the encryption algorithms may include, for example, a conventional packet encryption algorithm, a national encryption packet encryption algorithm, and the like, which is not limited in this disclosure.

Furthermore, in some practical applications, the Update parameter request message in this step may be a SIP request message in the format of Update (Update session parameter) of the request line method, which means that the calling party terminal wants to negotiate the relevant parameter information with the called party terminal.

Step S205, receiving an updating parameter response message carrying second session encryption information returned by the called party terminal in response to the updating parameter request message; wherein the second session encryption information includes: the indication information of successful session key synchronization and the target encryption algorithm.

In this step, after receiving the update parameter request message carrying the first call encryption information, the called party terminal may perform session key synchronization and return a corresponding update parameter response message, so that the calling party terminal knows the result of successful processing of the called party terminal after receiving the update parameter response message.

In some practical applications, the update parameter response message in this step may be a SIP response message with a status line status code of 200 (OK, request success).

And S207, analyzing the updated parameter response message, determining that the session key is successfully synchronized and obtaining a target encryption algorithm, and further carrying out encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

In this step, after the calling party terminal analyzes the updated parameter response message to obtain successful session key synchronization and obtains the target encryption algorithm, it can be confirmed that the called party terminal has completed the session key synchronization, and the encryption algorithm negotiated by both parties can be obtained from the response message returned by the called party terminal, and then the subsequent call flow can be performed by using the negotiated encryption algorithm and session key, so as to perform encrypted call.

In the method for encrypting a call provided by the present disclosure, on one hand, a calling party terminal and a called party terminal may respectively carry, in respective sent messages (including a request message and a response message), indication information of whether a local machine supports a secret call function; on the other hand, the application server can respond to the request message sent by the calling party terminal to inquire whether the calling party and the called party Fang Jun have signed up voice encryption service, inquire whether the called party terminal is in a specified network-resident state, and carry out subsequent message forwarding processing; in still another aspect, the calling party terminal and the called party terminal may respectively carry identification information related to the session key and the encryption algorithm in the messages sent by the calling party terminal and the called party terminal, so as to negotiate the encryption algorithm and the session key, and further, may use the negotiated encryption algorithm and session key to perform a subsequent call flow so as to implement encrypted call. Therefore, by the method for encrypting the call, the identification information such as the terminal capability, the network residence state and the key negotiation can be carried in the call signaling (such as the IMS call signaling, including the request message and the response message) on the premise of not changing the existing voice (such as VoLTE) service mode and user experience, the identification information carried in the call signaling is processed in a mode that the terminal cooperates with the network, judgment of the terminal capability, the network residence state, the subscription service and the key negotiation information is realized, normal calling, connection and call of the terminal are ensured, voice encryption service is realized, and meanwhile, the problem of secret communication delay is avoided.

Based on the same inventive concept, under the network architecture shown in fig. 1, the embodiment of the present disclosure further provides a method for encrypting a call, which can be applied to, but is not limited to, the called party terminal 102 shown in fig. 1.

Fig. 3 shows a flowchart of a method for encrypting a call applied to a called party terminal in an embodiment of the present disclosure, as shown in fig. 3, the method including the following steps.

Step S301, receiving an update parameter request message carrying first call encryption information sent by a calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the first call encryption information includes: a first set of encryption algorithms supported by the calling party terminal and key identification information.

In some embodiments, before receiving the update parameter request message carrying the first call encryption information sent by the calling party terminal, the method for encrypting the call may further include: receiving a call request message carrying first indication information forwarded by an application server under the condition that a first condition of a calling party and a called party Fang Manzu is determined; wherein the call request message is sent by the calling party terminal, and the first indication information comprises: the calling party terminal supports a secret call function; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state; analyzing the call request message, and inquiring whether the called party terminal supports the secret call function or not in response to the first indication information obtained by analysis; under the condition that the called party terminal supports the secret call function, sending a call response message carrying second indication information to the calling party terminal; wherein the second indication information includes: the called party terminal supports the secret talk function.

In some practical applications, if it is confirmed that the called party terminal does not sign up for the voice encryption service and is in a specified network-resident state (for example, in a 4G/5G state), the called party terminal may reply to the application server with a normal 183 message; if it is confirmed that the called party terminal is not in the specified network resident state (e.g., in the 2G/3G state), the called party terminal may reply to the application server with a ringing message (180).

In some practical applications, if the called party terminal confirms that the called party terminal does not support the secret call function, a call response message (such as a call response message in a normal call flow) which does not carry indication information related to the secret call function may be sent to the calling party terminal.

Step S303, a session key is obtained from a key server in response to the update parameter request message to determine that the session key is successfully synchronized, and a target encryption algorithm is determined based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server.

In some embodiments, obtaining the session key from the key server in response to the update parameter request message includes: analyzing the parameter updating request message to obtain a first encryption algorithm set and key identification information supported by the calling party terminal; sending a called session key application carrying call information and key identification information to a key server so that the key server authenticates the called Fang Jinhang based on the call information; wherein, the call information includes: calling party number, called Fang Ma number and session identification; the receiving key server returns a session key based on the key identification information after determining that the second authentication passes.

In some embodiments, determining the target encryption algorithm based on the update parameter request message includes: inquiring a second encryption algorithm set supported by the called party terminal; a target encryption algorithm is determined based on the first set of encryption algorithms and the second set of encryption algorithms.

Step S305, sending an update parameter response message carrying second session encryption information to the calling party terminal; wherein the second session encryption information includes: the indication information of successful session key synchronization and the target encryption algorithm.

Therefore, by the method for encrypting the call, the identification information such as the terminal capability, the network residence state and the key negotiation can be carried in the call signaling (such as the IMS call signaling, including the request message and the response message) on the premise of not changing the existing voice (such as VoLTE) service mode and user experience, the identification information carried in the call signaling is processed in a mode that the terminal cooperates with the network, judgment of the terminal capability, the network residence state, the subscription service and the key negotiation information is realized, normal calling, connection and call of the terminal are ensured, voice encryption service is realized, and meanwhile, the problem of secret communication delay is avoided.

Other contents of the embodiment of fig. 3 may refer to the above-mentioned other embodiments, and will not be described herein.

Based on the same inventive concept, under the network architecture shown in fig. 1, the embodiment of the present disclosure further provides a method for encrypting a call, which can be applied to, but is not limited to, the application server 103 shown in fig. 1.

Fig. 4 shows a flowchart of a method for encrypting a call applied to an application server in an embodiment of the present disclosure, as shown in fig. 4, the method including the following steps.

Step S401, receiving a call request message carrying first indication information sent by a calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, and the first indication information comprises: the calling party terminal supports the secret call function.

Step S403, inquiring whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified stay state.

In some embodiments, querying whether the calling party and the called party satisfy the first condition includes: inquiring a unified data management network element (UDM) and/or a Home Subscriber Server (HSS) to obtain user subscription data of a calling party and a called party, and obtaining the current network residence condition of a terminal of the called party; judging whether the calling party signs voice encryption service with the called party according to the user signing data, and judging whether the called party terminal is in a specified network residence state according to the current network residence condition; wherein the at the designated resident network state comprises: the residing network is on a 4G network or a 5G network.

In step S405, in case of determining the first condition of the calling party and the called party Fang Manzu, the call request message carrying the first indication information is forwarded to the called party terminal.

In some embodiments, the method for encrypting a call further comprises: removing the first indication information in the call request message to obtain a common call request message under the condition that the calling party and the called party are determined not to meet the first condition; and forwarding the common call request message to the called party terminal.

In this embodiment, if the application server determines that the calling party and the called party do not meet the first condition, the first indication information in the call request message sent by the calling party terminal may be deleted, because the common called party terminal that does not meet the first condition cannot normally process the indication information carried in the call request message, and deleting the first indication information may make the common call request message obtained after deletion consistent with the message structure in the common call flow, so that the common called party terminal is convenient to receive and process the message.

In some embodiments, the application server is further configured to forward messages (including request messages and response messages) between the calling party terminal and the called party terminal, including: and forwarding the parameter updating request message sent by the calling party terminal to the called party terminal, and forwarding the call response message and the parameter updating response message sent by the called party terminal to the calling party terminal.

Other contents of the embodiment of fig. 4 may refer to the above-mentioned other embodiments, and will not be described herein.

Based on the same inventive concept, under the network architecture shown in fig. 1, the embodiment of the present disclosure further provides a method for encrypting a call, which can be applied to, but is not limited to, the key server 104 shown in fig. 1.

Fig. 5 shows a flowchart of a method for encrypting a call applied to a key server in an embodiment of the present disclosure, as shown in fig. 5, the method including the following steps.

Step S501, in response to a calling session key application sent by a calling party terminal, a session key and corresponding key identification information are sent to the calling party terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition.

In some embodiments, in response to a caller session key application sent by a caller terminal, sending a session key and corresponding key identification information to the caller terminal includes: receiving a calling session key application carrying calling information sent by a calling party terminal; wherein, the call information includes: calling party number, called Fang Ma number and session identification; performing first authentication on the calling party based on the call information; after determining that the first authentication passes, generating and storing a session key and corresponding key identification information; and sending the session key and the key identification information to the calling party terminal.

In this embodiment, the first authentication may be, for example, to query the application server based on the call information in the calling session key application to implement authentication, and the query content may be, for example, whether the calling party and the called party in the current session sign up for the secret talk service. After the first authentication passes, the key server may establish a mapping relationship with the calling party code number, the called party Fang Ma number, and the session identifier (e.g. VoLTE session ID), and then use a protection mechanism of the network operator to securely return the session key and the key identifier information to the calling party terminal.

Step S503, responding to the called session key application carrying key identification information sent by the called terminal, and sending a session key corresponding to the key identification information to the called terminal; the called party terminal responds to the update parameter request message sent by the calling party terminal.

In some embodiments, in response to a called session key application carrying key identification information sent by a called party terminal, sending a session key corresponding to the key identification information to the called party terminal, including: receiving a called session key application carrying call information and key identification information sent by a called party terminal; wherein, the call information includes: calling party number, called Fang Ma number and session identification; authenticating the called Fang Jinhang second authentication based on the call information; after the second authentication is confirmed to pass, a session key corresponding to the key identification information is confirmed; and sending the session key to the called party terminal.

In this embodiment, the second authentication may, for example, query the application server based on the call information in the called session key application to implement authentication, and the query content may, for example, be whether the calling party and the called party in the current session sign up for the secret talk service. After the second authentication passes, the key server can query based on the mapping relation established in the previous step to obtain the session key corresponding to the key identification information, and then the session key is safely returned to the calling party terminal by adopting a protection mechanism of the network operator.

Other contents of the embodiment of fig. 5 may refer to the above-mentioned other embodiments, and will not be described herein.

Fig. 6 illustrates an interactive flow diagram of a method for encrypting a call according to one embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be performed by the calling party terminal 101, the called party terminal 102, the application server 103, and the key server 104 as shown in fig. 1, but the present disclosure is not limited thereto, and the method may include the following steps as shown in fig. 6.

In step S01, the calling party terminal sends a SIP invite message (call request message) carrying an indication of the locally supported VoLTE voice encryption function to the application server.

Step S02, the application server judges the signing condition of the calling and called numbers, and inquires the 4G/5G resident network state of the called party terminal from the HSS/UDM.

In step S03, in the case that the application server determines the first condition of the calling party and the called party Fang Manzu, the application server forwards the SIP invite message containing the indication information (the calling party terminal supports the VoLTE voice encryption function) to the called party terminal. Wherein the first condition comprises: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified stay state.

Step S04, the called party terminal analyzes the SIP invite message containing the indication information.

Step S05, the called party terminal sends a 183session progress message (call response message) carrying the local VoLTE voice encryption function supporting indication to the application server.

In step S06, the application server forwards 183session progress message to the calling party terminal.

Step S07, the calling terminal parses the 183session message containing the indication information.

In step S08, in the case that the calling party terminal determines that the called party terminal also supports the voice encryption function, the calling party terminal applies for the session key (carrying the calling and called code number, SIP session ID) to the key server.

Step S09, the key server performs authentication and authorization to generate a session key and a key identification.

And step S10, the key server safely returns the session key and the key identification to the calling party terminal.

In step S11, the calling party terminal sends a SIP update message (update parameter request message) carrying the encryption algorithm and key identification information supported by the calling party terminal to the application server.

And step S12, the application server forwards the SIP update message to the called party terminal.

Step S13, the called party terminal analyzes the SIP update message containing the indication information.

In step S14, the called party terminal applies for the session key (carrying the calling and called code number, SIP session ID and key identification information) to the key server.

And step S15, the key server performs authentication and authentication, and obtains a session key requested by the calling party terminal based on the key identification information matching.

In step S16, the key server securely returns the session key to the called party terminal.

Step S17, the called party terminal determines the encryption algorithm of the current session.

In step S18, the called party terminal returns a SIP update 200 OK message (update parameter response message) to the application server, where the SIP update 200 OK message may carry the session encryption algorithm and session key synchronization success indication information.

In step S19, the application server forwards the SIP update 200 OK message carrying the indication information to the calling party terminal.

Step S20, the calling party terminal analyzes the SIP update 200 OK and determines that the current session is VoLTE encrypted call.

And then, the calling party terminal and the called party terminal can use the encryption algorithm and the session key determined in the process to carry out subsequent call flow and VoLTE encryption call.

Other contents of the embodiment of fig. 6 may refer to the above-mentioned other embodiments, and will not be described herein.

Fig. 7 shows a flowchart of a method for encrypting a call according to yet another embodiment of the present disclosure, which may include the following steps, as shown in fig. 7.

First, the calling and called terminals respectively carry the indication of the local support VoLTE encryption function in the SIP message (including the call request message and the call response message). Wherein the calling party terminal is inserted in a SIP invite message (call request message) related field. The called party terminal determines whether the received calling invite message has the VoLTE encryption function instruction according to the received calling invite message, if the calling invite message contains the VoLTE encryption function instruction, and the called party confirms that the function is supported by the called party, the instruction of supporting the VoLTE encryption function of the called party terminal is inserted in a returned 183session progress message (call response message) field, otherwise, the instruction of supporting the VoLTE encryption function of the called party terminal is not inserted.

And secondly, the application server can firstly inquire according to the calling number and the called number to judge whether the user signs up. If signing, and the calling invite message carries the local VoLTE encryption function instruction, the resident network state of the called party terminal can be queried from a called party database HSS/UDM, and if the resident network is in a 4G/5G network state, the application server forwards the calling invite message to the called party terminal; otherwise, the application server deletes the indication of supporting the secret call function carried in the calling invite message, and then forwards the normal call message.

Thirdly, the calling party terminal analyzes and judges the 183session progress message returned by the called party terminal, and if the 183session progress message carries the VoLTE encryption function instruction, the calling party terminal applies for a session key to the key server; if not, continuing the normal call flow.

After the calling party terminal applies for the session key, the update message (update parameter request message) sent to the called party terminal can carry the key identification and the encryption algorithm information supported by the calling party terminal.

Then, the called party terminal analyzes and judges the received calling update message, and if the calling update message carries key identification information, the called party terminal can apply the same session key as the calling to the key server.

Then, after the called party terminal applies for the session key, the determined encryption algorithm and the information that the session key synchronization is successful may be inserted into the SIP update 200 ok message (update parameter response message) sent to the calling party terminal.

Finally, after the calling party terminal receives and analyzes the SIP update 200 ok message, the calling party terminal can determine that the current session is the VoLTE encrypted call, and the calling party terminal and the called party terminal can continue the subsequent call flow to realize the VoLTE encrypted call.

Other contents of the embodiment of fig. 7 may refer to the above-mentioned other embodiments, and will not be described herein.

It is noted that the above-described figures are only schematic illustrations of processes involved in a method according to an exemplary embodiment of the invention, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.

Fig. 8 shows a block diagram of an apparatus for encrypting a call applied to a calling party terminal in an embodiment of the present disclosure. As shown in fig. 8, an apparatus 800 for encrypting a call includes:

a first key obtaining module 801, configured to apply for obtaining a session key and corresponding key identification information from a key server when it is determined that the calling party and the called party meet a call encryption condition;

A first sending module 802, configured to send an update parameter request message carrying first session encryption information to a called party terminal; wherein the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal;

a first receiving module 803, configured to receive an update parameter response message carrying second session encryption information, which is returned by the called party terminal in response to the update parameter request message; wherein the second session encryption information includes: indication information of successful session key synchronization and a target encryption algorithm;

the parsing module 804 is configured to parse the updated parameter response message, determine that the session key is successfully synchronized and obtain the target encryption algorithm, and further perform encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

Other content of the embodiment of fig. 8 may be referred to the other embodiments described above.

Fig. 9 shows a block diagram of an apparatus for encrypting a call applied to a called party terminal in an embodiment of the present disclosure. As shown in fig. 9, the apparatus 900 for encrypting a call includes:

a second receiving module 901, configured to receive an update parameter request message carrying first call encryption information sent by a calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal;

A second key obtaining module 902, configured to obtain a session key from the key server in response to the update parameter request message, to determine that the session key synchronization is successful, and to determine a target encryption algorithm based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server;

a second sending module 903, configured to send an update parameter response message carrying second session encryption information to the calling party terminal; wherein the second session encryption information includes: the indication information of successful session key synchronization and the target encryption algorithm.

Other details of the embodiment of fig. 9 may be found in the other embodiments described above.

Fig. 10 shows a block diagram of an apparatus for encrypting a call applied to an application server in an embodiment of the present disclosure. As shown in fig. 10, the apparatus 1000 for encrypting a call includes:

a third receiving module 1001, configured to receive a call request message carrying first indication information sent by a calling party terminal; the call request message is sent by the calling party terminal under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, and the first indication information comprises: the calling party terminal supports a secret call function;

A query module 1002, configured to query whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called Fang Jun sign up for voice encryption service, and the called party terminal is in a specified network-resident state;

and a third sending module 1003, configured to forward, in case that the first conditions of the calling party and the called party Fang Manzu are determined, the call request message carrying the first indication information to the called party terminal.

Other content of the embodiment of fig. 10 may be referred to the other embodiments described above.

Fig. 11 shows a block diagram of an apparatus for encrypting a call applied to a key server in an embodiment of the present disclosure. As shown in fig. 11, an apparatus 1100 for encrypting a call includes:

a fourth sending module 1101, configured to send a session key and corresponding key identification information to a calling party terminal in response to a calling session key application sent by the calling party terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the method comprises the steps of,

the fourth sending module 1101 is further configured to send, to the called party terminal, a session key corresponding to the key identification information in response to a called session key application sent by the called party terminal and carrying the key identification information; the called party terminal responds to the update parameter request message sent by the calling party terminal.

Other content of the embodiment of fig. 11 may be referred to the other embodiments described above.

Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.

Fig. 12 shows a block diagram of a computer device for encrypting a call in an embodiment of the present disclosure. It should be noted that the illustrated electronic device is only an example, and should not impose any limitation on the functions and application scope of the embodiments of the present invention.

An electronic device 1200 according to this embodiment of the present invention is described below with reference to fig. 12. The electronic device 1200 shown in fig. 12 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.

As shown in fig. 12, the electronic device 1200 is in the form of a general purpose computing device. Components of electronic device 1200 may include, but are not limited to: the at least one processing unit 1210, the at least one memory unit 1220, and a bus 1230 connecting the different system components (including the memory unit 1220 and the processing unit 1210).

Wherein the storage unit stores program code that is executable by the processing unit 1210 such that the processing unit 1210 performs steps according to various exemplary embodiments of the present invention described in the above-described "exemplary methods" section of the present specification. For example, the processing unit 1210 may perform the method as shown in fig. 2.

The storage unit 1220 may include a readable medium in the form of a volatile storage unit, such as a Random Access Memory (RAM) 12201 and/or a cache memory 12202, and may further include a Read Only Memory (ROM) 12203.

Storage unit 1220 may also include a program/utility 12204 having a set (at least one) of program modules 12205, such program modules 12205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

Bus 1230 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.

The electronic device 1200 may also communicate with one or more external devices 1300 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 1200, and/or any device (e.g., router, modem, etc.) that enables the electronic device 1200 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1250. Also, the electronic device 1200 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet through the network adapter 1260. As shown, the network adapter 1260 communicates with other modules of the electronic device 1200 over bus 1230. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 1200, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.

In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the invention as described in the "exemplary methods" section of this specification, when said program product is run on the terminal device.

A program product for implementing the above-described method according to an embodiment of the present invention may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. A method for encrypting a call, applied to a calling party terminal, comprising:

under the condition that the calling party and the called party meet the call encryption condition, applying for obtaining a session key and corresponding key identification information from a key server; wherein, the call encryption condition includes: the calling party and the called party Fang Jun sign a voice encryption service, the calling party terminal and the called party terminal are both in a specified network-resident state, and the calling party terminal and the called party terminal both support a secret call function; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network;

Sending an updating parameter request message carrying first call encryption information to a called party terminal; wherein the first call encryption information includes: a first set of encryption algorithms supported by the calling party terminal and the key identification information;

receiving an updating parameter response message carrying second session encryption information returned by the called party terminal in response to the updating parameter request message; wherein the second session encryption information includes: indication information of successful session key synchronization and a target encryption algorithm;

and analyzing the updated parameter response message, determining that the session key is successfully synchronized and obtaining the target encryption algorithm, and further carrying out encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

2. The method of claim 1, further comprising determining the call encryption conditions for the calling party and the called Fang Manzu as follows:

sending a call request message carrying first indication information to an application server under the condition that the calling party terminal is in a specified network-resident state and supports a secret call function, so that the application server forwards the call request message to a called party terminal under the condition that a first condition of a calling party and a called party Fang Manzu is determined; wherein the first indication information includes: the calling party terminal supports a secret call function; the first condition includes: the calling party and the called Fang Jun sign a voice encryption service, and the called party terminal is in a specified network-resident state;

Receiving a call response message returned by the called party terminal in response to the call request message, and analyzing the call response message;

under the condition that the call response message is analyzed to obtain second indication information, determining that the calling party and the called party meet call encryption conditions; wherein the second indication information includes: the called party terminal supports a secret talk function.

3. The method according to claim 1 or 2, wherein applying for obtaining the session key and the corresponding key identification information from the key server comprises:

sending a calling session key application carrying call information to the key server so that the key server carries out first authentication on the calling party based on the call information; wherein the call information includes: calling party number, called Fang Ma number and session identification;

and receiving the session key and the key identification information returned by the key server after the first authentication is confirmed to pass.

4. A method for encrypting a call, characterized by being applied to a called party terminal, comprising:

receiving an updating parameter request message carrying first call encryption information sent by a calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; wherein, the call encryption condition includes: the calling party and the called party Fang Jun sign a voice encryption service, the calling party terminal and the called party terminal are both in a specified network-resident state, and the calling party terminal and the called party terminal both support a secret call function; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network;

Acquiring a session key from a key server in response to the update parameter request message to determine that session key synchronization is successful, and determining a target encryption algorithm based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server;

sending an updating parameter response message carrying second session encryption information to the calling party terminal; wherein the second session encryption information includes: and the session key is successfully synchronized with the target encryption algorithm.

5. The method of claim 4, wherein prior to receiving the update parameter request message carrying the first telephony encryption information sent by the calling party terminal, the method further comprises:

receiving a call request message carrying first indication information forwarded by an application server under the condition that a first condition of a calling party and a called party Fang Manzu is determined; wherein the call request message is sent by the calling party terminal, and the first indication information includes: the calling party terminal supports a secret call function; the first condition includes: the calling party and the called Fang Jun sign a voice encryption service, and the called party terminal is in a specified network-resident state;

Analyzing the call request message, and inquiring whether the called party terminal supports a secret call function or not in response to the first indication information obtained by analysis;

under the condition that the called party terminal supports the secret call function, sending a call response message carrying second indication information to the calling party terminal; wherein the second indication information includes: the called party terminal supports a secret talk function.

6. The method according to claim 4 or 5, wherein obtaining a session key from a key server in response to the update parameter request message comprises:

analyzing the update parameter request message to obtain the first encryption algorithm set supported by the calling party terminal and the key identification information;

sending a called session key application carrying call information and the key identification information to the key server so that the key server performs second authentication on the called Fang Jinhang based on the call information; wherein the call information includes: calling party number, called Fang Ma number and session identification;

and receiving the session key returned by the key server based on the key identification information after determining that the second authentication passes.

7. The method of claim 6, wherein determining a target encryption algorithm based on the update parameter request message comprises:

querying a second encryption algorithm set supported by the called party terminal;

a target encryption algorithm is determined based on the first set of encryption algorithms and the second set of encryption algorithms.

8. A method for encrypting a call, applied to an application server, comprising:

receiving a call request message carrying first indication information sent by a calling party terminal; wherein the call request message is sent by the calling party terminal when the calling party terminal is in a specified network-resident state and supports a secret call function, and the first indication information includes: the calling party terminal supports a secret call function;

inquiring whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called Fang Jun sign voice encryption service, and the called party terminal are in a specified network-resident state; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network;

and forwarding the call request message carrying the first indication information to the called party terminal in case that a first condition of the calling party and the called Fang Manzu is determined.

9. The method of claim 8, wherein querying whether the calling party and the called party satisfy the first condition comprises:

inquiring a unified data management network element (UDM) and/or a Home Subscriber Server (HSS) to obtain user subscription data of the calling party and the called party and obtain the current network residence condition of the called party terminal;

judging whether the calling party signs up with the called party for the voice encryption service according to the user signing data, and judging whether the called party terminal is in a specified network residence state according to the current network residence condition.

10. The method as recited in claim 8, further comprising:

removing the first indication information in the call request message under the condition that the calling party and the called party are not met to obtain a common call request message;

and forwarding the common call request message to the called party terminal.

11. A method for encrypting a call, applied to a key server, comprising:

responding to a calling session key application sent by a calling terminal, and sending a session key and corresponding key identification information to the calling terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; wherein, the call encryption condition includes: the calling party and the called party Fang Jun sign a voice encryption service, the calling party terminal and the called party terminal are both in a specified network-resident state, and the calling party terminal and the called party terminal both support a secret call function; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network; the method comprises the steps of,

Responding to a called session key application carrying the key identification information sent by a called party terminal, and sending the session key corresponding to the key identification information to the called party terminal; the called session key application is sent by the called party terminal in response to the update parameter request message sent by the calling party terminal.

12. The method of claim 11, wherein transmitting the session key and corresponding key identification information to the calling party terminal in response to the transmission by the calling party terminal comprises:

receiving a calling session key application carrying calling information sent by a calling party terminal; wherein the call information includes: calling party number, called Fang Ma number and session identification;

performing first authentication on the calling party based on the call information;

after determining that the first authentication passes, generating and storing a session key and corresponding key identification information;

and sending the session key and the key identification information to the calling party terminal.

13. The method of claim 11, wherein transmitting the session key corresponding to the key identification information to the called party terminal in response to a called session key application carrying the key identification information transmitted by the called party terminal, comprises:

Receiving a called session key application which is sent by a called party terminal and carries calling information and key identification information; wherein the call information includes: calling party number, called Fang Ma number and session identification;

authenticating the called Fang Jinhang second authentication based on the call information;

after determining that the second authentication passes, determining the session key corresponding to the key identification information;

and sending the session key to the called party terminal.

14. An apparatus for encrypting a call, applied to a calling party terminal, comprising:

the first key acquisition module is used for applying for obtaining a session key and corresponding key identification information from the key server under the condition that the calling party and the called party are determined to meet the call encryption condition; wherein, the call encryption condition includes: the calling party and the called party Fang Jun sign a voice encryption service, the calling party terminal and the called party terminal are both in a specified network-resident state, and the calling party terminal and the called party terminal both support a secret call function; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network;

the first sending module is used for sending an updating parameter request message carrying first call encryption information to the called party terminal; wherein the first call encryption information includes: a first set of encryption algorithms supported by the calling party terminal and the key identification information;

The first receiving module is used for receiving an updating parameter response message carrying second session encryption information, which is returned by the called party terminal in response to the updating parameter request message; wherein the second session encryption information includes: indication information of successful session key synchronization and a target encryption algorithm;

and the analysis module is used for analyzing the updated parameter response message, determining that the session key is successful in synchronization and obtaining the target encryption algorithm, and further carrying out encrypted communication with the called party terminal based on the target encryption algorithm and the session key.

15. An apparatus for encrypting a call, applied to a called party terminal, comprising:

the second receiving module is used for receiving an update parameter request message carrying the first call encryption information sent by the calling party terminal; the parameter updating request message is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; the first call encryption information includes: a first encryption algorithm set and key identification information supported by the calling party terminal; wherein, the call encryption condition includes: the calling party and the called party Fang Jun sign a voice encryption service, the calling party terminal and the called party terminal are both in a specified network-resident state, and the calling party terminal and the called party terminal both support a secret call function; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network;

The second key acquisition module is used for responding to the update parameter request message and acquiring a session key from a key server so as to determine that the session key is successfully synchronized, and determining a target encryption algorithm based on the update parameter request message; the session key is stored on the key server after the calling party terminal applies for the key server;

the second sending module is used for sending an updating parameter response message carrying second session encryption information to the calling party terminal; wherein the second session encryption information includes: and the session key is successfully synchronized with the target encryption algorithm.

16. An apparatus for encrypting a call, applied to an application server, comprising:

the third receiving module is used for receiving a call request message carrying first indication information sent by the calling party terminal; wherein the call request message is sent by the calling party terminal when the calling party terminal is in a specified network-resident state and supports a secret call function, and the first indication information includes: the calling party terminal supports a secret call function;

the inquiry module is used for inquiring whether the calling party and the called party meet a first condition; the first condition includes: the calling party and the called Fang Jun sign voice encryption service, and the called party terminal are in a specified network-resident state; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network;

And a third sending module, configured to forward the call request message carrying the first indication information to the called party terminal if the first condition of the calling party and the called Fang Manzu is determined.

17. An apparatus for encrypting a call, applied to a key server, comprising:

a fourth sending module, configured to send a session key and corresponding key identification information to a calling party terminal in response to a calling session key application sent by the calling party terminal; the calling session key application is sent by the calling party terminal under the condition that the calling party and the called party meet the call encryption condition; wherein, the call encryption condition includes: the calling party and the called party Fang Jun sign a voice encryption service, the calling party terminal and the called party terminal are both in a specified network-resident state, and the calling party terminal and the called party terminal both support a secret call function; wherein the at the designated resident network state comprises: residing on a 4G network or a 5G network; the method comprises the steps of,

the fourth sending module is further configured to send, to a called party terminal, the session key corresponding to the key identification information in response to a called session key application carrying the key identification information sent by the called party terminal; the called session key application is sent by the called party terminal in response to the update parameter request message sent by the calling party terminal.

18. A system for encrypting a call, the system comprising: the system comprises a calling party terminal, a called party terminal, an application server and a key server;

a calling party terminal configured to perform the method for encrypting a call according to any one of claims 1 to 3;

a called party terminal configured to perform the method for encrypting a call according to any one of claims 4 to 7;

an application server configured to perform the method for encrypting a call according to any one of claims 8 to 10;

a key server configured to perform the method for encrypting a call according to any one of claims 11 to 13.

19. A computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method for encrypting a call according to any one of claims 1 to 13.

20. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs which when executed by the one or more processors cause the one or more processors to implement the method for encrypting a call according to any one of claims 1 to 13.