CN116709227A - Encryption call method, key management platform, equipment and medium - Google Patents

Encryption call method, key management platform, equipment and medium Download PDF

Info

Publication number
CN116709227A
CN116709227A CN202310854404.6A CN202310854404A CN116709227A CN 116709227 A CN116709227 A CN 116709227A CN 202310854404 A CN202310854404 A CN 202310854404A CN 116709227 A CN116709227 A CN 116709227A
Authority
CN
China
Prior art keywords
key
terminal
calling terminal
calling
called terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310854404.6A
Other languages
Chinese (zh)
Inventor
黎艳
张�荣
郭茂文
刘大方
卢燕青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Original Assignee
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Technology Innovation Center, China Telecom Corp Ltd filed Critical China Telecom Technology Innovation Center
Priority to CN202310854404.6A priority Critical patent/CN116709227A/en
Publication of CN116709227A publication Critical patent/CN116709227A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/16Communication-related supplementary services, e.g. call-transfer or call-hold
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The disclosure provides an encryption communication method, a key management platform, electronic equipment and a computer readable storage medium, and relates to the technical field of encryption communication. The method comprises the following steps: receiving a calling request authentication sent by a calling terminal, wherein the calling request authentication comprises a calling terminal number, a called terminal number and an authentication parameter; authenticating the calling terminal according to the calling request authentication; after the authentication of the calling terminal passes, generating an encrypted session identifier associated with the calling terminal and the called terminal; obtaining a first key of the called terminal and a sequence number of the first key through inquiry; and sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted communication. The method provided by the embodiment of the disclosure can ensure that the calling terminal realizes normal encrypted call.

Description

Encryption call method, key management platform, equipment and medium
Technical Field
The present disclosure relates to the field of encrypted communication technologies, and in particular, to an encrypted communication method, a key management platform, an electronic device, and a computer readable storage medium.
Background
At present, when a large-capacity key fob is used for encrypted call, a session key is usually generated through a key management platform and issued to a call terminal, but the following problems exist in the key negotiation process: when one party fails to acquire the session key, the call data encrypted by the opposite terminal cannot be decrypted normally, so that the call cannot be carried out normally; the key negotiation state of both sides needs to be synchronized before encryption communication, and the network side and the terminal side need to be added with corresponding judgment logic; if the user answers in advance, the key negotiation synchronization process is interrupted, and normal communication is influenced; if the user answers and then synchronizes the key negotiation state, invalid call is generated for a period of time, and the two parties of the call can not normally transmit call data before the synchronization is not completed.
Disclosure of Invention
The embodiment of the disclosure provides an encryption call method, a key management platform, electronic equipment and a computer readable storage medium, relates to the technical field of encryption call, and can realize normal encryption call of a terminal.
The embodiment of the disclosure provides an encryption call method, which is applied to a key management platform and comprises the following steps: receiving a calling request authentication sent by a calling terminal, wherein the calling request authentication comprises a calling terminal number, a called terminal number and an authentication parameter; authenticating the calling terminal according to the calling request authentication; after the authentication of the calling terminal passes, generating an encrypted session identifier associated with the calling terminal and the called terminal; obtaining a first key of the called terminal and a sequence number of the first key through inquiry; and sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted communication.
In one embodiment, obtaining the first key of the called terminal and the sequence number of the first key by querying includes: inquiring a database of a key management platform to obtain a first key of the called terminal and a serial number of the first key; wherein the database of the key management platform comprises keys of key fobs of all terminals.
In one embodiment, sending the encrypted session identifier, the first key, and the sequence number of the first key to the calling terminal, so that the calling terminal uses the first key to make an encrypted call includes: and sending the encrypted session identifier, the first key and the sequence number of the first key to the calling terminal so that the calling terminal encrypts a real-time transmission protocol (RTP) data packet to be sent by using the first key, and sending the encrypted RTP stream to the called terminal by expanding an RTP message header to carry the key sequence number corresponding to the first key.
In one embodiment, the method further comprises: receiving a called request authentication sent by the called terminal, wherein the called request authentication comprises a calling terminal number, a called terminal number and an authentication parameter; authenticating the called terminal according to the called request authentication; after the authentication of the called terminal passes, reading the encrypted session identifier and obtaining a second key of the calling terminal and a sequence number of the second key through inquiry; and sending the encrypted session identifier, the second key and the serial number of the second key to the called terminal so that the called terminal uses the second key to carry out encrypted communication.
In one embodiment, obtaining the second key of the calling terminal and the sequence number of the second key by querying includes: inquiring a database of the key management platform to obtain a second key of the calling terminal and a serial number of the second key; wherein the database of the key management platform comprises keys of key fobs of all terminals.
In one embodiment, sending the encrypted session identifier, the second key, and the sequence number of the second key to the called terminal, so that the called terminal uses the second key to make an encrypted call includes: and sending the encrypted session identifier, the second key and the sequence number of the second key to the called terminal so that the called terminal encrypts an RTP data packet to be sent by using the second key, and sending the encrypted RTP stream to the calling terminal by expanding an RTP message header to carry the key sequence number corresponding to the second key.
In one embodiment, the method further comprises: and when the called terminal answers in advance and the second secret key is not received, the called terminal does not encrypt the RTP data packet to be sent, and directly sends an unencrypted RTP data stream to the calling terminal.
The embodiment of the disclosure provides a key management platform, which comprises: the receiving unit is used for receiving a calling request authentication sent by a calling terminal, wherein the calling request authentication comprises a calling terminal number, a called terminal number and an authentication parameter; an authentication unit, configured to authenticate the calling terminal according to the caller request authentication; the generation unit is used for generating encryption session identifications associated with the calling terminal and the called terminal after the authentication of the calling terminal is passed; the inquiring unit is used for obtaining the first key of the called terminal and the serial number of the first key through inquiring; and the sending unit is used for sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted communication.
The embodiment of the disclosure provides an electronic device, comprising: one or more processors;
a storage device configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the method of any of the above embodiments.
Embodiments of the present disclosure provide a computer readable storage medium storing a computer program which, when executed by a processor, implements a method as in any of the above embodiments.
The encryption call method of the application is characterized in that the authentication and authentication of a calling request sent by a calling terminal are received, wherein the authentication and authentication of the calling request comprises a calling terminal number, a called terminal number and an authentication parameter; authenticating the calling terminal according to the calling request authentication; after the authentication of the calling terminal passes, generating an encrypted session identifier associated with the calling terminal and the called terminal; obtaining a first key of the called terminal and a sequence number of the first key through inquiry; and sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted call, thereby ensuring that the calling terminal can realize normal encrypted call.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 is a flowchart of an encrypted call method provided in an embodiment of the present disclosure;
fig. 2 is a flowchart of an encrypted call method provided by an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an encrypted communication method according to an embodiment of the present disclosure;
fig. 4 is a flow chart of an encrypted call method according to an embodiment of the present disclosure;
fig. 5 is a flow chart of an encrypted call method according to an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of a key management platform according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without inventive effort, based on the embodiments in this disclosure are intended to be within the scope of this disclosure.
The following basic knowledge of the present disclosure is described below:
the key fob, java card or TF card with larger capacity can realize encryption session by injecting a large number of keys (such as 10w+) into the card; each terminal has a key fob, which may be integrated with a cell phone card or may be separately mounted to the terminal.
In the application, the calling terminal and the called terminal are provided with the key card, and the key card is provided with a plurality of keys which can be used for authenticating a key management platform and encrypting call data.
Fig. 1 is a flowchart of an encrypted call method according to an embodiment of the present disclosure, where the encrypted call method is applied to a key management platform. The method provided by the embodiment of the disclosure can be executed by any computer terminal or server with computing capability, or the terminal and the server can be interactively executed.
As shown in fig. 1, the method for encrypting a call provided in the embodiment of the present disclosure may include the following steps.
In step S110, a caller request authentication sent by a caller terminal is received, where the caller request authentication includes a caller terminal number, a called terminal number, and an authentication parameter.
In the step, a key management platform of a terminal or a server receives a calling request authentication sent by a calling terminal, wherein the calling request authentication comprises a calling terminal number, a called terminal number and an authentication parameter. Wherein the authentication parameter may be a key in the calling terminal key fob.
In step S120, the calling terminal is authenticated according to the caller request authentication.
In this step, the key management platform of the terminal or server authenticates the calling terminal according to the caller request authentication.
In step S130, after the caller terminal authentication is passed, encrypted session identifiers associated with the caller terminal and the callee terminal are generated.
In this step, the key management platform of the terminal or server generates encrypted session identifications associated with the calling terminal and the called terminal after the authentication of the calling terminal is passed. The encrypted session identifier is used for indicating the calling terminal and the called terminal to talk.
In step S140, the first key of the called terminal and the serial number of the first key are obtained by querying.
In the step, a key management platform of the terminal or the server obtains a first key of the called terminal and a serial number of the first key through inquiry.
In one embodiment, obtaining the first key of the called terminal and the sequence number of the first key by querying includes: inquiring a database of a key management platform to obtain a first key of the called terminal and a serial number of the first key; wherein the database of the key management platform comprises keys of key fobs of all terminals. The first key is any one key of a key fob of the called terminal.
In step S150, the encrypted session identifier, the first key, and the serial number of the first key are sent to the calling terminal, so that the calling terminal uses the first key to perform encrypted call.
In this step, the terminal or the key management platform of the server sends the encrypted session identifier, the first key and the serial number of the first key to the calling terminal, so that the calling terminal uses the first key to perform encrypted call.
In one embodiment, sending the encrypted session identifier, the first key, and the sequence number of the first key to the calling terminal, so that the calling terminal uses the first key to make an encrypted call includes: and sending the encrypted session identifier, the first key and the sequence number of the first key to the calling terminal so that the calling terminal encrypts a real-time transmission protocol (RTP) data packet to be sent by using the first key, and sending the encrypted RTP stream to the called terminal by expanding an RTP message header to carry the key sequence number corresponding to the first key.
The encrypted communication method of fig. 1 includes receiving a caller request authentication sent by a caller terminal, wherein the caller request authentication includes a caller terminal number, a called terminal number and an authentication parameter; authenticating the calling terminal according to the calling request authentication; after the authentication of the calling terminal passes, generating an encrypted session identifier associated with the calling terminal and the called terminal; obtaining a first key of the called terminal and a sequence number of the first key through inquiry; and sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted call, thereby ensuring that the calling terminal can realize normal encrypted call.
Fig. 2 is a flowchart of an encrypted call method according to an embodiment of the present disclosure, where the encrypted call method is applied to a key management platform. The method provided by the embodiment of the disclosure can be executed by any computer terminal or server with computing capability, or the terminal and the server can be interactively executed.
As shown in fig. 2, the encrypted communication method provided by the embodiment of the present disclosure may include the following steps.
In step S210, a called request authentication sent by the called terminal is received, where the called request authentication includes a calling terminal number, a called terminal number, and an authentication parameter.
In the step, a key management platform of a terminal or a server receives a called request authentication sent by the called terminal, wherein the called request authentication comprises a calling terminal number, a called terminal number and an authentication parameter. Wherein the authentication parameter may be a key in the key fob of the called terminal.
In step S220, authenticating the called terminal according to the called request authentication.
In this step, the terminal or the key management platform of the server authenticates the called terminal according to the called request authentication.
In step S230, after the authentication of the called terminal passes, the encrypted session identifier is read and the second key of the calling terminal and the sequence number of the second key are obtained by querying.
In the step, after the authentication of the called terminal is passed, the key management platform of the terminal or the server reads the encrypted session identifier and obtains the second key of the calling terminal and the serial number of the second key through inquiry. The encrypted session identifier is used for indicating the calling terminal and the called terminal to talk.
In one embodiment, obtaining the second key of the calling terminal and the sequence number of the second key by querying includes: inquiring a database of the key management platform to obtain a second key of the calling terminal and a serial number of the second key; wherein the database of the key management platform comprises keys of key fobs of all terminals. The second key is any one of keys in a key fob of the calling terminal.
In step S240, the encrypted session identifier, the second key, and the sequence number of the second key are sent to the called terminal, so that the called terminal uses the second key to perform encrypted communication.
In this step, the terminal or the key management platform of the server sends the encrypted session identifier, the second key and the sequence number of the second key to the called terminal, so that the called terminal uses the second key to perform encrypted call.
In one embodiment, sending the encrypted session identifier, the second key, and the sequence number of the second key to the called terminal, so that the called terminal uses the second key to make an encrypted call includes: and sending the encrypted session identifier, the second key and the sequence number of the second key to the called terminal so that the called terminal encrypts an RTP data packet to be sent by using the second key, and sending the encrypted RTP stream to the calling terminal by expanding an RTP message header to carry the key sequence number corresponding to the second key.
The encrypted communication method of fig. 2 is implemented by receiving a called request authentication sent by the called terminal, wherein the called request authentication comprises a calling terminal number, a called terminal number and an authentication parameter; authenticating the called terminal according to the called request authentication; after the authentication of the called terminal passes, reading the encrypted session identifier and obtaining a second key of the calling terminal and a sequence number of the second key through inquiry; and sending the encrypted session identifier, the second key and the sequence number of the second key to the called terminal so that the called terminal can use the second key to carry out encrypted call, and normal encrypted call of the called terminal can be ensured.
In one embodiment, when the called terminal listens in advance and the called terminal does not complete the receiving of the second key, the called terminal does not encrypt the RTP packet of the real-time transmission protocol to be sent, and directly sends the unencrypted RTP data stream to the calling terminal.
The encrypted conversation method of the present disclosure is described below with reference to specific examples.
Fig. 3 is a schematic structural diagram of an encrypted communication method according to an embodiment of the present disclosure.
As shown in fig. 3, the calling terminal and the called terminal have a large-capacity key fob, respectively. The key of the high-capacity key fob is used for encrypting and decrypting call data in addition to the terminal authentication. After the key management platform completes authentication of both parties of the call, any available key in the opposite-end key fob is respectively issued to both parties of the call according to the key availability. In the encryption call process, the terminal encrypts call data by using the keys of the opposite terminals respectively, and decrypts by using the keys of the local key fob without additional key synchronization. And the decryption key is originally preset in the key fob of the terminal without waiting for network side distribution, so the decryption success rate is greatly improved, and the problems that the key acquisition fails or the key states at two ends are not synchronous to cause incapability of normal communication and the like are avoided. The scheme of fig. 3 simplifies the key negotiation logic of the network side (key management platform) and the terminal side, improves the call reliability, and ensures the user experience.
Fig. 4 is a flowchart of an encrypted call method according to an embodiment of the present disclosure.
As shown in fig. 4, the encrypted call method includes:
(1) The calling terminal is used as a calling party to initiate a call to the called terminal;
(2) When a calling terminal initiates a call, or after initiating the call, the calling terminal requests authentication from a key management platform, and carries a calling number and a called number and related authentication parameters;
(3) The key management platform authenticates the calling terminal, generates an encrypted session identifier and associates the encrypted session identifier with the calling number and the called number. Meanwhile, inquiring the key service condition of the key fob of the called terminal, and reading the available first key of any one of the key fob of the called terminal, the serial number and other data;
(4) The key management platform returns an encryption session identifier of the encrypted call and an available first key of the key fob of the called terminal to the calling terminal and a corresponding key serial number;
(5) After receiving the call (invite message) from the calling terminal, the called terminal also requests authentication from the key management platform, carrying the calling and called numbers and related authentication parameters;
(6) The key management platform authenticates the called terminal, reads the existing encrypted session identifier, inquires the key service condition of the key card of the calling terminal, and reads any available second key of the key card of the calling terminal, the serial number and other data;
(7) The key management platform returns an encryption session identifier of the encrypted call, an available second key of the key fob of the calling terminal and a corresponding key serial number to the called terminal;
(8) The called terminal answers the call and returns a 200OK message to the calling terminal to start the encrypted call;
(9) The calling terminal encrypts an RTP data packet to be transmitted by using a first key, and transmits the encrypted RTP stream to the called terminal by expanding the key sequence number corresponding to the first key carried by an RTP message header;
(10) After receiving the above encrypted RTP stream, the called terminal analyzes the RTP message header to obtain a key sequence number, reads a first key corresponding to the sequence number locally, decrypts RTP data by using the first key, and obtains a voice data plaintext;
(11) Similarly, the called terminal encrypts the RTP data packet to be transmitted by using the second key, and the encrypted RTP stream is transmitted to the calling terminal by expanding the key sequence number corresponding to the second key carried by the RTP message header;
(12) Similarly, after receiving the encrypted RTP stream sent by the called terminal, the calling terminal analyzes the RTP message header to obtain a key sequence number, reads a second key corresponding to the sequence number locally, and decrypts RTP data by using the second key to obtain a voice data plaintext;
in the whole process, as the terminals of both sides can certainly decrypt the encrypted RTP stream by using the local key, the situation that decryption cannot be performed does not occur, and the calling terminal and the called terminal can normally communicate.
Fig. 5 is a flowchart of an encrypted call method according to an embodiment of the present disclosure.
As shown in fig. 5, the key negotiation is not completed before the called terminal is connected, the calling terminal completes the key acquisition, the called terminal does not complete the key acquisition, and the encrypted call method includes:
(1) The calling terminal is used as a calling party to initiate a call to the called terminal;
(2) The calling terminal requests authentication to the key management platform after initiating a call, and carries the calling number and the called number and related authentication parameters;
(3) The key management platform authenticates the calling terminal, generates an encrypted session identifier and associates the encrypted session identifier with the calling number and the called number. Meanwhile, inquiring the key service condition of the key fob of the called terminal, and reading the available first key of any one of the key fob of the called terminal, the serial number and other data;
(4) The key management platform returns an encrypted call identifier of the encrypted call and an available first key of a key fob of the called terminal to the calling terminal and a corresponding key serial number;
(5) After receiving the call (invite message) from the calling terminal, the called terminal also requests authentication from the key management platform, carrying the calling and called numbers and related authentication parameters;
(6) Because the user answers the call in advance in the authentication and authentication process of the called terminal and the process of acquiring the key of the calling terminal, the key negotiation process initiated by the called terminal is interrupted;
(7) After the telephone is switched on, the calling terminal encrypts an RTP data packet to be transmitted by using a first key, and the RTP message header is expanded to carry a key sequence number corresponding to the first key, so that the encrypted RTP stream is transmitted to the called terminal;
(8) After receiving the above encrypted RTP stream, the called terminal analyzes the RTP message header to obtain a key sequence number, reads a first key corresponding to the sequence number locally, decrypts RTP data by using the first key, and obtains a voice data plaintext;
(9) Because the called terminal does not acquire the key data of the calling terminal, the called terminal does not encrypt the RTP data packet to be transmitted, and directly transmits an unencrypted RTP stream to the calling terminal;
in the above process, even if one party does not obtain the opposite-end key, the calling terminal and the called terminal can still normally talk because the key which needs to be used for decrypting the RTP data packet is originally local to the terminal, and therefore does not affect the decryption of any encrypted data packet.
Fig. 6 is a schematic structural diagram of a key management platform according to an embodiment of the present disclosure.
As shown in fig. 6, a key management platform 600 provided by an embodiment of the present disclosure may include:
a receiving unit 610, configured to receive a caller request authentication sent by a caller terminal, where the caller request authentication includes a caller terminal number, a called terminal number, and an authentication parameter;
an authentication unit 620, configured to authenticate the calling terminal according to the caller request authentication;
a generating unit 630, configured to generate an encrypted session identifier associated with the calling terminal and the called terminal after the authentication of the calling terminal passes;
a query unit 640, configured to obtain a first key of the called terminal and a sequence number of the first key by querying;
and a sending unit 650, configured to send the encrypted session identifier, the first key, and the sequence number of the first key to the calling terminal, so that the calling terminal uses the first key to perform an encrypted call.
The key management platform of fig. 6 is configured to receive, through a receiving unit, a caller request authentication sent by a caller terminal, where the caller request authentication includes a caller terminal number, a called terminal number, and an authentication parameter; an authentication unit, configured to authenticate the calling terminal according to the caller request authentication; the generation unit is used for generating encryption session identifications associated with the calling terminal and the called terminal after the authentication of the calling terminal is passed; the inquiring unit is used for obtaining the first key of the called terminal and the serial number of the first key through inquiring; and the sending unit is used for sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted call, and normal encrypted call of the calling terminal can be ensured.
In one embodiment, the query unit 640 is further configured to query a database of a key management platform to obtain a first key of the called terminal and a sequence number of the first key; wherein the database of the key management platform comprises keys of key fobs of all terminals.
In one embodiment, the sending unit 650 is further configured to send the encrypted session identifier, the first key, and a sequence number of the first key to the calling terminal, so that the calling terminal encrypts a RTP packet to be sent by using the first key, and sends the encrypted RTP stream to the called terminal by expanding an RTP header to carry a key sequence number corresponding to the first key.
In one embodiment, the receiving unit 610 is configured to receive a called request authentication sent by the called terminal, where the called request authentication includes a calling terminal number, a called terminal number, and an authentication parameter;
an authentication unit 620, configured to authenticate the called terminal according to the called request authentication;
a query unit 640, configured to read the encrypted session identifier after the authentication of the called terminal passes, and obtain a second key of the calling terminal and a sequence number of the second key through query;
and a sending unit 650, configured to send the encrypted session identifier, the second key, and a sequence number of the second key to the called terminal, so that the called terminal uses the second key to perform an encrypted call.
In one embodiment, the query unit 640 is configured to obtain the second key of the calling terminal and the serial number of the second key by querying a database of the key management platform; wherein the database of the key management platform comprises keys of key fobs of all terminals.
In one embodiment, the sending unit 650 is configured to send the encrypted session identifier, the second key, and the sequence number of the second key to the called terminal, so that the called terminal encrypts the RTP packet to be sent by using the second key, and sends the encrypted RTP stream to the calling terminal by expanding an RTP header to carry the key sequence number corresponding to the second key.
In one embodiment, the sending unit 650 is configured to send the unencrypted RTP data stream directly to the calling terminal without encrypting the RTP data packet of the real-time transport protocol to be sent when the called terminal listens in advance and does not complete the reception of the second key.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device 700 according to an embodiment of the disclosure. As shown in fig. 7, an electronic device in an embodiment of the present disclosure may include: one or more processors 701, memory 702, and input-output interfaces 703. The processor 701, the memory 702, and the input-output interface 703 are connected via a bus 704. The memory 702 is used for storing a computer program, which includes program instructions, and the input-output interface 703 is used for receiving data and outputting data, such as for data interaction between a host and an electronic device, or for data interaction between virtual machines in the host; the processor 701 is configured to execute program instructions stored in the memory 702.
The processor 701 may perform the following operations, among others:
receiving a calling request authentication sent by a calling terminal, wherein the calling request authentication comprises a calling terminal number, a called terminal number and an authentication parameter; authenticating the calling terminal according to the calling request authentication; after the authentication of the calling terminal passes, generating an encrypted session identifier associated with the calling terminal and the called terminal; obtaining a first key of the called terminal and a sequence number of the first key through inquiry; and sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted communication.
In some possible implementations, the processor 701 may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field-programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 702 may include read only memory and random access memory, and provides instructions and data to the processor 701 and input output interface 703. A portion of the memory 702 may also include non-volatile random access memory. For example, the memory 702 may also store information of device type.
In a specific implementation, the electronic device may execute, through each functional module built in the electronic device, an implementation manner provided by each step in the foregoing embodiment, and specifically may refer to an implementation manner provided by each step in the foregoing embodiment, which is not described herein again.
The embodiment of the disclosure provides an electronic device, comprising: the processor, the input/output interface and the memory acquire the computer program in the memory through the processor, execute the steps of the method shown in the above embodiment, and perform the transmission operation.
The embodiments of the present disclosure further provide a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program is adapted to be loaded by the processor and execute the method provided by each step in the foregoing embodiments, and specifically refer to an implementation manner provided by each step in the foregoing embodiments, which is not described herein in detail. In addition, the description of the beneficial effects of the same method is omitted. For technical details not disclosed in the embodiments of the computer-readable storage medium according to the present disclosure, please refer to the description of the embodiments of the method according to the present disclosure. As an example, a computer program may be deployed to be executed on one electronic device or on multiple electronic devices at one site or distributed across multiple sites and interconnected by a communication network.
The computer readable storage medium may be an apparatus provided in any of the foregoing embodiments or an internal storage unit of the electronic device, for example, a hard disk or a memory of the electronic device. The computer readable storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, a flash card (flash card) or the like, which are provided on the electronic device. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the electronic device. The computer-readable storage medium is used to store the computer program and other programs and data required by the electronic device. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
The disclosed embodiments also provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the electronic device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the electronic device performs the methods provided in the various alternatives in the above embodiments.
The terms first, second and the like in the description and in the claims and drawings of the embodiments of the disclosure are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or device that comprises a list of steps or elements is not limited to the list of steps or modules but may, in the alternative, include other steps or modules not listed or inherent to such process, method, apparatus, article, or device.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in this description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
The methods and related devices provided by the embodiments of the present disclosure are described with reference to the method flowcharts and/or structure diagrams provided by the embodiments of the present disclosure, and each flowchart and/or block of the method flowcharts and/or structure diagrams may be implemented by computer program instructions, and combinations of flowcharts and/or block diagrams. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable transmission device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable transmission device, create means for implementing the functions specified in the flowchart flow or flows and/or block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable transmission apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or structural diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable transmission device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer implemented process such that the instructions which execute on the computer or other programmable device provide steps for implementing the functions specified in the flowchart flow or flows and/or structures.
The foregoing disclosure is merely illustrative of the presently preferred embodiments of the present disclosure, and it is not intended to limit the scope of the claims hereof, as defined by the appended claims.

Claims (10)

1. An encryption communication method applied to a key management platform is characterized by comprising the following steps:
receiving a calling request authentication sent by a calling terminal, wherein the calling request authentication comprises a calling terminal number, a called terminal number and an authentication parameter;
authenticating the calling terminal according to the calling request authentication;
after the authentication of the calling terminal passes, generating an encrypted session identifier associated with the calling terminal and the called terminal;
obtaining a first key of the called terminal and a sequence number of the first key through inquiry;
and sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted communication.
2. The method of claim 1, wherein obtaining the first key of the called terminal and the sequence number of the first key by querying comprises:
inquiring a database of a key management platform to obtain a first key of the called terminal and a serial number of the first key;
wherein the database of the key management platform comprises keys of key fobs of all terminals.
3. The method of claim 1, wherein transmitting the encrypted session identifier, the first key, and the sequence number of the first key to the calling terminal to cause the calling terminal to conduct an encrypted call using the first key comprises:
and sending the encrypted session identifier, the first key and the sequence number of the first key to the calling terminal so that the calling terminal encrypts a real-time transmission protocol (RTP) data packet to be sent by using the first key, and sending the encrypted RTP stream to the called terminal by expanding an RTP message header to carry the key sequence number corresponding to the first key.
4. The method as recited in claim 1, further comprising:
receiving a called request authentication sent by the called terminal, wherein the called request authentication comprises a calling terminal number, a called terminal number and an authentication parameter;
authenticating the called terminal according to the called request authentication;
after the authentication of the called terminal passes, reading the encrypted session identifier and obtaining a second key of the calling terminal and a sequence number of the second key through inquiry;
and sending the encrypted session identifier, the second key and the serial number of the second key to the called terminal so that the called terminal uses the second key to carry out encrypted communication.
5. The method of claim 4, wherein obtaining the second key of the calling terminal and the sequence number of the second key by querying comprises:
inquiring a database of the key management platform to obtain a second key of the calling terminal and a serial number of the second key;
wherein the database of the key management platform comprises keys of key fobs of all terminals.
6. The method of claim 4, wherein transmitting the encrypted session identifier, the second key, and the sequence number of the second key to the called terminal to cause the called terminal to conduct an encrypted call using the second key comprises:
and sending the encrypted session identifier, the second key and the sequence number of the second key to the called terminal so that the called terminal encrypts an RTP data packet to be sent by using the second key, and sending the encrypted RTP stream to the calling terminal by expanding an RTP message header to carry the key sequence number corresponding to the second key.
7. The method as recited in claim 1, further comprising:
and when the called terminal answers in advance and the second secret key is not received, the called terminal does not encrypt the RTP data packet to be sent, and directly sends an unencrypted RTP data stream to the calling terminal.
8. A key management platform, comprising:
the receiving unit is used for receiving a calling request authentication sent by a calling terminal, wherein the calling request authentication comprises a calling terminal number, a called terminal number and an authentication parameter;
an authentication unit, configured to authenticate the calling terminal according to the caller request authentication;
the generation unit is used for generating encryption session identifications associated with the calling terminal and the called terminal after the authentication of the calling terminal is passed;
the inquiring unit is used for obtaining the first key of the called terminal and the serial number of the first key through inquiring;
and the sending unit is used for sending the encrypted session identifier, the first key and the serial number of the first key to the calling terminal so that the calling terminal can use the first key to carry out encrypted communication.
9. An electronic device, comprising:
one or more processors;
a storage device configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-7.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method according to any one of claims 1 to 7.
CN202310854404.6A 2023-07-12 2023-07-12 Encryption call method, key management platform, equipment and medium Pending CN116709227A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310854404.6A CN116709227A (en) 2023-07-12 2023-07-12 Encryption call method, key management platform, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310854404.6A CN116709227A (en) 2023-07-12 2023-07-12 Encryption call method, key management platform, equipment and medium

Publications (1)

Publication Number Publication Date
CN116709227A true CN116709227A (en) 2023-09-05

Family

ID=87827729

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310854404.6A Pending CN116709227A (en) 2023-07-12 2023-07-12 Encryption call method, key management platform, equipment and medium

Country Status (1)

Country Link
CN (1) CN116709227A (en)

Similar Documents

Publication Publication Date Title
CN102833253B (en) Set up method and server that client is connected with server security
KR101438243B1 (en) Sim based authentication
EP1976322A1 (en) An authentication method
US20150089220A1 (en) Technique For Bypassing an IP PBX
CN112737774B (en) Data transmission method, device and storage medium in network conference
KR20050101110A (en) Broadcast encryption key distribution system
CN114553422B (en) VoLTE voice encryption communication method, terminal and system
CN113630407B (en) Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology
CN113347215B (en) Encryption method for mobile video conference
CN112672342B (en) Data transmission method, device, equipment, system and storage medium
JP2008535427A (en) Secure communication between data processing device and security module
CN115022868A (en) Satellite terminal entity authentication method, system and storage medium
CN115334497A (en) Satellite terminal key distribution method, device and system
CN109889763B (en) Call establishment method, device and storage medium of conference television system
CN116233832A (en) Verification information sending method and device
CN215186781U (en) Quantum computing resistant mobile communication system based on quantum secret communication network
CN116709227A (en) Encryption call method, key management platform, equipment and medium
CN112054905B (en) Secure communication method and system of mobile terminal
CN114244513A (en) Key agreement method, device and storage medium
WO2016165429A1 (en) Service processing method and apparatus, and terminal
CN114244506B (en) Method and system for quickly synchronizing quantum keys
CN109257630B (en) Data transmission system, method, device and storage medium in video-on-demand
WO2001022685A1 (en) Method and arrangement for communications security
JPH05183507A (en) Mobile communication verification method
CN116709307A (en) Call encryption method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination