CN116546500B

CN116546500B - Terminal capability identification method, system, electronic equipment and medium

Info

Publication number: CN116546500B
Application number: CN202310802333.5A
Authority: CN
Inventors: 张�荣; 郭茂文; 黎艳; 胡鹏; 卢燕青
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2023-06-30
Filing date: 2023-06-30
Publication date: 2023-09-22
Anticipated expiration: 2043-06-30
Also published as: CN116546500A

Abstract

The embodiment of the disclosure provides a terminal capability identification method, a terminal capability identification system, electronic equipment and a medium. The method comprises the following steps: in a preset time after the reset of the quantum card, if the quantum card receives the terminal capability identification information and the signature information sent by the terminal, the quantum card verifies the signature information; if the signature information passes verification, the quantum card reports the terminal capacity identification information to a server; if the signature information is not verified, or the terminal capacity identification information and the signature information are not received within a preset time, the quantum card reports the appointed identification information to the server; and the server identifies the terminal as a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the identification information reported by the quantum card. According to the method, the terminal condition is identified through interaction between the quantum card and the server, so that the server can accurately send out the confidential call indication according to the terminal condition.

Description

Terminal capability identification method, system, electronic equipment and medium

Technical Field

The present disclosure relates to the field of communications technologies, and in particular, to a terminal capability identification method, a terminal capability identification system, an electronic device, and a computer-readable storage medium.

Background

In the voice service of the quantum encryption VoLTE (Voice over Long Time Evolution, voice service based on LTE), the cooperation between the customized terminal and the quantum card is required, the server can send a secret talk instruction according to the signing condition, and the customized terminal can call the installed quantum card to obtain the secret key, and then the obtained secret key is used for encrypting the voice call.

When a calling terminal initiates a call request during voice call, a server can know the condition of the calling terminal, namely the server can judge whether the calling terminal is a customized terminal or not, but the server cannot know the condition of a called terminal in time, namely the server cannot judge whether the called terminal is the customized terminal or not, and the situation that a secret call instruction issued by the server by the terminal cannot be processed can occur, so that the calling terminal and the called terminal cannot communicate.

It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.

Disclosure of Invention

The embodiment of the disclosure provides a terminal capability recognition method, a terminal capability recognition system, electronic equipment and a computer readable storage medium, which can recognize the terminal condition through information interaction between a quantum card and a server, and solve the problem that the server cannot know the terminal condition in time.

Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.

According to one aspect of the disclosure, a terminal capability identification method is provided, wherein a quantum card is installed on the terminal, and the quantum card signs a contract with a server for quantum secret words; the method comprises the following steps: in a preset time after the quantum card is reset, if the quantum card receives terminal capability identification information and signature information sent by the terminal, the quantum card verifies the signature information; if the signature information passes verification, the quantum card reports the terminal capacity identification information to the server; if the signature information is not verified, or the terminal capability identification information and the signature information are not received within the preset time, the quantum card reports the appointed identification information to the server; and the server identifies the terminal as a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the identification information reported by the quantum card.

In some embodiments of the present disclosure, the terminal is a secure phone terminal, and the method further includes: the terminal sends a capability identification update request message to the server; the update request message carries serial number information of the terminal; the server generates the terminal capability identification information and the signature information; the server sends the terminal capability identification information, the life cycle of the terminal capability identification information, the serial number information of the terminal and the signature information to the terminal; and the terminal sends the terminal capability identification information and the signature information to the quantum card.

In some embodiments of the present disclosure, the server generating the terminal capability identification information and the signature information includes: the server dynamically generates the terminal capacity identification information; the server splices the terminal capability identification information, the life cycle of the terminal capability identification information and the serial number information of the terminal to obtain spliced information, and encrypts the spliced information by using a private key of the server to generate signature information.

In some embodiments of the present disclosure, the terminal sending a capability identification update request message to the server, including: and after the terminal is started, the quantum card is inserted into the terminal or the terminal capability identification information stored by the terminal reaches a life cycle, the terminal sends the capability identification update request message to the server.

In some embodiments of the present disclosure, if the signature information passes verification, the quantum card reports the terminal capability identification information to the server, including: and if the signature information passes verification, the quantum card encrypts the terminal capability identification information by utilizing the public key of the server, and reports the encrypted terminal capability identification information to the server.

In some embodiments of the present disclosure, if the signature information is not verified, or the terminal capability identification information and the signature information are not received within the preset time, the quantum card reports the specified identification information to the server, including: if the signature information is verified to be not passed, the quantum card encrypts first appointed identification information by using a public key of the server, and reports the encrypted first appointed identification information to the server; and if the terminal capacity identification information and the signature information are not received within the preset time, the quantum card encrypts the second identification information by utilizing the public key of the server, and the encrypted second identification information is reported to the server.

In some embodiments of the present disclosure, the identifying, by the server, the terminal as a trusted encrypted terminal, an untrusted encrypted terminal, or a non-encrypted terminal according to the identification information reported by the quantum card includes: the server decrypts the identification information reported by the quantum card by using the private key of the server to obtain decrypted identification information; if the decrypted identification information is the terminal capability identification information, the server determines that the terminal has the capability of supporting quantum secret telephone, and identifies the terminal as a trusted secret telephone terminal; if the decrypted identification information is the first appointed identification information, the server determines that the terminal has an abnormal condition, and identifies the terminal as an unreliable secret telephone terminal; and if the decrypted identification information is the second appointed identification information, the server determines that the terminal does not have the capability of supporting quantum secret words, and identifies the terminal as a non-secret-word terminal.

In some embodiments of the present disclosure, the terminal includes a calling terminal and a called terminal, a first quantum card is installed on the calling terminal, a second quantum card is installed on the called terminal, and both the first quantum card and the second quantum card sign up with the server for quantum secret calls; wherein the method further comprises: the calling terminal sends a call request to the server; if the server identifies that the calling terminal and the called terminal are both trusted secret telephone terminals, the server issues a secret telephone instruction so that the calling terminal and the called terminal carry out encrypted voice communication; and if the server identifies that the calling terminal and/or the called terminal is a non-secret call terminal, the server forwards the call request to the called terminal so as to enable the calling terminal to carry out voice call with the called terminal.

In some embodiments of the present disclosure, if the server identifies that the calling terminal and the called terminal are both trusted voice terminals, the server issues a voice encryption instruction to enable the calling terminal to perform an encrypted voice call with the called terminal, including: if the server identifies that the calling terminal and the called terminal are both trusted secret telephone terminals, the server inserts the secret telephone indication into the call request to obtain a secret telephone call request, and sends the secret telephone call request to the called terminal; after receiving the secret call request, the called terminal calls the second quantum card to acquire a quantum key, decrypts the secret call request based on the quantum key and responds to the secret call request, generates a first call request response, and sends the first call request response to the server; the server inserts the secret call indication into the first call request response, obtains a secret call request response, and sends the secret call request response to the calling terminal; and after receiving the secret call request response, the calling terminal calls the first quantum card to acquire a quantum key, decrypts and responds the secret call request response based on the quantum key, and performs encrypted voice call with the called terminal.

In some embodiments of the present disclosure, if the server identifies the calling terminal and/or the called terminal as a non-private call terminal, the server forwards the call request to the called terminal, so that the calling terminal performs a voice call with the called terminal, including: if the server identifies the calling terminal and/or the called terminal as a non-secret call terminal, the server forwards the call request to the called terminal; the called terminal responds to the call request, generates a second call request response and sends the second call request response to the calling terminal; and the calling terminal receives the second call request response and performs voice call with the called terminal.

In some embodiments of the present disclosure, the method further comprises: if the server identifies the calling terminal as a non-secret telephone terminal, the server sends a first prompting message to the calling terminal, wherein the first prompting message is used for prompting the calling terminal to be the non-secret telephone terminal; and if the server identifies the called terminal as a non-secret call terminal, the server sends a second prompting message to the called terminal, wherein the second prompting message is used for prompting that the called terminal is the non-secret call terminal.

In some embodiments of the present disclosure, the method further comprises: if the server identifies that the terminal is an unreliable secret telephone terminal, the server sends a third prompting message to the terminal, wherein the third prompting message is used for prompting that the terminal has an abnormality.

According to yet another aspect of the present disclosure, there is provided a terminal capability recognition system, wherein the system includes a terminal and a server, the terminal having a quantum card mounted thereon, the quantum card signing a quantum secret key with the server; wherein, the quantum card is used for: in the preset time after the reset of the quantum card, if the terminal capability identification information and the signature information sent by the terminal are received, verifying the signature information; if the signature information passes verification, reporting the terminal capacity identification information to the server; if the signature information is not verified, or the terminal capability identification information and the signature information are not received within the preset time, reporting the appointed identification information to the server; the server is used for: and identifying the terminal as a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the identification information reported by the quantum card.

According to still another aspect of the present disclosure, there is provided an electronic apparatus including: one or more processors; and a storage device configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the terminal capability identification method as described in the above embodiments.

According to still another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the terminal capability recognition method as described in the above embodiments.

According to the terminal capability identification method provided by the embodiment of the disclosure, when the quantum card receives the terminal capability identification information and the signature information within the preset time after reset, after the signature information is verified to pass, the terminal capability identification information is reported to the server; the quantum card verifies that the signature information does not pass, or the terminal capacity identification information and the signature information cannot be received in a preset time after reset, and the appointed identification information is reported to the server; and the server identifies whether the terminal is a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the received identification information reported by the quantum card. On one hand, the terminal condition is identified through information interaction between the quantum card and the server, so that the problem that the server cannot know the terminal condition in time is solved, and when the terminal performs voice call, the server can accurately send out a secret call instruction according to the terminal condition, so that the problem that the terminal cannot call is solved; on the other hand, the terminal capability identification information or the appointed identification information is reported through the quantum card instead of the terminal, so that the reported identification information is ensured to be safe and reliable, and the terminal capability identification information or the appointed identification information is prevented from being tampered.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure and do not constitute an undue limitation on the disclosure.

Fig. 1 is a flowchart showing that a voice call cannot be made in the case where a called terminal is a normal terminal;

FIG. 2 illustrates a schematic diagram of an exemplary system architecture to which the terminal capability identification method of embodiments of the present disclosure may be applied;

FIG. 3 is a flowchart illustrating a method of terminal capability identification according to an exemplary embodiment;

FIG. 4 is a flowchart illustrating the generation of terminal capability identification information in the case where the terminal is a secure phone terminal, according to an exemplary embodiment;

fig. 5 is a flowchart illustrating a terminal capability recognition method according to still another exemplary embodiment;

FIG. 6 is a flowchart illustrating a method of voice communication, according to an exemplary embodiment;

FIG. 7 is a flowchart illustrating a method of voice communication according to yet another exemplary embodiment;

FIG. 8 is a flowchart illustrating a method of voice communication according to yet another exemplary embodiment;

Fig. 9 shows a block diagram of an electronic device in an embodiment of the disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.

The described features, structures, or characteristics of the disclosure may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present disclosure. However, those skilled in the art will recognize that the aspects of the present disclosure may be practiced with one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.

The drawings are merely schematic illustrations of the present disclosure, in which like reference numerals denote like or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.

The flow diagrams depicted in the figures are exemplary only, and not necessarily all of the elements or steps are included or performed in the order described. For example, some steps may be decomposed, and some steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.

In the description of the present application, "/" means "or" unless otherwise indicated, for example, A/B may mean A or B. "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. Furthermore, "at least one" means one or more, and "a plurality" means two or more. The terms "first," "second," and the like do not limit the amount and order of execution, and the terms "first," "second," and the like do not necessarily differ; the terms "comprising," "including," and "having" are intended to be inclusive and mean that there may be additional elements/components/etc., in addition to the listed elements/components/etc.;

In order that the above-recited objects, features and advantages of the present application can be more clearly understood, a more particular description of the application will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings, it being understood that embodiments of the application and features of the embodiments may be combined with each other without departing from the scope of the appended claims.

Some terms related to the embodiments of the present application will be explained below for easy understanding by those skilled in the art.

VoLTE, which is called Voice over Long Time Evolution in full, is an IP data transmission technology, and the voice service based on LTE is carried on a 4G network without a 2G/3G network, so that the unification of data and voice service under the same network can be realized.

The quantum secret phone, namely the security service for protecting the call by using the quantum information technology, is mainly characterized in that the quantum random number and the quantum key distribution mechanism are fully utilized to generate an authentication key and a call key, and the key has true randomness. When a user initiates a quantum secret call, the call randomly extracts a quantum key in the chip to establish connection with the background and verify identity information, and after authentication, a new key is additionally generated in real time as a session key, the authentication key is separated from the session key, and the session key is discarded after use. Therefore, the end-to-end encryption from the calling party mobile phone to the called party mobile phone can be realized, the voice information of the call cannot obtain the real content even if the voice information is obtained by other people, and the security is high.

The quantum encryption VoLTE voice service, namely VoLTE encryption call service based on quantum information technology, adopts customized mobile phone, quantum security SIM card and national encryption algorithm triple protection, and provides safe secret communication service for users on the basis of guaranteeing original support of terminals and VoLTE high-definition call.

The quantum card, namely the quantum security SIM card, is also called a quantum secret phone subscription card, adopts a high-performance chip, supports quantum encryption, has a mass quantum storage space of more than 4GB, supports one-time secret quantum key distribution negotiation, supports a national secret algorithm, has the performance exceeding 4Mbps, and passes the CC EAL6+ (wherein CC is totally called Common Criteria for Information Technology Security Evaluation information technology security evaluation criterion, EAL is totally called Evaluation Assurance Level, evaluation guarantee level) security authentication.

Customized terminals, also known as secure telephony terminals, i.e. terminals with quantum secure telephony capabilities, can be understood as terminals that can cooperate with quantum cards in quantum encrypted VoLTE voice services. When in voice call, the customized terminal can call the quantum card installed by the customized terminal to acquire the key, and then the acquired key is used for encrypting the voice call.

And a trusted secret telephone terminal, namely a secret telephone terminal without security risk.

An untrusted secure phone terminal, i.e. a secure phone terminal with a security risk.

Non-secret terminals, also known as ordinary terminals, are terminals that do not have quantum secret capabilities. When in voice call, the non-secret phone terminal cannot call the quantum card installed by the non-secret phone terminal to acquire the secret key.

The foregoing has described some of the concepts related to the embodiments of the present application, and the following describes some of the features related to the embodiments of the present application. The following describes example embodiments of the present disclosure in detail with reference to the accompanying drawings.

Fig. 1 shows a flowchart for a case where a called terminal is a normal terminal, which cannot conduct a voice call. The secret telephone terminal A is a calling terminal, and the common terminal B is a called terminal. The secret phone terminal A is provided with the quantum card A, the common terminal B is provided with the quantum card B, and the quantum card A and the quantum card B sign up with the server for quantum secret phones.

Referring to fig. 1, the flow of failing to conduct a voice call in the case where the called terminal is a general terminal may include the following steps.

In step S101, the private call terminal a initiates a call request to the server.

Step S102, the server determines that both sides sign up the quantum secret phone and carries out secret phone indication, namely the server determines that both the quantum card A and the quantum card B sign up the quantum secret phone and inserts the secret phone indication into the call request.

In step S103, the server transmits a call request with an inserted secret indication to the normal terminal B.

In step S104, the ordinary terminal B cannot process the call request with the secret word indication inserted, considers the call request as an ordinary call request, and generates an ordinary call response.

In step S105, the normal terminal B transmits a normal call response to the private call terminal a through the server.

In step S106, the encrypted call terminal a uses the encrypted call response sent by the ordinary terminal B to call the quantum card a to obtain the key, and uses the key to decrypt the ordinary call response.

In step S107, the encrypted call terminal a considers the encrypted call, and the normal call terminal B considers the normal call, so that the encrypted call terminal a and the normal call terminal B cannot make the call.

As can be seen from fig. 1, the secret phone terminal a cannot communicate with the common terminal B, which may cause trouble to the user and reduce the secret phone experience and the call completing rate. In the related art, a terminal key synchronization mechanism can be added to judge whether the two parties of the call receive the key, if the called synchronization information is not received, the two parties enter the common call as no key is received. However, the terminal synchronization can only perform end-to-end communication after the call is connected, and the synchronization process is connected but can not be performed, and the synchronization mechanism is waited for to finish, so that the user experience is poor, and the secret call connection rate is affected when a secret call is initiated to a common terminal (i.e. a non-secret call terminal).

Therefore, when the server performs voice call, the server cannot know the condition of the called terminal in time, that is, the server cannot judge whether the called terminal is a secret call terminal or a non-secret call terminal, and the situation that the terminal cannot process the secret call instruction issued by the server can occur, so that the calling terminal and the called terminal cannot communicate.

In order to solve the above-mentioned problem, the embodiments of the present disclosure provide a technical solution for identifying terminal capability, where the terminal condition is identified through information interaction between a quantum card and a server, that is, whether a terminal at an identification location is a trusted secret call terminal, an untrusted secret call terminal or an untrusted secret call terminal, so that the server can accurately issue a secret call instruction according to the terminal condition, so that a terminal participating in a call can perform a voice call.

In order to enable those skilled in the art to better understand the technical solutions of the present disclosure, the following describes in more detail the technical solutions of terminal capability identification in the exemplary embodiments of the present disclosure with reference to the accompanying drawings and embodiments.

Fig. 2 shows a schematic diagram of an exemplary system architecture to which the terminal capability identification method of the embodiments of the present disclosure may be applied. As shown in fig. 2, the system architecture may include a server 201, a network 202, and a terminal 203. The network 202 is the medium used to provide communication links between the terminals 203 and the server 201. The network 202 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

The server 201 may be a server providing various services, such as a background management server providing support for devices operated by a user with the terminal device 203. The background management server may analyze and process the received data such as the request, and feed back the processing result to the terminal device 203.

The terminal 203 may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a wearable smart device, a virtual reality device, an augmented reality device, etc.

In the embodiment of the disclosure, a quantum card 204 is installed on a terminal 203, the quantum card 204 signs a contract with a server 201, and if the quantum card 204 receives terminal capability identification information and signature information sent by the terminal 203 in a preset time after the quantum card 204 resets, the quantum card 204 verifies the signature information; if the signature information passes verification, the quantum card 204 reports the terminal capability identification information to the server 201; if the signature information is not verified or the terminal capability identification information and the signature information are not received within a preset time, the quantum card 204 reports the appointed identification information to the server 201; the server 201 recognizes that the terminal 203 is a trusted secret terminal, an untrusted secret terminal or a non-secret terminal according to the identification information reported by the quantum card 204.

It should be understood that the number of terminals 203 and servers 201 in fig. 2 is merely illustrative, and that the server 201 may be a server of one entity, may be a server cluster formed by a plurality of servers, may be a cloud server, and may have any number of terminal devices, networks, and servers according to actual needs.

Fig. 3 is a flowchart illustrating a method of terminal capability identification according to an exemplary embodiment. The terminal is provided with a quantum card, and the quantum card signs a contract with the server for quantum secret calls. Referring to fig. 3, the terminal capability recognition method provided by the embodiment of the present disclosure may include the following steps.

Step S301, if the quantum card receives the terminal capability identification information and the signature information sent by the terminal within a preset time after the quantum card is reset, the quantum card verifies the signature information.

The reset of the quantum card can be understood as the reset of the quantum card after the power-on is finished, which is equivalent to the start of the quantum card. For example, when a quantum card is plugged in or powered up again, it may be considered a quantum card reset.

In the step, if the quantum card receives the terminal capability identification information and the signature information sent by the terminal within the preset time after the reset of the quantum card, the quantum card verifies the received signature information.

In an exemplary embodiment, in the case that the terminal is a secret phone terminal, the server may generate terminal capability identification information of the terminal, and the terminal may transmit the terminal capability identification information to a quantum card installed on the terminal after receiving the terminal capability identification information generated by the server.

Fig. 4 is a flowchart illustrating generation of terminal capability identification information in the case where a terminal is a secure phone terminal according to an exemplary embodiment. Referring to fig. 4, in the case where the terminal provided in the embodiment of the present disclosure is a secret phone terminal, the terminal capability identification information may be generated according to the following steps.

Step S401, a terminal sends a capability identification update request message to a server; wherein the update request message carries serial number information of the terminal.

In an exemplary embodiment, after the terminal is powered on, the quantum card is inserted into the terminal or the terminal capability identification information stored by the terminal reaches a life cycle, the terminal sends a capability identification update request message to the server, and the capability identification update request message carries serial number information of the terminal.

Specifically, a terminal capability identification update interface is added between the terminal and the server. After the terminal is started, the quantum card is inserted into the terminal or the terminal capacity identification information stored by the terminal expires, the terminal sends a capacity identification update request message to the server through the terminal capacity identification update interface.

In step S402, the server generates terminal capability identification information and signature information.

In an exemplary embodiment, step S402 may further include: the server dynamically generates terminal capability identification information; the server splices the terminal capability identification information, the life cycle of the terminal capability identification information and the serial number information of the terminal to obtain spliced information, and encrypts the spliced information by using a private key of the server to generate signature information.

The server is provided with a terminal capability identification processing module, and after receiving a capability identification update request message sent by the terminal, the server dynamically generates terminal capability identification information through the terminal capability identification processing module.

The server generates terminal capability identification information according to the serial number information of the terminal through the terminal capability identification processing module. In addition, after the terminal capability identification information is generated, the life cycle of the terminal capability identification information can be set, the terminal capability identification information is valid in the life cycle time, and after the life cycle is exceeded, the terminal capability identification information is invalid.

The server may generate signature information, specifically: splicing the terminal capability identification information, the life cycle of the terminal capability identification information and the terminal serial number information to obtain spliced information; transcoding the spliced information to obtain encoded information, for example, transcoding by utilizing UTF8 (8-bit Unicode Transformation Format); encrypting the encoded information by using an encryption algorithm to generate a hash value, wherein the encryption algorithm can be an SM3 algorithm; and finally, signing the hash value by using a private key of the server to obtain signature information.

In step S403, the server transmits the terminal capability identification information, the life cycle of the terminal capability identification information, the serial number information of the terminal, and the signature information to the terminal.

Specifically, the server may send the terminal capability identification information, the life cycle of the terminal capability identification information, the serial number information of the terminal, and the signature information to the terminal through a terminal capability identification update interface added between the terminal and the server.

In step S404, the terminal sends the terminal capability identification information and the signature information to the sub-card.

Specifically, an interface for transmitting terminal capability information is added between the terminal and the quantum card. After the terminal is started, the quantum card is inserted into the terminal or the terminal capability identification information is updated, the terminal transmits the terminal capability identification information and signature information to the quantum card installed on the terminal through the interface for transmitting the terminal capability information.

In the embodiment of the disclosure, the server increases the function of terminal capability identification processing, if the terminal is a secret phone terminal, after the terminal is started, the quantum card is inserted into the terminal or the terminal capability identification information stored by the terminal reaches the life cycle, the terminal can send a capability identification update request to the server, and the server generates the terminal capability identification information instead of the terminal itself, so that the terminal capability identification information is not easy to counterfeit and falsify. After the terminal acquires the terminal capability identification information and the signature information returned by the server, the terminal capability identification information and the signature information are transmitted to a quantum card installed on the terminal, the subsequent quantum card can verify the signature information, and report the terminal capability identification information according to a verification result instead of reporting the capability identification information by the terminal itself, so that the security and reliability of reporting the terminal capability identification information are ensured, and the terminal capability identification information is prevented from being tampered.

Step S302, if the signature information passes verification, the quantum card reports the terminal capacity identification information to the server.

In the step, if the quantum card passes the verification of the signature information, the quantum card reports the terminal capacity identification information to the server.

In an exemplary embodiment, step S302 may include: if the signature information passes verification, the quantum card encrypts the terminal capability identification information by using a public key of the server, and the encrypted terminal capability identification information is reported to the server.

Specifically, the quantum card encrypts the terminal capability identification information by using the public key of the server stored in the quantum card, and then reports the encrypted terminal capability identification information to the server. Thus, the security of the terminal capability identification information can be ensured.

Step S303, if the signature information is not verified, or the terminal capability identification information and the signature information are not received within a preset time, the quantum card reports the appointed identification information to the server.

In this step, if the quantum card receives the terminal capability identification information and the signature information sent by the terminal, but the signature information is not verified, it indicates that the terminal has a security risk, and in this case, the quantum card reports the specified identification information to the server.

If the quantum card does not receive the terminal capacity identification information within the preset time after reset, the terminal is not provided with the quantum secret call capacity, namely the terminal is a non-secret call terminal, and the quantum card reports the appointed identification information to the server.

In an exemplary embodiment, step S303 may include: if the signature information is verified not to pass, the quantum card encrypts the first appointed identification information by using a public key of the server, and the encrypted first appointed identification information is reported to the server; if the terminal capacity identification information and the signature information are not received within the preset time, the quantum card encrypts the second designated identification information by utilizing the public key of the server, and the encrypted second designated identification information is reported to the server.

Specifically, if the signature information is not verified, the quantum card encrypts the first specified identification information by using the public key of the server stored in the quantum card, and then reports the encrypted first specified identification information to the server. The first specified identification information may be a specified value of 0xAA, and the first specified identification information may also be set to other values, which is not limited in the embodiment of the present disclosure. Therefore, the first appointed identification information can be prevented from being tampered, and the server can also identify the terminal as the terminal with security risk, namely the unreliable secret telephone terminal after receiving the encrypted first appointed identification information.

If the terminal capacity identification information cannot be received within the preset time after the quantum card is reset, the quantum card encrypts the second designated identification information by utilizing the public key of the server stored in the quantum card, and then the encrypted second designated identification information is reported to the server. Wherein the second specified identification information may be a specified value of 0xEE, and the second specified identification information may be set to other values, which the embodiments of the present disclosure do not limit. Therefore, the second appointed identification information can be prevented from being tampered, and the server can also identify that the terminal does not have quantum secret phone capability, namely the non-secret phone terminal, after receiving the encrypted second appointed identification information.

And step S304, the server identifies the terminal as a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the identification information reported by the quantum card.

In the step, the server identifies the terminal as a trusted secret terminal, an untrusted secret terminal or a non-secret terminal according to the terminal capacity identification information reported by the quantum card or the appointed identification information reported by the quantum card.

In an exemplary embodiment, step S304 may include: the server decrypts the identification information reported by the quantum card by using the private key of the server to obtain decrypted identification information; if the decrypted identification information is terminal capacity identification information, the server determines that the terminal has the capacity of supporting quantum secret calls, and recognizes that the terminal is a trusted secret call terminal; if the decrypted identification information is the first appointed identification information, the server determines that the terminal has an abnormal condition, and identifies the terminal as an unreliable secret telephone terminal; if the decrypted identification information is the second appointed identification information, the server determines that the terminal does not have the capability of supporting quantum secret words, and identifies the terminal as a non-secret-word terminal.

Specifically, after receiving the encrypted identification information reported by the quantum card, the server decrypts the encrypted identification information by using the private key to obtain decrypted identification information. If the decrypted identification information is the terminal capacity identification information, determining that the terminal has the capacity of supporting quantum secret calls, and identifying the terminal as a trusted secret call terminal. If the decrypted identification information is the first appointed identification information, determining that the terminal has security risk, and identifying the terminal as an unreliable secret telephone terminal. If the decrypted identification information is the second appointed identification information, determining that the terminal does not have the capability of supporting quantum secret words, and identifying the terminal as a non-secret-word terminal.

Fig. 5 is a flowchart illustrating a terminal capability recognition method according to still another exemplary embodiment. Fig. 5 shows the interaction process between the terminal, the quantum card mounted on the terminal and the server. The terminal is a secret phone terminal, and the quantum card signs a contract with the server.

Referring to fig. 5, the terminal capability recognition method may include the following steps.

In step S501, after the terminal is started, a quantum card is inserted, or the terminal capability identification information reaches a life cycle, the terminal sends a capability identification update request message to the server, where the capability identification update request message carries serial number information of the terminal.

In step S502, the server generates terminal capability identification information and signature information after receiving the capability identification update request message. The server generates signature information according to the terminal capability identification information, the life cycle of the terminal capability identification information and the serial number information of the terminal.

In step S503, the server returns the terminal capability identification information, the life cycle of the terminal capability identification information, the signature information, and the serial number information of the terminal to the terminal.

In step S504, the terminal transmits the terminal capability identification information and the signature information to the sub-card.

Step S505, the quantum card judges whether the terminal capability identification information and the signature information sent by the terminal are received in the preset time after reset, if yes, step S506 is executed, and if not, step 509 is executed;

step S506, the quantum card verifies the signature information, if the signature verification is passed, the step S507 is executed, and if the signature verification is not passed, the step S508 is executed;

in step S507, the quantum card encrypts the terminal capability identification information by using the public key of the server, and reports the encrypted identification information to the server.

In step S508, the quantum card encrypts the first specified identification information by using the public key of the server, and reports the encrypted identification information to the server.

In step S509, the quantum card encrypts the second specified identification information by using the public key of the server, and reports the encrypted identification information to the server.

Step S510, the server decrypts the encrypted identification information reported by the quantum card by using the private key to obtain decrypted identification information, and identifies whether the terminal is a trusted secret telephone terminal or an untrusted secret telephone terminal or a non-secret telephone terminal according to the decrypted identification information.

In step S510, if the decrypted identification information is terminal capability identification information, the server identifies the terminal as a trusted secret key terminal, which indicates that the terminal has quantum secret key capability; if the decrypted identification information is the first appointed identification information, the server identifies the terminal as an unreliable secret telephone terminal, and the security risk of the terminal is indicated; if the decrypted identification information is the second appointed identification information, the server identifies the terminal as a non-secret-speaking terminal, and the terminal is not provided with quantum secret-speaking capability.

In the embodiment shown in fig. 5, the terminal is a secret terminal, and thus the terminal may send a capability identification update request to the server. If a terminal is a non-secret terminal, the terminal does not have the capability of sending a capability identification update request to the server, that is, if the terminal is a non-secret terminal, the server does not generate terminal capability identification information of the terminal, and the terminal does not transmit the terminal capability identification information to a quantum card installed by the terminal.

The foregoing describes the information interaction between the quantum card and the server in the embodiment of the present application, so that the server identifies the terminal situation, that is, the server identifies the terminal as a trusted terminal, an untrusted terminal or a non-trusted terminal, and the following describes in detail the voice communication method under the premise that the server identifies the terminal situation in the embodiment of the present application.

Fig. 6 is a flow chart illustrating a method of voice communication according to an exemplary embodiment. The terminal can comprise a calling terminal and a called terminal, wherein the calling terminal is provided with a first quantum card, the called terminal is provided with a second quantum card, and the first quantum card and the second quantum card sign a quantum secret phone with the server.

Referring to fig. 6, a voice communication method provided by an embodiment of the present disclosure may include the following steps.

In step S601, the calling terminal initiates a call request to the called terminal through the server.

The calling terminal initiates a call request to the called terminal and sends the call request to the server.

In step S602, if the server identifies that the calling terminal and the called terminal are both trusted encrypted voice terminals, the server issues an encrypted voice instruction to enable the calling terminal and the called terminal to perform encrypted voice communication.

In an exemplary embodiment, step S602 further includes: if the server identifies that the calling terminal and the called terminal are both trusted secret telephone terminals, the server inserts a secret telephone instruction in the call request to obtain a secret telephone call request, and sends the secret telephone call request to the called terminal; after receiving the secret call request, the called terminal calls a second quantum card to acquire a quantum key, decrypts the secret call request based on the quantum key and responds to the secret call request, generates a first call request response, and sends the first call request response to the server; the server inserts a secret call instruction into the first call request response, obtains a secret call request response, and sends the secret call request response to the calling terminal; after receiving the secret call request response, the calling terminal calls the first quantum card to acquire a quantum key, decrypts and responds the secret call request response based on the quantum key, and performs encrypted voice call with the called terminal.

The calling terminal and the first quantum card installed on the calling terminal can interact with the server according to the method shown in fig. 5, the first quantum card can report encrypted terminal capacity identification information to the server, and the server can identify that the calling terminal is a trusted secret telephone terminal. And the called terminal, the second quantum card installed on the called terminal and the server can interact according to the method shown in fig. 5, the second quantum card can report encrypted terminal capacity identification information to the server, and the server can identify that the called terminal is a trusted secret telephone terminal.

After the server identifies that the calling terminal and the called terminal are both trusted secret telephone terminals, a secret telephone instruction is inserted into a call request sent by the calling terminal to obtain a secret telephone call request, and then the secret telephone call request is forwarded to the called terminal. After receiving the secret call request, the called terminal calls a second quantum card to acquire a quantum key to decrypt the secret call request, then responds to the call request, generates a call request response, and sends the call request response to the server. After receiving the call request response, the server inserts a secret call instruction to obtain a secret call request response, and then forwards the secret call request response to the calling terminal. After receiving the secret call request response, the calling terminal calls the first quantum card to acquire the quantum key for decryption, so that a call channel between the calling terminal and the called terminal is established, and the calling terminal and the called terminal can carry out encrypted voice call.

In step S603, if the server identifies the calling terminal and/or the called terminal as a non-private call terminal, the server forwards the call request to the called terminal, so that the calling terminal and the called terminal perform a voice call.

In an exemplary embodiment, step S603 further includes: if the server identifies the calling terminal and/or the called terminal as non-secret call terminals, the server forwards the call request to the called terminal; the called terminal responds to the call request, generates a second call request response, and sends the second call request response to the calling terminal; the calling terminal receives the second call request response and performs voice call with the called terminal.

The calling terminal and the first quantum card installed on the calling terminal can interact with the server according to the method shown in fig. 5, and if the first quantum card reports the encrypted second designated identification information to the server, the server can identify that the calling terminal is a non-secret call terminal. And the called terminal, the second quantum card installed on the called terminal and the server can interact according to the method shown in fig. 5, if the second quantum card reports the encrypted second designated identification information to the server, the server can identify that the called terminal is a non-secret call terminal.

If the server identifies that one or more of the calling terminal and the called terminal are non-secret call terminals, the server directly forwards the call request sent by the calling terminal to the called terminal without issuing secret call instructions, so that the calling terminal and the called terminal perform common voice call.

It should be noted that, since the calling terminal may send a call request to the server, the server may also determine whether the calling terminal is a non-private call terminal according to the call request sent by the calling terminal.

In an exemplary embodiment, if the server identifies that the calling terminal is a non-private call terminal, the server sends a first prompting message to the calling terminal, where the first prompting message is used to prompt that the calling terminal is the non-private call terminal; if the server identifies the called terminal as a non-secret call terminal, the server sends a second prompting message to the called terminal, wherein the second prompting message is used for prompting the called terminal to be the non-secret call terminal.

If the server identifies the calling terminal as a non-private call terminal, the server may send a first prompting message to the calling terminal for prompting the calling terminal user (i.e., the user using the calling terminal) that the terminal it uses is a non-private call terminal. And if the server recognizes that the called terminal is a non-confidential terminal, the server may send a second prompting message to the called terminal for prompting the user of the called terminal (i.e., the user who uses the called terminal) that the terminal that it uses is a non-confidential terminal.

In an exemplary embodiment, if the server identifies that the terminal is an untrusted secret terminal, the server sends a third prompting message to the terminal, where the third prompting message is used to prompt that the terminal has an anomaly.

If the server recognizes the terminal as an untrusted secure phone terminal, the server may send a third alert message to the terminal for alerting the terminal user (i.e., the user using the terminal) that there is a security risk for the terminal it uses.

In an exemplary embodiment, if the untrusted secure call terminal is a calling terminal or a called terminal, that is, the untrusted secure call terminal performs a voice call, the server may not issue a secure call instruction so that the untrusted secure call terminal performs a normal call. Also, the server may send a prompt message to other terminals communicating with the untrusted terminal to prompt other terminal users (i.e., users using other terminals) for security risks associated with the terminal communicating with it. For example, the terminal C initiates a voice call to the terminal D through the server, the server identifies the terminal C as an untrusted encrypted call terminal, and the terminal D as an trusted encrypted call terminal, so that the server does not issue an encrypted call instruction, so that the terminal C and the terminal D perform a normal call. And, the server sends a prompt message to the terminal D, which is used for prompting the terminal D that the user has security risk with the terminal C communicating with the terminal D.

In an exemplary embodiment, if the untrusted secure phone terminal is a calling terminal or a called terminal, that is, the untrusted secure phone terminal performs a voice call, the server may refuse to forward the call request so that the untrusted secure phone terminal cannot perform the call. For example, the terminal C initiates a call request to the terminal D through the server, the server recognizes that the terminal C is an untrusted secret call terminal, and then the server sends a message for rejecting the call request to the terminal C. And, the server may send a prompt message to the terminal D for prompting the terminal C user (i.e., the user using the terminal C) to request to make a call, but the terminal C is not connected because of the security risk.

Fig. 7 is a flowchart illustrating a voice communication method according to yet another exemplary embodiment. The calling terminal and the called terminal are both trusted secret phones, the calling terminal is provided with a first quantum card, the called terminal is provided with a second quantum card, and the first quantum card and the second quantum card sign a contract with the server for the secret phones.

Referring to fig. 7, the voice communication method of the embodiment of the present disclosure may specifically include the following steps.

In step S701, the calling terminal sends a call request to the server.

In step S702, the server detects that both the calling terminal and the called terminal sign up for the quantum secret key. That is, the server detects the first quantum card signed quantum secret word installed on the calling terminal and the second quantum card signed quantum secret word installed on the called terminal.

In step S703, the server detects that both the calling terminal and the called terminal are trusted secret terminals.

In step S704, when both the calling and called terminals sign up for the quantum secret call and both the calling and called terminals are trusted secret call terminals, the server marks the call as secret call, inserts a secret call instruction into the call request, and obtains a secret call request.

Step S705, the server sends a request for a private call to the called terminal.

Step S706, after receiving the secret call request, the called terminal calls the second quantum card to acquire the quantum key for decryption so as to acquire the call request, and responds to the call request to generate a call request response.

In step S707, the called terminal sends a call request response to the server.

In step S708, the server inserts a secret call instruction into the call request response, and obtains a secret call request response.

In step S709, the server transmits a request response for the encrypted call to the calling terminal.

Step S710, after receiving the secret call request response, the calling terminal calls the first quantum card to acquire the quantum key for decryption, and the call request response is acquired.

In step S711, the calling terminal and the called terminal communicate with each other, and the encrypted voice communication is performed.

In the embodiment of the disclosure, when the server detects that both the calling terminal and the called terminal sign up for the quantum secret call and that both the calling terminal and the called terminal are trusted secret call terminals, the server may insert a secret call instruction in a call request initiated by the calling terminal and a call request response returned by the called terminal, so that the calling terminal and the called terminal perform encrypted voice call.

Fig. 8 is a flowchart illustrating a voice communication method according to yet another exemplary embodiment. The calling terminal is a trusted secret phone terminal, the called terminal is a non-secret phone terminal, the calling terminal is provided with a first quantum card, the called terminal is provided with a second quantum card, and the first quantum card and the second quantum card sign a contract with the server for the secret phone.

Referring to fig. 8, the voice communication method of the embodiment of the present disclosure may specifically include the following steps.

In step S801, the calling terminal transmits a call request to the server.

Step S802, the server detects that the calling terminal and the called terminal sign up quantum secret keys. That is, the server detects the first quantum card signed quantum secret word installed on the calling terminal and the second quantum card signed quantum secret word installed on the called terminal.

In step S803, the server detects that the calling terminal is a trusted encrypted terminal and the called terminal is a non-encrypted terminal.

In step S804, when the server detects that the calling terminal signs a subscription to the quantum secret call, the calling terminal is a trusted secret call terminal, and the called terminal is a non-secret call terminal, the server determines not to issue a secret call instruction, and sends a prompt message to the called terminal to prompt the called terminal user that the terminal used by the called terminal user is the non-secret call terminal.

In step S805, the server transmits a call request to the called terminal.

In step S806, the called terminal generates a call request response after receiving the call request.

Step S807, the called terminal transmits a call request response to the calling terminal.

Step S808, the calling terminal receives the call request response, and the call between the calling terminal and the called terminal is connected to perform the common voice call.

In the embodiment of the disclosure, when the server detects that both the calling terminal and the called terminal sign up for the quantum secret call and the calling terminal and/or the called terminal are/is a non-secret call terminal, the server can determine that the secret call instruction is not issued, and directly forward the call request initiated by the calling terminal to the called terminal, so that the calling terminal and the called terminal perform the common voice call.

In the embodiment of the disclosure, when a terminal performs voice call, the server performs different treatments according to the identified terminal conditions, and when all terminals participating in the call are trusted secret-call terminals, the server issues a secret-call instruction so that the terminals participating in the call perform encrypted voice call; under the condition that a non-secret-call terminal exists in the terminals participating in the call, the server determines not to issue a secret-call instruction, so that the terminals participating in the call can perform ordinary voice call, and the server can send a prompting message to the non-secret-call terminal for prompting the non-secret-call terminal user that the used terminal is the non-secret-call terminal.

In addition, if the server identifies that an unreliable secret call terminal exists in the terminals participating in the call, the server can determine that secret call instructions are not issued, so that the terminals participating in the call can perform ordinary voice call, and the server can send a prompt message to the unreliable secret call terminal for prompting that the security risk exists in the terminals used by the user of the unreliable secret call terminal; or, if the server identifies that there is an unreliable secret call terminal in the terminals participating in the call, the server may refuse to forward the call request, so that the terminals participating in the call cannot make the voice call, and the server may send the reason of refusing the call to the terminal users participating in the call is that the terminals used by the users have security risks.

Based on the same inventive concept, the embodiment of the disclosure also provides a terminal capability recognition system.

In the embodiment of the disclosure, the terminal capability recognition system comprises a terminal and a server, wherein a quantum card is installed on the terminal, and the quantum card signs a contract with the server for quantum secret words.

Among other things, quantum cards can be used to: in the preset time after the reset of the quantum card, if the terminal capability identification information and the signature information sent by the terminal are received, verifying the signature information; if the signature information passes verification, reporting the terminal capacity identification information to a server; if the signature information is not verified, or the terminal capability identification information and the signature information are not received within a preset time, the appointed identification information is reported to the server. The server may be configured to: and identifying the terminal as a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the identification information reported by the quantum card.

In an exemplary embodiment, the terminal may include a calling terminal and a called terminal, where the calling terminal is provided with a first quantum card, and the called terminal is provided with a second quantum card, where the first quantum card and the second quantum card sign up with the server for quantum secret words.

Wherein, the calling terminal can be used for: and sending a call request to the server. The server may be configured to: if the server identifies that the calling terminal and the called terminal are both trusted secret telephone terminals, issuing a secret telephone instruction so as to enable the calling terminal and the called terminal to carry out encrypted voice communication; and if the server identifies the calling terminal and/or the called terminal as a non-secret call terminal, forwarding a call request to the called terminal so as to enable the calling terminal to carry out voice call with the called terminal.

Since the principle of the above-mentioned terminal capability recognition system for solving the problem is similar to that of the above-mentioned method embodiment, the implementation of the terminal capability recognition system can be referred to the implementation of the above-mentioned method embodiment, and the repetition is omitted.

Fig. 9 shows a block diagram of an electronic device in an embodiment of the disclosure. An electronic device 900 according to such an embodiment of the invention is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.

As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one storage unit 920, a bus 930 connecting the different system components (including the storage unit 920 and the processing unit 910), and a display unit 940.

Wherein the storage unit stores program code that is executable by the processing unit 910 such that the processing unit 910 performs steps according to various exemplary embodiments of the present invention described in the above-described "exemplary methods" section of the present specification.

The storage unit 920 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 9201 and/or cache memory 9202, and may further include Read Only Memory (ROM) 9203.

The storage unit 920 may also include a program/utility 9204 having a set (at least one) of program modules 9205, such program modules 9205 include, but are not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

The bus 930 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 900 may also communicate with one or more external devices (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 900, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 900 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 950. Also, electronic device 900 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 960. As shown, the network adapter 960 communicates with other modules of the electronic device 900 over the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 900, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.

In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the invention as described in the "exemplary methods" section of this specification, when said program product is run on the terminal device.

A program product for implementing the above-described method according to an embodiment of the present invention may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims

1. The terminal capability identification method is characterized in that a quantum card is installed on the terminal, and the quantum card signs a contract with a server for quantum secret words;

the method comprises the following steps:

in a preset time after the quantum card is reset, if the quantum card receives terminal capability identification information and signature information sent by the terminal, the quantum card verifies the signature information;

If the signature information passes verification, the quantum card reports the terminal capacity identification information to the server;

if the signature information is not verified, or the terminal capability identification information and the signature information are not received within the preset time, the quantum card reports the appointed identification information to the server;

and the server identifies the terminal as a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the identification information reported by the quantum card.

2. The method of claim 1, wherein the terminal is a secure phone terminal, the method further comprising:

the terminal sends a capability identification update request message to the server; the update request message carries serial number information of the terminal;

the server generates the terminal capability identification information and the signature information;

the server sends the terminal capability identification information, the life cycle of the terminal capability identification information, the serial number information of the terminal and the signature information to the terminal;

and the terminal sends the terminal capability identification information and the signature information to the quantum card.

3. The method of claim 2, wherein the server generating the terminal capability identification information and the signature information comprises:

the server dynamically generates the terminal capacity identification information;

the server splices the terminal capability identification information, the life cycle of the terminal capability identification information and the serial number information of the terminal to obtain spliced information, and encrypts the spliced information by using a private key of the server to generate signature information.

4. The method of claim 2, wherein the terminal sending a capability identification update request message to the server comprises:

and after the terminal is started, the quantum card is inserted into the terminal or the terminal capability identification information stored by the terminal reaches a life cycle, the terminal sends the capability identification update request message to the server.

5. The method according to claim 1, wherein if the signature information is verified, the quantum card reports the terminal capability identification information to the server, including:

and if the signature information passes verification, the quantum card encrypts the terminal capability identification information by utilizing the public key of the server, and reports the encrypted terminal capability identification information to the server.

6. The method according to claim 5, wherein the quantum card reports specified identification information to the server if the signature information is not verified or the terminal capability identification information and the signature information are not received within the preset time, comprising:

if the signature information is verified to be not passed, the quantum card encrypts first appointed identification information by using a public key of the server, and reports the encrypted first appointed identification information to the server;

and if the terminal capacity identification information and the signature information are not received within the preset time, the quantum card encrypts the second identification information by utilizing the public key of the server, and the encrypted second identification information is reported to the server.

7. The method of claim 6, wherein the server identifies the terminal as a trusted encrypted terminal, an untrusted encrypted terminal, or a non-encrypted terminal according to the identification information reported by the quantum card, comprising:

the server decrypts the identification information reported by the quantum card by using the private key of the server to obtain decrypted identification information;

If the decrypted identification information is the terminal capability identification information, the server determines that the terminal has the capability of supporting quantum secret telephone, and identifies the terminal as a trusted secret telephone terminal;

if the decrypted identification information is the first appointed identification information, the server determines that the terminal has an abnormal condition, and identifies the terminal as an unreliable secret telephone terminal;

and if the decrypted identification information is the second appointed identification information, the server determines that the terminal does not have the capability of supporting quantum secret words, and identifies the terminal as a non-secret-word terminal.

8. The method of claim 1, wherein the terminal comprises a calling terminal and a called terminal, a first quantum card is installed on the calling terminal, a second quantum card is installed on the called terminal, and the first quantum card and the second quantum card sign up quantum secret words with the server;

wherein the method further comprises:

the calling terminal sends a call request to the server;

if the server identifies that the calling terminal and the called terminal are both trusted secret telephone terminals, the server issues a secret telephone instruction so that the calling terminal and the called terminal carry out encrypted voice communication;

And if the server identifies that the calling terminal and/or the called terminal is a non-secret call terminal, the server forwards the call request to the called terminal so as to enable the calling terminal to carry out voice call with the called terminal.

9. The method according to claim 8, wherein if the server identifies that the calling terminal and the called terminal are both trusted encrypted voice terminals, the server issues an encrypted voice instruction to enable the calling terminal to make an encrypted voice call with the called terminal, comprising:

if the server identifies that the calling terminal and the called terminal are both trusted secret telephone terminals, the server inserts the secret telephone indication into the call request to obtain a secret telephone call request, and sends the secret telephone call request to the called terminal;

after receiving the secret call request, the called terminal calls the second quantum card to acquire a quantum key, decrypts the secret call request based on the quantum key and responds to the secret call request, generates a first call request response, and sends the first call request response to the server;

the server inserts the secret call indication into the first call request response, obtains a secret call request response, and sends the secret call request response to the calling terminal;

And after receiving the secret call request response, the calling terminal calls the first quantum card to acquire a quantum key, decrypts and responds the secret call request response based on the quantum key, and performs encrypted voice call with the called terminal.

10. The method according to claim 8, wherein if the server identifies the calling terminal and/or the called terminal as a non-private call terminal, the server forwards the call request to the called terminal to cause the calling terminal to conduct a voice call with the called terminal, comprising:

if the server identifies the calling terminal and/or the called terminal as a non-secret call terminal, the server forwards the call request to the called terminal;

the called terminal responds to the call request, generates a second call request response and sends the second call request response to the calling terminal;

and the calling terminal receives the second call request response and performs voice call with the called terminal.

11. The method according to claim 10, wherein the method further comprises:

If the server identifies the calling terminal as a non-secret telephone terminal, the server sends a first prompting message to the calling terminal, wherein the first prompting message is used for prompting the calling terminal to be the non-secret telephone terminal;

and if the server identifies the called terminal as a non-secret call terminal, the server sends a second prompting message to the called terminal, wherein the second prompting message is used for prompting that the called terminal is the non-secret call terminal.

12. The method according to claim 1, wherein the method further comprises:

if the server identifies that the terminal is an unreliable secret telephone terminal, the server sends a third prompting message to the terminal, wherein the third prompting message is used for prompting that the terminal has an abnormality.

13. The terminal capability recognition system is characterized by comprising a terminal and a server, wherein a quantum card is installed on the terminal, and the quantum card signs a contract with the server for quantum secret words; wherein, the liquid crystal display device comprises a liquid crystal display device,

the quantum card is used for: in the preset time after the reset of the quantum card, if the terminal capability identification information and the signature information sent by the terminal are received, verifying the signature information; if the signature information passes verification, reporting the terminal capacity identification information to the server; if the signature information is not verified, or the terminal capability identification information and the signature information are not received within the preset time, reporting the appointed identification information to the server;

The server is used for: and identifying the terminal as a trusted secret telephone terminal, an untrusted secret telephone terminal or a non-secret telephone terminal according to the identification information reported by the quantum card.

14. An electronic device, comprising:

one or more processors;

storage means configured to store one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 12.

15. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method of any one of claims 1 to 12.