CN115119150B - Short message encryption and decryption method, device, equipment and storage medium - Google Patents

Short message encryption and decryption method, device, equipment and storage medium Download PDF

Info

Publication number
CN115119150B
CN115119150B CN202210881501.XA CN202210881501A CN115119150B CN 115119150 B CN115119150 B CN 115119150B CN 202210881501 A CN202210881501 A CN 202210881501A CN 115119150 B CN115119150 B CN 115119150B
Authority
CN
China
Prior art keywords
short message
end equipment
equipment
transmitting end
receiving end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210881501.XA
Other languages
Chinese (zh)
Other versions
CN115119150A (en
Inventor
余文珣
钟英南
余斯聪
郭艺钊
张钦杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Achieve Information Technology Development Co ltd
Original Assignee
Guangdong Achieve Information Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Achieve Information Technology Development Co ltd filed Critical Guangdong Achieve Information Technology Development Co ltd
Priority to CN202210881501.XA priority Critical patent/CN115119150B/en
Publication of CN115119150A publication Critical patent/CN115119150A/en
Application granted granted Critical
Publication of CN115119150B publication Critical patent/CN115119150B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the technical field of information security, and discloses a method, a device, equipment and a storage medium for encrypting and decrypting a short message, wherein the method comprises the steps of storing secret keys used in the encrypting and decrypting processes of short message communication of a transmitting end equipment and a receiving end equipment in TEEs in main processors of the respective equipment; when the transmitting end equipment or the receiving end equipment requests a key from the TEE, the transmitting end equipment or the receiving end equipment is firstly verified for the first time; if the first verification passes, performing a second verification on the transmitting terminal equipment or the receiving terminal equipment; and if and only if the second verification passes, enabling the TEE to return the key data to the transmitting end device or the receiving end device. The application can effectively avoid potential safety hazard caused by stealing the short message data and enhance the safety of the short message communication process.

Description

Short message encryption and decryption method, device, equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for encrypting and decrypting a short message.
Background
Owing to the key algorithm, domestic sensitive information can be encrypted by using the corresponding key algorithm, and further the sensitive information can be safely transmitted in a network. In particular, short messages are taken as a convenient way for information exchange in daily life of people, and the key algorithm is used for short message communication so that people can communicate more safely.
When people use short messages to transmit business information and personal privacy, account login and transaction payment are carried out by using short message verification codes, because the traditional short message encryption technology mostly uses symmetric encryption algorithms to encrypt and decrypt, and keys are generally stored in an application layer, an attacker can easily acquire the keys, and further lawless persons can acquire user information by monitoring data transmitted by stealing short messages, or read short message information stored in a local plaintext by malicious apps, trojans and the like, so that the short message data is stolen, and potential safety hazards are caused.
Aiming at the related technology, the inventor finds that the existing short message communication mode has the problem of weak safety.
Disclosure of Invention
In order to enhance the safety of the short message communication process, the application provides a short message encryption and decryption method, a device, equipment and a storage medium.
In a first aspect, the present application provides a method for encrypting and decrypting a short message.
The application is realized by the following technical scheme:
a method for encrypting and decrypting short message is used for encrypting and decrypting short message communication between a transmitting terminal device and a receiving terminal device,
storing keys used by the transmitting end equipment and the receiving end equipment in the encryption and decryption processes of the short message communication in TEEs in main processors of the respective equipment;
when the transmitting end equipment or the receiving end equipment requests a key from the TEE, the transmitting end equipment or the receiving end equipment is firstly verified for the first time;
if the first verification passes, performing a second verification on the transmitting terminal equipment or the receiving terminal equipment;
and if and only if the second verification passes, enabling the TEE to return the key data to the transmitting end device or the receiving end device.
The present application may be further configured in a preferred example to: the secret key comprises a public key and a private key, wherein the public key is an identity of the receiving terminal equipment, and the private key is correspondingly generated according to the public key and an SM9 algorithm.
The present application may be further configured in a preferred example to: and if the second verification is not passed, changing the public key based on a preset changeable variable.
The present application may be further configured in a preferred example to: when the sending terminal equipment sends a short message to the receiving terminal equipment, the method comprises the following steps,
after writing short message data in a short message APP by using a transmitting end device, the short message APP of the transmitting end device sends an encryption request to a TEE of the transmitting end device, and when the transmitting end device passes verification twice, the transmitting end device receives an identity of the receiving end device as a public key;
and the short message APP of the transmitting terminal equipment encrypts the short message data by using the obtained public key to form the encrypted data.
The present application may be further configured in a preferred example to: when the sending terminal equipment sends the short message to the receiving terminal equipment, the method also comprises the following steps,
the short message APP of the transmitting end equipment packages the encrypted data to form a ciphertext data packet, and sends the ciphertext data packet to a baseband communication module of the transmitting end equipment, and the baseband communication module modulates the ciphertext data packet to form encrypted short message data in a modulation signal form and sends the encrypted short message data to a short message transmission channel of a telecom operator;
the encrypted short message data in the form of a modulation signal is transmitted to a baseband communication module of receiving terminal equipment through a short message transmission channel of a telecom operator, and the baseband communication module demodulates the encrypted short message data in the form of the modulation signal and restores the encrypted short message data into a ciphertext data packet and transmits the ciphertext data packet to a short message APP of the receiving terminal equipment;
and the short message APP of the receiving end equipment unpacks the ciphertext data packet and restores the ciphertext data packet into the confidential data.
The present application may be further configured in a preferred example to: when the sending terminal equipment sends the short message to the receiving terminal equipment, the method also comprises the following steps,
when a user of the receiving end equipment needs to read the short message data, the short message APP of the receiving end equipment sends a decryption request to the TEE of the receiving end equipment, and when the receiving end equipment passes the verification twice, the receiving end equipment receives a private key returned by the TEE;
and the short message APP of the receiving end equipment decrypts the encrypted data by using the private key to obtain short message data.
The present application may be further configured in a preferred example to: the short message APP of the transmitting terminal equipment sends an encryption request to the TEE of the transmitting terminal equipment, and when the transmitting terminal equipment passes the verification twice, the method also comprises the following steps,
temporarily calculating a private key based on a preset root key pool;
and sending the private key to the receiving terminal equipment.
The present application may be further configured in a preferred example to: the step of temporarily calculating the private key based on the preset root key pool includes,
the root key pool temporarily calculates and generates a private key according to an SM9 algorithm by acquiring the public key.
The present application may be further configured in a preferred example to: the step of temporarily calculating the private key based on the preset root key pool includes,
the root key pool temporarily calculates a private key according to a preset calculation function by acquiring the public key, wherein the expression of the calculation function is f (S ')= [ a x S, b x r1, c x r2], wherein f (S') is the private key, S is the public key, r1 is a random number generated according to the identity of the receiving end equipment or the identity of the transmitting end equipment, r2 is a random number generated by a cloud server, a is a constant, b is a constant and c is a constant.
The present application may be further configured in a preferred example to: the changeable variable is a sending date or time;
calculating a public key according to the sending date or time, encrypting the identity of the receiving terminal equipment for the first time, and encrypting the short message content for the second time;
and enabling the receiver to select a preset private key corresponding to the calculated public key according to the receiving time or date to decrypt the identity of the receiver device and the short message content respectively.
The present application may be further configured in a preferred example to: when the sending terminal equipment is used for writing the short message data in the short message APP, the method also comprises the following steps,
and setting a dynamic keyboard on the transmitting terminal equipment, starting the dynamic keyboard each time when writing the short message data in the short message APP, and changing the key positions on the keyboard in real time.
The present application may be further configured in a preferred example to: the message APP of the sender device encrypts the message data by using the obtained public key to form the secret state data,
and storing the secret state data in a storage area of the transmitting end equipment.
The present application may be further configured in a preferred example to: the short message APP of the receiving end device unpacks the ciphertext data packet into the ciphertext data, and when the ciphertext data packet is restored into the ciphertext data, the method also comprises the following steps,
and storing the restored secret state data in a storage area of the receiving terminal equipment.
In a second aspect, the present application provides a device for encrypting and decrypting a short message.
The application is realized by the following technical scheme:
a short message encrypting and decrypting device comprises,
the storage module is used for storing the secret keys used by the transmitting end equipment and the receiving end equipment in the encryption and decryption processes of the short message communication in the TEEs in the main processors of the respective equipment;
the first verification module is used for carrying out first verification on the transmitting end equipment or the receiving end equipment when the transmitting end equipment or the receiving end equipment requests a secret key from the TEE;
the second verification module is used for carrying out second verification on the transmitting end equipment or the receiving end equipment when the first verification passes;
and the key module is used for enabling the TEE to return key data to the transmitting end equipment or the receiving end equipment when the second verification passes.
In a third aspect, the present application provides a computer device.
The application is realized by the following technical scheme:
the computer equipment comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor realizes the steps of any one of the short message encryption and decryption methods when executing the computer program.
In a fourth aspect, the present application provides a computer-readable storage medium.
The application is realized by the following technical scheme:
a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of any one of the above-described short message encryption and decryption methods.
In summary, compared with the prior art, the technical scheme provided by the application has the beneficial effects that at least:
a method for encrypting and decrypting short message is used for encrypting and decrypting short message communication between a transmitting terminal device and a receiving terminal device, and secret keys used by the transmitting terminal device and the receiving terminal device in the encrypting and decrypting process of the short message communication are stored in TEEs in main processors of the respective devices, so that the safety, confidentiality and integrity of data loaded into the TEEs are ensured, an isolated execution environment is provided for encrypting and decrypting the short message, and the safety of the short message communication process is greatly improved; when the transmitting end equipment or the receiving end equipment requests a secret key from the TEE, the transmitting end equipment or the receiving end equipment is firstly verified for the first time so as to ensure the safety of the local environment of the transmitting end equipment or the receiving end equipment; if the first verification passes, the second verification is performed on the transmitting end equipment or the receiving end equipment, and if and only if the second verification passes, the TEE is enabled to return key data to the transmitting end equipment or the receiving end equipment, so that the safety of the local environment of the transmitting end equipment or the receiving end equipment is further ensured, further, illegal molecules can be prevented from acquiring user information by monitoring data transmitted by stealing short messages or reading the short message information stored in a local plaintext through malicious apps, trojan horses and the like, potential safety hazards caused by the fact that the short message data are stolen are effectively avoided, and the safety of the short message communication process is enhanced.
Drawings
Fig. 1 is a flow chart of a method for encrypting and decrypting a short message according to an exemplary embodiment of the present application.
Fig. 2 is a block diagram of a short message encrypting and decrypting apparatus according to another exemplary embodiment of the present application.
Detailed Description
The present embodiment is only for explanation of the present application and is not to be construed as limiting the present application, and modifications to the present embodiment, which may not creatively contribute to the present application as required by those skilled in the art after reading the present specification, are all protected by patent laws within the scope of claims of the present application.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In this context, unless otherwise specified, the term "/" generally indicates that the associated object is an "or" relationship.
In a complete unidirectional short message communication process, the method generally relates to a transmitting end device, a receiving end device and a telecom operator responsible for transmitting, receiving and transmitting information of the transmitting end device and the receiving end device.
The transmitting end device and the receiving end device can be mobile phones, tablet computers or any other intelligent terminal device supporting short message communication. In this embodiment, a mobile phone is used as the transmitting end device and the receiving end device.
Embodiments of the application are described in further detail below with reference to the drawings.
Referring to fig. 1, an embodiment of the present application provides a method for encrypting and decrypting a short message, and main steps of the method are described as follows.
Storing keys used by the transmitting end equipment and the receiving end equipment in the encryption and decryption processes of the short message communication in TEEs in main processors of the respective equipment;
when the transmitting end equipment or the receiving end equipment requests a key from the TEE, the transmitting end equipment or the receiving end equipment is firstly verified for the first time;
if the first verification passes, performing a second verification on the transmitting terminal equipment or the receiving terminal equipment;
and if and only if the second verification passes, enabling the TEE to return the key data to the transmitting end device or the receiving end device.
In particular, the TEE (Trusted Execution Environment ) is a secure area on the mobile device host processor that can guarantee the security, confidentiality, and integrity of code and data loaded inside the environment. The TEE provides an isolated execution environment for the encryption of the short messages, and the keys used by the sending terminal equipment and the receiving terminal equipment in the encryption and decryption processes of the short message communication are stored in the TEE in the main processor of the respective equipment.
When the transmitting end equipment or the receiving end equipment requests the key from the TEE, the first verification is performed on the transmitting end equipment or the receiving end equipment. In this embodiment, the first verification may be authentication signature verification, by presetting a digital signature, and performing signature verification when the originating device or the receiving device requests a key from the TEE, so as to ensure security of a local environment of the originating device or the receiving device.
The first verification may also be a static password, a smart card sms password, a dynamic password or USBKEY7, etc., which will not be described herein.
If the first verification passes, then a second verification is performed on the transmitting end device or the receiving end device, where in this embodiment, the second verification may be to verify, on the cloud server, whether the current state of the transmitting end device or the receiving end device is trusted. The current state of the transmitting end equipment or the receiving end equipment comprises offline, stolen or safe.
If the current state of the transmitting end equipment or the receiving end equipment is safe, namely the current state of the transmitting end equipment or the receiving end equipment is credible, the second verification passes, and the TEE returns key data to the transmitting end equipment or the receiving end equipment so as to further ensure the safety of the local environment of the transmitting end equipment or the receiving end equipment.
The second verification may also be a static password, a smart card sms password, a dynamic password or USBKEY7, etc., which will not be described herein.
In one embodiment, the key comprises a public key and a private key, the public key and the private key are generated in pairs, and if the public key is used for encrypting the data, the data can be decrypted only by using the corresponding private key; if the data is encrypted with a private key, then decryption is only possible with the corresponding public key.
The public key is the identity of the receiving end equipment, and is generated through the identity of the receiving end, and when the identities of the receiving parties are different, the public key is changed.
The private key is correspondingly generated according to the SM9 algorithm according to the public key. The public key is the identity of both communication parties, and then a corresponding private key is generated according to the public key. In this embodiment, the mobile phone numbers of both communication parties are directly selected as the public keys of each other.
Because the mobile phone number is easy to leak, the application uses the public key encryption and private key decryption modes, and the private key is protected by the TEE, so that an illegal molecule cannot obtain the private key to decrypt data after obtaining the mobile phone number, and the security of the key data is increased.
Furthermore, by combining an SM9 algorithm, the algorithm strength is higher, the superiority of the algorithm strength is provided, and the confidentiality is better; the method has great advantages in the aspects of identity authentication, anti-denial, integrity, confidentiality and the like, and effectively enhances the safety of the short message communication process.
In an embodiment, if the current state of the transmitting end device or the receiving end device is offline or stolen, that is, the current state of the transmitting end device or the receiving end device is not trusted, the second verification is not passed, and the public key is changed based on a preset variable.
The agreed variable may be a parameter such as a date or time of transmission, and the public key is changed based on a preset agreed variable. For example, a plurality of different encryption modes are set in the TEE, for example, according to the sending date or time, based on the existing password generating chip, a currently available disposable public key can be obtained, so that after the public key is leaked, illegal molecules continuously request the secret key to the TEE in a short time based on the public key, and the communication system is paralyzed and crumbed, so that the communication system is difficult to normally operate, meanwhile, the authenticity and the credibility of the identities of the two communication parties are ensured, and the safety of short message communication is improved.
In one embodiment, the agreed variable is a date or time of the signaling;
calculating a public key according to the sending date or time, encrypting the identity of the receiving terminal equipment for the first time, and encrypting the short message content for the second time;
and enabling the receiver to select a preset private key corresponding to the calculated public key according to the receiving time or date to decrypt the identity of the receiver device and the short message content respectively.
Specifically, according to the current sending date or time, based on the existing password generating chip, a public key for carrying out primary encryption on the mobile phone number of the receiving end is obtained, so that the mobile phone number of the receiving end is encrypted once based on the obtained public key; then according to the current sending date or time, based on the existing password generating chip, a public key for carrying out secondary encryption on the receiving end mobile phone number is obtained, and the ciphertext is subjected to secondary encryption based on the obtained public key; similarly, the addressee selects a preset private key corresponding to the calculated public key according to the addressee time or date to decrypt the encrypted content twice respectively. Selecting an encryption mode according to the sending date or time, carrying out primary encryption on the mobile phone number at the receiving end, and then carrying out secondary encryption on the ciphertext; the receiving party selects a corresponding decryption mode to perform secondary decryption according to the receiving time or date so as to further improve the security of the key data.
In an embodiment, in the process of sending a short message to a mobile phone B by a mobile phone a, the mobile phone number of the mobile phone B is a public key for encryption, and the public key is stored in a TEE of the mobile phone a and used for encrypting the short message; the private key generated by taking the mobile phone number of the mobile phone B as the public key is stored in the TEE of the mobile phone B and is used for decrypting the short message, and the specific steps for encrypting and decrypting the short message include:
after writing short message data in a short message APP by using a transmitting end device, the short message APP of the transmitting end device sends an encryption request to a TEE of the transmitting end device, and when the authentication signature of the transmitting end device passes verification and the state is reliable, the transmitting end device receives an identity of the receiving end device as a public key;
the short message APP of the transmitting end device encrypts the short message data by using the obtained public key to form the secret state data;
the short message APP of the transmitting end equipment packages the encrypted data to form a ciphertext data packet, and sends the ciphertext data packet to the baseband communication module of the transmitting end equipment, and the baseband communication module modulates the ciphertext data packet to form encrypted short message data in a modulation signal form and sends the encrypted short message data to a short message transmission channel of a telecom operator;
the method comprises the steps that encrypted short message data in a modulated signal form is transmitted to a baseband communication module of receiving terminal equipment through a short message transmission channel of a telecom operator, and the baseband communication module demodulates the encrypted short message data in the modulated signal form and restores the encrypted short message data into a ciphertext data packet and sends the ciphertext data packet to a short message APP of the receiving terminal equipment;
the short message APP of the receiving end equipment unpacks the ciphertext data packet into the ciphertext data;
when a user of the receiving end equipment needs to read the short message, the short message APP of the receiving end equipment sends a decryption request to the TEE of the receiving end equipment, and when the authentication signature of the receiving end equipment passes the verification and the state is reliable, the receiving end equipment receives data returned by the TEE to acquire a private key;
and the short message APP of the receiving end equipment decrypts the encrypted data by using the private key.
In one embodiment, the message APP of the originating device encrypts the message data using the obtained public key to form the encrypted data, and further includes the following steps,
and storing the secret state data in a storage area of the transmitting end equipment.
In one embodiment, the short message APP of the receiving end device unpacks the ciphertext data packet to recover the ciphertext data packet into the ciphertext data, and further comprises the following steps,
and storing the restored secret state data in a storage area of the receiving terminal equipment.
Specifically, the short message APP of the originating terminal equipment sends an encryption request to the TEE, when the authentication signature of the originating terminal equipment passes verification and the state is reliable, a public key of an ID of a short message receiver is obtained, and then the public key and the short message data obtained by the request are encrypted.
The short message APP transmits the encrypted short message data to a corresponding storage area for storage, packages the encrypted short message data and then sends the encrypted short message data to the baseband communication module, and the baseband communication module modulates the encrypted short message and then sends the encrypted short message data to a telecom operator channel. Specifically, firstly, encrypting a short message to form a secret state data, then packaging the secret state data into a ciphertext data packet, and then transmitting the ciphertext data packet to a baseband communication module, wherein the baseband communication module converts the ciphertext data packet into a modulation signal which can be identified by a telecommunication short message transmission channel.
The encrypted short message data is transmitted to a baseband communication module of the receiving terminal equipment through a short message channel of a telecom operator, and the baseband communication module demodulates the encrypted short message data, converts a modulation signal into a ciphertext data packet and then transmits the ciphertext data packet to a short message APP of the receiving terminal equipment.
The short message APP of the receiving end equipment transmits the received encrypted short message data to a corresponding storage area. When the user needs to read the short message, the short message APP of the receiving end equipment sends a decryption request to the TEE, and when the authentication signature of the receiving end equipment passes verification and the state is reliable, the TEE returns a private key according to the request, and the short message APP decrypts the ciphertext by using the private key.
It should be noted that the present application only exemplifies a unidirectional flow of sending a short message from the mobile phone a to the mobile phone B. However, in practical situations, the communication of the short message is often bidirectional, and according to the technical solution of the present application, a person skilled in the art shall certainly realize that: when the mobile phone B is used for sending the short message to the mobile phone A, the mobile phone B is a transmitting end device, and the mobile phone A is a receiving end device; in the process, the mobile phone number of the mobile phone A is a public key for encryption, and the public key is stored in the TEE of the mobile phone B and used for encrypting the short message; and the private key generated by taking the mobile phone number of the mobile phone A as the public key is stored in the TEE of the mobile phone A and is used for decrypting the short message. The data processing and transmission process and so on.
The application uses the secure encryption technology combining SM9 algorithm and trusted execution environment TEE on the basis of normal short message service to encrypt and protect the short message data between the mobile phones, thereby ensuring the security of the short message data. By storing the key in the trusted execution environment TEE, the TEE interface has authorization, and only authorized applications can interact with the TEE storage, other parts of the hardware except the authorized interfaces cannot access the information in the isolated memory; meanwhile, only through the secondary verification, the temporary secret key can be used for completing the encrypted data transmission between the application and the TEE, and the internal data of the TEE can be read and written. Therefore, malicious software or Trojan cannot communicate with the TEE and cannot monitor the communication of the TEE, so that the protection of key data in the TEE is realized, and the security of algorithm keys is improved.
In one embodiment, when the sender device writes the short message data in the short message APP, the method further comprises the following steps,
and setting a dynamic keyboard on the transmitting terminal equipment, starting the dynamic keyboard each time when writing the short message data in the short message APP, and changing the key positions on the keyboard in real time. The dynamic keyboard is self-started when writing the short message data each time, and can change the digital key positions on the keyboard in real time while providing a data input function for a user, so that the peeping screen malicious software is prevented from stealing the short message content, and the peeping screen software is reduced from stealing the short message data content in a screen reading mode.
In one embodiment, the short message APP of the sender device sends an encryption request to the TEE of the sender device, and when the sender device passes verification and the state is trusted, the method further comprises the following steps,
temporarily calculating a private key based on a preset root key pool;
and sending the private key to the receiving terminal equipment.
Specifically, the root key pool temporarily calculates and generates a private key according to an SM9 algorithm by acquiring a public key, and the private key is used for providing the private key required for decrypting the file, so that the security of private key data is further ensured, and the cracking difficulty is increased; at the same time, the storage pressure of the TEE is relieved.
Further, the root key pool obtains the private key through temporary calculation according to a preset calculation function by obtaining the public key. The preset calculation function formula may be f (S ')= [ a×s, b×r1, c×r2], where f (S') is a private key, S is a public key, r1 is a random number generated according to an identity of a receiving end device or an identity of a transmitting end device, r2 is a random number generated by a cloud server, where r1 and r2 may be generated by a random number generator, a is a constant, b is a constant, and c is a constant.
In this embodiment, the calculation function formula is f (S')= [1*S, 0.5×r1,2×r2], that is, the character string with the private key S is spliced, the character string of r1 takes the first half, and then the character string of r2 is spliced and repeated twice in sequence.
For example, assuming that the public key S is 1 dsgjdb 2anwafngsbv4mzc2m71116jafg, r1 is 0231488700, and r2 is 7629411051, f (S')= [1*S, 0.5×r1,2×r2] =
[ 1DSsgJdB2AnWaFNgSbv4MZC2m71116JafG0231476294110517629411051]。
In summary, the method for encrypting and decrypting the short message is used for encrypting and decrypting the short message communication between the transmitting end device and the receiving end device, and the secret key used by the transmitting end device and the receiving end device in the encrypting and decrypting process of the short message communication is stored in the TEE of the main processor of the respective devices, so that the safety, confidentiality and integrity of the data loaded into the TEE are ensured, an isolated execution environment is provided for encrypting and decrypting the short message, and the safety of the short message communication process is greatly improved; when the transmitting end equipment or the receiving end equipment requests a secret key from the TEE, the transmitting end equipment or the receiving end equipment is firstly verified for the first time so as to ensure the safety of the local environment of the transmitting end equipment or the receiving end equipment; if the first verification passes, the second verification is performed on the transmitting end equipment or the receiving end equipment, and if and only if the second verification passes, the TEE is enabled to return key data to the transmitting end equipment or the receiving end equipment, so that the safety of the local environment of the transmitting end equipment or the receiving end equipment is further ensured, further, illegal molecules can be prevented from acquiring user information by monitoring data transmitted by stealing short messages or reading the short message information stored in a local plaintext through malicious apps, trojan horses and the like, potential safety hazards caused by the fact that the short message data are stolen are effectively avoided, and the safety of the short message communication process is enhanced.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
Referring to fig. 2, the embodiment of the application further provides a short message encrypting and decrypting device, where the short message encrypting and decrypting device corresponds to one of the short message encrypting and decrypting methods in the above embodiment. The short message encrypting and decrypting device comprises a short message encrypting and decrypting device,
the storage module is used for storing the secret keys used by the transmitting end equipment and the receiving end equipment in the encryption and decryption processes of the short message communication in the TEEs in the main processors of the respective equipment;
the first verification module is used for carrying out first verification on the transmitting end equipment or the receiving end equipment when the transmitting end equipment or the receiving end equipment requests a secret key from the TEE;
the second verification module is used for carrying out second verification on the transmitting end equipment or the receiving end equipment when the first verification passes;
and the key module is used for enabling the TEE to return key data to the transmitting end equipment or the receiving end equipment when the second verification passes.
The key module further includes a public key unit, a first private key unit, and a second private key unit.
And the public key unit is used for changing the public key based on a preset changeable variable when the second verification fails. The changeable variable is a sending date or time; calculating a public key according to the sending date or time, encrypting the identity of the receiving terminal equipment for the first time, and encrypting the short message content for the second time; and enabling the receiver to select a preset private key corresponding to the calculated public key according to the receiving time or date to decrypt the identity of the receiver device and the short message content respectively.
The first private key unit is used for sending an encryption request to the TEE of the originating terminal equipment by the short message APP of the originating terminal equipment, temporarily calculating a private key based on a preset root key pool when the originating terminal equipment passes the verification twice, and temporarily calculating the root key pool according to an SM9 algorithm by acquiring a public key to generate the private key; and sending the private key to the receiving terminal equipment.
The second private key unit is used for sending an encryption request to the TEE of the transmitting end equipment by the short message APP of the transmitting end equipment, and temporarily calculating a private key according to a preset calculation function by a root key pool through obtaining a public key when the transmitting end equipment passes through twice verification, wherein the expression of the calculation function is f (S ')= [ a x S, b x r1, c x r2], wherein f (S') is the private key, S is the public key, r1 is a random number generated according to the identity of the receiving end equipment or the identity of the transmitting end equipment, r2 is a random number generated by a cloud server, r1 and r2 can be generated by means of a random number generator, a is a constant, b is a constant and c is a constant; and sending the private key to the receiving terminal equipment.
The specific limitation of a short message encrypting and decrypting device can be referred to the limitation of a short message encrypting and decrypting method, and will not be described herein. All or part of each module in the short message encrypting and decrypting device can be realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by the processor to realize any one of the short message encryption and decryption methods.
In one embodiment, a computer readable storage medium is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of when executing the computer program:
storing keys used by the transmitting end equipment and the receiving end equipment in the encryption and decryption processes of the short message communication in TEEs in main processors of the respective equipment;
when the transmitting end equipment or the receiving end equipment requests a key from the TEE, the transmitting end equipment or the receiving end equipment is firstly verified for the first time;
if the first verification passes, performing a second verification on the transmitting terminal equipment or the receiving terminal equipment;
and if and only if the second verification passes, enabling the TEE to return the key data to the transmitting end device or the receiving end device.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the system is divided into different functional units or modules to perform all or part of the above-described functions.

Claims (12)

1. A method for encrypting and decrypting short message is used for encrypting and decrypting short message communication between a transmitting terminal device and a receiving terminal device, and is characterized by comprising the following steps,
storing keys used by the transmitting end equipment and the receiving end equipment in the encryption and decryption processes of the short message communication in TEEs in main processors of the respective equipment;
when the transmitting end equipment or the receiving end equipment requests a key from the TEE, the transmitting end equipment or the receiving end equipment is firstly verified for the first time; the first verification is authentication signature verification;
if the first verification passes, performing a second verification on the transmitting terminal equipment or the receiving terminal equipment; the second verification is to verify whether the current state of the transmitting end equipment or the receiving end equipment is credible or not on the cloud server; the current state of the transmitting end equipment or the receiving end equipment comprises offline, stolen or safe; if the current state of the transmitting end equipment or the receiving end equipment is safe, namely the current state of the transmitting end equipment or the receiving end equipment is credible, the second verification passes; if the current state of the transmitting end equipment or the receiving end equipment is offline or stolen, namely the current state of the transmitting end equipment or the receiving end equipment is not credible, and the second verification is failed;
if and only if the second verification is passed, the TEE is enabled to return the key data to the transmitting end equipment or the receiving end equipment;
the secret key comprises a public key and a private key, wherein the public key is an identity of the receiving terminal equipment, and the private key is correspondingly generated according to the public key and an SM9 algorithm;
when the sending terminal equipment sends a short message to the receiving terminal equipment, the method comprises the following steps,
after writing short message data in a short message APP by using a transmitting end device, the short message APP of the transmitting end device sends an encryption request to a TEE of the transmitting end device, and when the transmitting end device passes verification twice, the transmitting end device receives an identity of the receiving end device as a public key;
the short message APP of the transmitting end device encrypts the short message data by using the obtained public key to form the secret state data;
the short message APP of the transmitting terminal equipment sends an encryption request to the TEE of the transmitting terminal equipment, and when the transmitting terminal equipment passes the verification twice, the method also comprises the following steps,
temporarily calculating a private key based on a preset root key pool;
sending the private key to the receiving terminal equipment;
the step of temporarily calculating the private key based on the preset root key pool includes,
the root key pool temporarily calculates a private key according to a preset calculation function by acquiring the public key, wherein the expression of the calculation function is f (S ')= [ a x S, b x r1, c x r2], wherein f (S') is the private key, S is the public key, r1 is a random number generated according to the identity of the receiving end equipment or the identity of the transmitting end equipment, r2 is a random number generated by a cloud server, a is a constant, b is a constant and c is a constant;
the formula of the calculation function is f (S')= [1*S, 0.5×r1,2×r2], namely, the first half part of the character string spliced r1 with the private key S is taken, and the character string spliced r2 is obtained by repeating the steps twice in sequence.
2. The method for encrypting and decrypting the short message according to claim 1, further comprising the steps of,
and if the second verification is not passed, changing the public key based on a preset changeable variable.
3. The method for encrypting and decrypting a message according to claim 1, wherein when the originating terminal apparatus transmits a message to the terminating terminal apparatus, further comprising the step of,
the short message APP of the transmitting end equipment packages the encrypted data to form a ciphertext data packet, and sends the ciphertext data packet to a baseband communication module of the transmitting end equipment, and the baseband communication module modulates the ciphertext data packet to form encrypted short message data in a modulation signal form and sends the encrypted short message data to a short message transmission channel of a telecom operator;
the encrypted short message data in the form of a modulation signal is transmitted to a baseband communication module of receiving terminal equipment through a short message transmission channel of a telecom operator, and the baseband communication module demodulates the encrypted short message data in the form of the modulation signal and restores the encrypted short message data into a ciphertext data packet and transmits the ciphertext data packet to a short message APP of the receiving terminal equipment;
and the short message APP of the receiving end equipment unpacks the ciphertext data packet and restores the ciphertext data packet into the confidential data.
4. The method for encrypting and decrypting a message according to claim 1, wherein when the originating terminal apparatus transmits a message to the terminating terminal apparatus, further comprising the step of,
when a user of the receiving end equipment needs to read the short message data, the short message APP of the receiving end equipment sends a decryption request to the TEE of the receiving end equipment, and when the receiving end equipment passes the verification twice, the receiving end equipment receives a private key returned by the TEE;
and the short message APP of the receiving end equipment decrypts the encrypted data by using the private key to obtain short message data.
5. The method for encrypting and decrypting the short message according to claim 1, wherein the step of temporarily calculating the private key based on the preset root key pool comprises,
the root key pool temporarily calculates and generates a private key according to an SM9 algorithm by acquiring the public key.
6. The method for encrypting and decrypting the short message according to claim 2, wherein the variable is a transmission date or time;
calculating a public key according to the sending date or time, encrypting the identity of the receiving terminal equipment for the first time, and encrypting the short message content for the second time;
and enabling the receiver to select a preset private key corresponding to the calculated public key according to the receiving time or date to decrypt the identity of the receiver device and the short message content respectively.
7. The method for encrypting and decrypting the short message according to claim 1, wherein when the sending end equipment is used for writing the short message data in the short message APP, the method further comprises the following steps,
and setting a dynamic keyboard on the transmitting terminal equipment, starting the dynamic keyboard each time when writing the short message data in the short message APP, and changing the key positions on the keyboard in real time.
8. The method for encrypting and decrypting short message according to claim 1, wherein the short message APP of the originating terminal device encrypts the short message data by using the obtained public key to form the encrypted data, further comprising the steps of,
and storing the secret state data in a storage area of the transmitting end equipment.
9. The method for encrypting and decrypting short message according to claim 3, wherein the short message APP of the receiving end device unpacks the ciphertext data packet into the encrypted data, further comprising the following steps,
and storing the restored secret state data in a storage area of the receiving terminal equipment.
10. A short message encrypting and decrypting device is characterized by comprising,
the storage module is used for storing the secret keys used by the transmitting end equipment and the receiving end equipment in the encryption and decryption processes of the short message communication in the TEEs in the main processors of the respective equipment;
the first verification module is used for carrying out first verification on the transmitting end equipment or the receiving end equipment when the transmitting end equipment or the receiving end equipment requests a secret key from the TEE; the first verification is authentication signature verification;
the second verification module is used for carrying out second verification on the transmitting end equipment or the receiving end equipment when the first verification passes;
the key module is used for enabling the TEE to return key data to the transmitting end equipment or the receiving end equipment when the second verification is passed;
the key module further comprises a second private key unit; the second verification is to verify whether the current state of the transmitting end equipment or the receiving end equipment is credible or not on the cloud server; the current state of the transmitting end equipment or the receiving end equipment comprises offline, stolen or safe; if the current state of the transmitting end equipment or the receiving end equipment is safe, namely the current state of the transmitting end equipment or the receiving end equipment is credible, the second verification passes; if the current state of the transmitting end equipment or the receiving end equipment is offline or stolen, namely the current state of the transmitting end equipment or the receiving end equipment is not credible, and the second verification is failed;
the second private key unit is used for sending an encryption request to the TEE of the transmitting end equipment by the short message APP of the transmitting end equipment, and temporarily calculating a private key according to a preset calculation function by a root key pool through obtaining a public key when the transmitting end equipment passes through twice verification, wherein the expression of the calculation function is f (S ')= [ a x S, b x r1, c x r2], wherein f (S') is the private key, S is the public key, r1 is a random number generated according to the identity of the receiving end equipment or the identity of the transmitting end equipment, r2 is a random number generated by a cloud server, r1 and r2 can be generated by means of a random number generator, a is a constant, b is a constant and c is a constant; sending the private key to the receiving terminal equipment; the formula of the calculation function is f (S')= [1*S, 0.5×r1,2×r2], namely, the first half part of the character string spliced r1 with the private key S is taken, and the character string spliced r2 is obtained by repeating the steps twice in sequence.
11. A computer device comprising a memory, a processor and a computer program stored on the memory, the processor executing the computer program to perform the steps of the method of any one of claims 1 to 9.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the steps of the method of any one of claims 1 to 9.
CN202210881501.XA 2022-07-26 2022-07-26 Short message encryption and decryption method, device, equipment and storage medium Active CN115119150B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210881501.XA CN115119150B (en) 2022-07-26 2022-07-26 Short message encryption and decryption method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210881501.XA CN115119150B (en) 2022-07-26 2022-07-26 Short message encryption and decryption method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115119150A CN115119150A (en) 2022-09-27
CN115119150B true CN115119150B (en) 2023-10-03

Family

ID=83333693

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210881501.XA Active CN115119150B (en) 2022-07-26 2022-07-26 Short message encryption and decryption method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115119150B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109600725A (en) * 2019-01-04 2019-04-09 广东安创信息科技开发有限公司 A kind of message encryption method based on SM9 algorithm
WO2019072042A1 (en) * 2017-10-10 2019-04-18 中兴通讯股份有限公司 Method and device for preventing message leak

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977379A (en) * 2010-10-28 2011-02-16 中兴通讯股份有限公司 Authentication method and device of mobile terminal
CN110366183B (en) * 2019-08-02 2023-01-24 中国工商银行股份有限公司 Short message safety protection method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019072042A1 (en) * 2017-10-10 2019-04-18 中兴通讯股份有限公司 Method and device for preventing message leak
CN109600725A (en) * 2019-01-04 2019-04-09 广东安创信息科技开发有限公司 A kind of message encryption method based on SM9 algorithm

Also Published As

Publication number Publication date
CN115119150A (en) 2022-09-27

Similar Documents

Publication Publication Date Title
CN111079128B (en) Data processing method and device, electronic equipment and storage medium
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
US20170208049A1 (en) Key agreement method and device for verification information
CN108924147B (en) Communication terminal digital certificate issuing method, server and communication terminal
US8904195B1 (en) Methods and systems for secure communications between client applications and secure elements in mobile devices
CN105553951A (en) Data transmission method and data transmission device
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
CN111294203B (en) Information transmission method
CN102572817A (en) Method and intelligent memory card for realizing mobile communication confidentiality
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN109309566B (en) Authentication method, device, system, equipment and storage medium
CN102082790A (en) Method and device for encryption/decryption of digital signature
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN115065472B (en) Security chip encryption and decryption method and device based on multi-key encryption and decryption
KR20180015667A (en) Method and system for secure SMS communication
CN112003697A (en) Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium
CN101854594A (en) Method and device for transmitting information and method and device for receiving information
CN103916834A (en) Short message encryption method and system allowing user to have exclusive secret key
CN115119150B (en) Short message encryption and decryption method, device, equipment and storage medium
CN111541652B (en) System for improving security of secret information keeping and transmission
CN113810178B (en) Key management method, device, system and storage medium
CN114117471A (en) Confidential data management method, electronic device, storage medium, and program product
CN114500055A (en) Password verification method and device, electronic equipment and storage medium
CN108184230B (en) System and method for realizing encryption of soft SIM
CN114760029A (en) Identity authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant