CN118019000A - High-security mobile phone communication system based on dynamic token link encryption - Google Patents
High-security mobile phone communication system based on dynamic token link encryption Download PDFInfo
- Publication number
- CN118019000A CN118019000A CN202410405216.XA CN202410405216A CN118019000A CN 118019000 A CN118019000 A CN 118019000A CN 202410405216 A CN202410405216 A CN 202410405216A CN 118019000 A CN118019000 A CN 118019000A
- Authority
- CN
- China
- Prior art keywords
- communication
- security
- mobile phone
- dynamic token
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 318
- 238000004891 communication Methods 0.000 title claims abstract description 310
- 238000000034 method Methods 0.000 claims abstract description 51
- 238000012544 monitoring process Methods 0.000 claims abstract description 42
- 230000008569 process Effects 0.000 claims abstract description 37
- 230000035945 sensitivity Effects 0.000 claims abstract description 34
- 238000012795 verification Methods 0.000 claims abstract description 31
- 230000005540 biological transmission Effects 0.000 claims description 31
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 11
- 238000010295 mobile communication Methods 0.000 claims description 8
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 238000013139 quantization Methods 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 3
- 230000010267 cellular communication Effects 0.000 claims 1
- 230000001413 cellular effect Effects 0.000 claims 1
- 230000001419 dependent effect Effects 0.000 abstract 1
- 230000007246 mechanism Effects 0.000 description 14
- 230000008859 change Effects 0.000 description 7
- 238000013461 design Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 230000002708 enhancing effect Effects 0.000 description 3
- 230000001815 facial effect Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 239000000306 component Substances 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000004148 unit process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a high-security mobile phone communication system based on dynamic token link encryption, aiming at improving the security and privacy protection in the mobile phone communication process; the system is internally embedded in a communication encryption unit and a communication decryption unit of the mobile phone and is respectively responsible for the encryption and decryption processes of the message, and the system is dependent on a unique dynamic token generated by a dynamic token generation and synchronization unit on a mobile operator platform; the generation of these tokens takes into account a series of dynamic factors such as the time stamp, session identifier and physical characteristics of both parties of the communication, as well as the expected duration of the session, geographical location, network conditions, security status of the device and sensitivity of the content of the communication, ensuring that the key for each communication session is unique and adapted to the current communication environment; in addition, the system also comprises a verification and security monitoring unit which is configured at the operation Shang Ping stations and is responsible for verifying the integrity and the source of the encrypted message and dynamically adjusting the complexity of the encryption algorithm according to the current security level and the network condition.
Description
Technical Field
The invention relates to the technical field of mobile phone communication, in particular to a high-security mobile phone communication system based on dynamic token link encryption.
Background
In the field of modern mobile phone communications, security has become an increasingly important concern. With the progress of technology and the popularization of mobile equipment use, security threats such as data leakage, identity theft, information tampering and the like are increasing.
Existing encryption techniques, such as static key systems and traditional symmetric encryption algorithms, while providing a degree of security for data transmission, tend to be inflexible and secure in the face of complex network environments and Advanced Persistent Threats (APT). These conventional methods typically rely on fixed keys or encryption patterns, which are difficult to accommodate for rapid changes in network conditions or to cope with advanced attack strategies. In addition, with the continuous demand for data transmission rates and encryption strength by mobile devices and applications, there is a need for an encryption scheme that can dynamically adapt to the network environment and update the security policies on the fly.
Therefore, there is an urgent need to develop a new high security mobile phone communication system.
Disclosure of Invention
The application provides a high-security mobile phone communication system based on dynamic token link encryption, which is used for improving the security of mobile phone communication.
The application provides a high-security mobile phone communication system based on dynamic token link encryption, which comprises:
the communication encryption unit is configured in the mobile phone and is used for generating a key according to the dynamic token provided by the dynamic token generation and synchronization unit; encrypting the message to be transmitted using the generated key and an encryption algorithm provided by the authentication and security monitoring unit;
the communication decryption unit is configured in the mobile phone and is used for generating a key according to the dynamic token provided by the dynamic token generation and synchronization unit; decrypting the received encrypted message by using the generated secret key and an encryption algorithm provided by the verification and security monitoring unit to obtain the original message content;
The dynamic token generation and synchronization unit is configured on the mobile operator platform and is used for generating a dynamic token based on specific parameters of the current communication session and dynamic factors of the current communication environment; a dynamic token is synchronously generated between a sending mobile phone and a receiving mobile phone of the high-security mobile phone communication system; wherein, the dynamic factors of the current communication environment comprise a time stamp, a session identifier and the physical characteristics of the two devices; the specific parameters of the current communication session include the expected session duration, the geographic location of both parties to the communication, the network quality and bandwidth, the device security status, and the sensitivity level of the communication content;
The verification and security monitoring unit is configured on the mobile operator platform and is used for verifying the integrity and the source of the encrypted message transmitted through the mobile operator platform, so as to ensure that the message is not tampered and comes from an expected sender; and dynamically adjusting the complexity of the encryption algorithm according to the security level requirement and the network condition of the communication link to balance the security and the communication efficiency, and transmitting the adjusted encryption algorithm to a transmitting end mobile phone and a receiving end mobile phone in the high-security mobile phone communication system.
Still further, the communication encryption unit is specifically configured to:
the key is generated according to equation 1 as follows:
;
Wherein, Representing the generated key; /(I)And/>Is a hash function; /(I)Is a dynamic token, and is provided by a dynamic token generation and synchronization unit; /(I)Is a session identifier between the sender mobile phone and the receiver mobile phone; /(I)Is a pre-negotiated parameter shared between the sender handset and the receiver handset.
Further, the dynamic token generation and synchronization unit is specifically configured to:
The dynamic token is generated according to equation 2 as follows:
;
Wherein, Representing the generated dynamic token; /(I)Is a hash function used to ensure the randomness of the dynamic token; Is a session identifier between the sender mobile phone and the receiver mobile phone; /(I) Representing a current timestamp; /(I)Encoding geographic location information representing devices of both communication parties; /(I)Representing the physical characteristics of the devices of both communication parties; /(I)Is a pre-negotiated parameter shared between the sender mobile phone and the receiver mobile phone; /(I)Is the expected session duration; /(I)A sensitivity level representing a current communication session; /(I)A quantization index representing network quality, a high value representing good network conditions, and a low value representing poor network conditions; /(I)A quantized value representing the available bandwidth, representing the maximum data transfer rate available for the current session; /(I)Representing signal intensity; /(I)And/>Is a weight coefficient; /(I)Is a modulus value.
Further, the dynamic token generation and synchronization unit is specifically configured to:
Selecting hash functions based on user-set security levels Comprises the following species:
SHA-512 is selected as the hash function when the security level is set high;
Selecting SHA-256 when the security level is set to medium;
SHA-1 is selected when the security level is set low.
Still further, the dynamic token generation and synchronization unit is further configured to:
carrying out a safety handshake between the mobile phone at the transmitting end and the mobile phone at the receiving end before communication starts;
Determination by the secure handshake negotiation 、/>、/>Specific values of the parameters, and generating an initial dynamic token based on the negotiated parameters after the handshake is completed.
Furthermore, the dynamic token generation and synchronization unit automatically regenerates the dynamic token when detecting that the network condition is switched from the 4G network to the WiFi, and synchronizes the dynamic token to the sending mobile phone and the receiving mobile phone through a safe channel.
Still further, the communication encryption unit includes an encryption strength selection module that is capable of automatically selecting an encryption strength based on characteristics of the dynamic token and a sensitivity level of the current communication session, thereby optimizing computing resource consumption of the encryption process without sacrificing security.
Further, the verification and security monitoring unit comprises an abnormal behavior detection module for monitoring transmission characteristics of the encrypted message in real time so as to timely identify and respond to potential security threats; wherein the transmission characteristics include transmission frequency and size, and the security threat includes denial of service attacks or data leakage.
Furthermore, the verification and security monitoring unit comprises a user authentication module for performing a user authentication step before the communication session starts, so as to enhance the security of the identity verification of both communication parties.
The application has the following beneficial technical effects:
(1) Communication security is improved: by using a dynamic token generation mechanism, the system is able to generate a unique encryption key for each communication session, greatly enhancing the security of the communication process. The use of dynamic tokens ensures that even if some keys are cracked, an attacker cannot decrypt the data of other sessions using the key, since the key for each session is unique.
(2) Adapting to dynamic communication environment: the system can generate and synchronize dynamic tokens based on dynamic factors (such as time stamps, network quality, equipment states and the like) of the current communication environment, so that an encryption mechanism can flexibly adapt to continuously changing network conditions and equipment states, and the continuity and the safety of communication are ensured.
(3) Dynamically adjusting encryption strength: according to the current security level and network condition of the communication link, the system can dynamically adjust the complexity of the encryption algorithm, so that the security of data transmission is ensured, and the communication efficiency is optimized. This dynamic adjustment mechanism enables the system to reduce unnecessary computational burden and delay while ensuring security.
(4) Data integrity and source verification capability are improved: the verification and security monitoring unit within the system is able to verify the integrity and origin of the encrypted message, ensuring that the data is not tampered with during transmission and indeed comes from the intended sender. This feature is critical to prevent man-in-the-middle attacks and to ensure the authenticity of the data.
(5) By using a unique dynamic token generated based on current environmental parameters in each communication session, the system is able to effectively protect user privacy from unauthorized tracking and analysis of user communication behavior and data content.
Drawings
Fig. 1 is a schematic diagram of a high security mobile phone communication system based on dynamic token link encryption according to a first embodiment of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. The present application may be embodied in many other forms than those herein described, and those skilled in the art will readily appreciate that the present application may be similarly embodied without departing from the spirit or essential characteristics thereof, and therefore the present application is not limited to the specific embodiments disclosed below.
The first embodiment of the application provides a high-security mobile phone communication system based on dynamic token link encryption. Referring to fig. 1, a schematic diagram of a first embodiment of the present application is shown. A high security mobile phone communication system based on dynamic token link encryption according to a first embodiment of the present application is described in detail below with reference to fig. 1.
The high-security mobile phone communication system comprises a communication encryption unit 101, a communication decryption unit 102, a dynamic token generation and synchronization unit and a verification and security monitoring unit.
The communication encryption unit 101 is configured in the mobile phone and is used for generating a key according to the dynamic token provided by the dynamic token generation and synchronization unit; the message to be sent is encrypted using the generated key and an encryption algorithm provided by the authentication and security monitoring unit.
In the high security mobile phone communication system provided in this embodiment, the communication encryption unit 101 is a key component, and is designed to enhance the security of mobile phone communication. The unit is built in the mobile phone and has the dual functions of generating a secret key and encrypting a message so as to ensure confidentiality and integrity of communication contents. The communication encryption unit 101 is described in detail below.
The primary function of the communication encryption unit 101 is to generate a key from dynamic tokens received by the dynamic token generation and synchronization unit 103. This process involves advanced encryption techniques where the generation of dynamic tokens relies on a range of variables including, but not limited to, time stamps, session identifiers, and physical characteristics of both devices. These dynamic factors ensure that the keys used for each communication session are unique, thereby greatly enhancing the security of the system.
Once the key is generated, the communication encryption unit 101 encrypts the message to be transmitted using this key. This encryption process employs encryption algorithms provided by the authentication and security monitoring unit 104, which are carefully selected and optimized according to the current communication environment and security requirements. For example, if the current network conditions allow, a more complex encryption algorithm may be selected to provide a higher level of security protection. Conversely, when the network conditions are poor, a more efficient algorithm may be employed to ensure smooth communication.
The communication encryption unit 101 needs to encrypt not only the message content but also ensure that the encryption process does not cause inconvenience to the normal use of the user. Therefore, the unit is designed to operate efficiently, minimizing the impact on device performance and battery life, while ensuring that stable encryption services are provided even in cases of large data transmission volumes or complex network environments.
Further, the communication encryption unit 101 is designed in consideration of ease of use and transparency, and the user hardly feels its presence during use, and all encryption and key generation operations are automatically completed in the background. The user only needs to send and receive messages normally without any additional operations or settings.
Still further, the communication encryption unit is specifically configured to:
the key is generated according to equation 1 as follows:
;
Wherein, Representing the generated key; /(I)And/>Is a hash function; /(I)Is a dynamic token, and is provided by a dynamic token generation and synchronization unit; /(I)Is a session identifier between the sender mobile phone and the receiver mobile phone; /(I)Is a pre-negotiated parameter shared between the sender handset and the receiver handset.
In the high security mobile phone communication system provided in this embodiment, a key function of the communication encryption unit is to generate a key for encrypting communication by using a specific algorithm. This process ensures that the key generated each time is both unique and secure by fusing the dynamic token, session identifier, and pre-negotiated parameters, and combining the characteristics of the hash function and cosine function. How the generation of the key is achieved according to a given formula 1 is described in detail below.
First, dynamic tokensProvided by the dynamic token generation and synchronization unit, which is an important dynamic element in the communication process, is used for ensuring that a unique key can be generated for each communication. The introduction of the dynamic token greatly enhances the security of the system, because even if someone can crack the key of a certain communication, the same key cannot be used for cracking other communication contents, and because the dynamic token is different in each communication, the corresponding generated key is also different.
Second, session identifierAs a unique identifier for communication between the mobile phone at the transmitting end and the mobile phone at the receiving end, the unique identifier is used together with the dynamic token, so that the uniqueness and the safety of the secret key are further enhanced. The session identifier ensures that different communication sessions will generate different keys even under the same dynamic token. A Session Identifier (SID) is a string of characters or numbers used in a communication system to uniquely identify a communication session. The method of acquiring and assigning SIDs may vary depending on the design of the handset communication system, but the primary purpose is to ensure that each communication session is uniquely identified, common methods include pre-negotiation and random generation. In some communication protocols, the SID may be obtained through a pre-negotiation process when both parties (sender handset and receiver handset) establish a connection. In this case, the SID may be generated by a central authority and then shared between the two parties. The pre-negotiation ensures that both parties use the same SID so that the communication session can be correctly identified and encrypted. Another approach is to randomly generate a SID by the communication initiator (e.g., the sender handset) at the beginning of the session. The generated SID is then transmitted to the recipient as part of the communication session. To ensure the uniqueness of the SID, a sufficiently long random number is typically used to reduce the likelihood of repetition. The randomly generated SID may incorporate a time stamp and other information to increase its randomness and uniqueness.
Again, parameters negotiated in advanceIs information common between the sender and receiver handsets, and this parameter may be based on some rule or information agreed upon by both parties, such as a time stamp of session start or any other secret information known to both parties. The addition of this parameter provides an additional variable to the key generation process, making the key generation more complex and secure.
In the formulaAnd/>Representing two hash functions that are used to process and transform the input data to generate a fixed length output. For example/>And/>SHA-256 was used. /(I)And/>Different hash functions may also be employed, e.g./>By SHA-256,/>SHA3-256 was used. In this scenario,/>The function of (1) is to integrate the dynamic token, session identifier and pre-negotiated parameters, and to generate a preliminary key by hashing. Then, this preliminary key is combined with/>The result of (2) is exclusive-ored, further increasing the randomness and complexity of the key. In addition, to introduce non-linear factors, the formula also adds/>I.e. first calculate/>Then by a hash function/>And (5) processing. This process not only exploits the non-linear nature of the cosine function, but also ensures that the output is a bit string of fixed length, suitable as part of the encryption key, through hash conversion.
In equation 1Representing a concatenation of data,/>Representing an exclusive or operation.
The whole key generation process is designed to generate a safe and unique key by utilizing the safety property of the hash function and the nonlinearity of the cosine function and combining the uniqueness of the dynamic token and the session identifier. In this way, the system ensures the security and integrity of the communication content even in the face of advanced security threats.
It should be noted that equation 1 may also be used in the communication decryption unit 102 to generate a key according to the dynamic token provided by the dynamic token generation and synchronization unit; and decrypting the received encrypted message by using the generated secret key and an encryption algorithm provided by the verification and security monitoring unit to obtain the original message content.
Still further, the communication encryption unit includes an encryption strength selection module that is capable of automatically selecting an encryption strength based on characteristics of the dynamic token and a sensitivity level of the current communication session, thereby optimizing computing resource consumption of the encryption process without sacrificing security.
In this high security mobile phone communication system, one of the core functions of the communication encryption unit is its embedded encryption strength selection module. The design of this module allows the system to automatically select the appropriate encryption strength based on the specific needs and conditions of each communication session, and such intelligent selection mechanism aims to ensure that the consumption of computing resources by the encryption and decryption processes is minimized while maintaining the necessary security.
The encryption strength selection module firstly analyzes the characteristics of the dynamic token, including the validity period of the token, the complexity of the generation algorithm and other factors. Dynamic tokens are key elements in the encryption process, and the characteristics of the dynamic tokens directly influence the encryption strength requirement. For example, a token designed with a shorter validity period and higher generation complexity may mean that a relatively low encryption strength may be employed, since even if the token is cracked in extreme cases, its short validity period greatly limits the potential security risks.
In addition, the module may also consider the sensitivity level of the current communication session, which is typically preset by the user or system based on the importance and privacy requirements of the communication content. A higher sensitivity level means that stronger encryption measures are needed to protect the communication content from unauthorized access or leakage.
Based on this information, the encryption strength selection module uses a built-in algorithm to determine the encryption strength that best suits the current session. This decision allows for maintaining communication security while minimizing the impact on device processing power and power consumption to ensure that encrypted communications can be smoothly conducted even on resource-constrained devices.
Suppose a needs to send a set of documents containing sensitive financial data to B. In this case, the system would recognize the high sensitivity level of this communication session and in combination with the characteristics of the dynamic token currently in use, the encryption strength selection module would decide to use 256-bit AES encryption, a widely accepted high strength encryption standard, which would provide adequate security.
Conversely, if a simply sends some daily work updates to B, the sensitivity of this information is low, and the encryption strength selection module may choose to use 128-bit AES encryption, which is still very secure in most cases, but is more computationally efficient than 256-bit AES, reducing the computational burden and power consumption of the device.
In this way, the encryption strength selection module provides a flexible and intelligent encryption strategy selection mechanism for the high-security mobile phone communication system, so that the system can automatically adapt to the security requirements and resource limitations of different communication sessions, ensure the security of communication, and simultaneously optimize the system performance and resource use. This design enables one skilled in the art to implement and maintain a communication system that is both efficient and secure.
In summary, the communication encryption unit 101 is a core component of the present high security mobile phone communication system, and provides unprecedented security for mobile phone communication by using a dynamic token generation technology and a carefully selected encryption algorithm. In this way, the communication security of the user is sufficiently protected even in a continuously changing communication environment.
The communication decryption unit 102 is configured in the mobile phone and is used for generating a key according to the dynamic token provided by the dynamic token generation and synchronization unit; and decrypting the received encrypted message by using the generated secret key and an encryption algorithm provided by the verification and security monitoring unit to obtain the original message content.
In the high security mobile phone communication system provided in this embodiment, the communication decryption unit 102 plays a crucial role, and is responsible for restoring the received encrypted message to the original message content, so as to ensure that the receiving end can understand and process the information. To achieve this, the unit is specifically designed to run inside the handset, using a sophisticated set of mechanisms to match and apply dynamic tokens and encryption algorithms. The communication decryption unit 102 is described in detail below.
First, the core function of the communication decryption unit 102 is to generate a key using a dynamic token matched with a sender. The dynamic token generation and synchronization unit 103 acts as a bridge throughout the communication system, which ensures that both the sender and receiver can generate matching keys based on the same dynamic factors.
The generation of dynamic tokens relies on a series of predefined security protocols and real-time dynamic factors of the communication environment, such as time stamps, session identifiers, and physical characteristics of both devices. These factors, in combination, ensure that the dynamic token used for each session is unique even in successive communication sessions, thereby ensuring that the generated key is highly secure and unique.
When the communication decryption unit 102 receives the encrypted message, it first generates a decryption key using the dynamic token obtained from the dynamic token generation and synchronization unit 103. The unit then decrypts the encrypted message using an inverse of the encryption algorithm provided by the authentication and security monitoring unit 104. This step is accurate and requires a high degree of computational accuracy to ensure that the message content is restored intact.
The implementation of the decryption process allows for high efficiency and low latency to ensure that the user has a smooth communication experience even in cases of large amounts of data or unstable network environments. The communication decryption unit 102 is designed with the ease of use fully taken into account, the user does not need to perform any complex operations or additional settings, all decryption processes are automatically completed in the background, and the user only needs to normally receive and view messages.
In addition, the communication decryption unit 102 also cooperates with the authentication and security monitoring unit 104 to perform integrity and source verification of the received encrypted message, ensuring that the data is not tampered with and indeed comes from the intended sender. The verification process further enhances the safety of communication and ensures the authenticity and reliability of data.
In summary, the communication decryption unit 102 is an indispensable ring in the high security mobile phone communication system, and uses a dynamic token and advanced encryption technology to ensure that the receiving end can safely, accurately and efficiently restore the original message of the sending end, thereby providing a highly secure and user-friendly communication solution for the user.
The dynamic token generation and synchronization unit 103 is configured on the mobile operator platform and is used for generating a dynamic token based on the specific parameters of the current communication session and the dynamic factors of the current communication environment; a dynamic token is synchronously generated between a sending mobile phone and a receiving mobile phone of the high-security mobile phone communication system; wherein, the dynamic factors of the current communication environment comprise a time stamp, a session identifier and the physical characteristics of the two devices; the specific parameters of the current communication session include the expected session duration, the geographic location of both parties to the communication, the network quality and bandwidth, the device security status, and the sensitivity level of the communication content.
In the high security mobile phone communication system provided in this embodiment, the dynamic token generation and synchronization unit 103 plays a core role, and is responsible for generation, management and synchronization of dynamic tokens in the whole system. The unit is configured on a mobile operator platform and utilizes a series of preset security protocols and real-time monitored dynamic factors of the communication environment to ensure that a unique and secure dynamic token can be used for each communication session.
The dynamic token generation and synchronization unit 103 is designed to take into account the diversity and dynamics of the communication environment. It generates dynamic tokens by analyzing a number of dynamic factors of the current communication environment, including time stamps, session identifiers, physical characteristics of both parties' devices, and specific parameters of the session, such as expected session duration, geographic location of both parties communicating, network quality and bandwidth, device security status, and sensitivity level of the communication content. These factors work together to ensure that each token generated is highly random and unique, thereby providing a robust security for the communication session.
In a high security mobile phone communication system, dynamic factors of the current communication environment are key basis for generating dynamic tokens, and the factors jointly determine the uniqueness and adaptability of the tokens. These concepts and their importance are described in detail below and corresponding examples are provided for a better understanding.
A timestamp refers to a specific time, typically expressed in terms of date and time, at which a certain event was recorded to occur. In a communication system, a timestamp may ensure that a dynamic token is associated with a particular point in time, thereby increasing the randomness and timeliness of the token. For example, if a communication session starts at 2023, 3, 23, 12:00:00, the time stamp would be used in the generation of the dynamic token.
The session identifier is a string or number that uniquely identifies a communication session. It enables the system to distinguish between different communication sessions that occur simultaneously. For example, in a chat application, each chat session may be identified by a unique session identifier to ensure that messages are delivered correctly to the correct session.
This refers to physical attributes of devices involved in communication, such as device model, processor type, storage capacity, etc. This information can be used to increase the complexity and specificity of the dynamic token. For example, the physical characteristics of an iPhone 12 and a samsung Galaxy S21 are different, and this difference can be used to generate a more personalized dynamic token.
The estimated duration of a session refers to an estimate of how long the two parties to the communication are expected to last. Sessions of different lengths may require tokens of different security levels. For example, a short communication (e.g., sending a short message) and a long communication (e.g., a video call) may vary significantly in duration, and the token generation policy may be adjusted based on this parameter.
The geographic location of the communicating parties is also an important factor in the generation of dynamic tokens. The difference in geographic location may increase the randomness of the token. For example, one user is in Beijing and another user is in Shenzhen, and the communication between them takes this geographic difference into account to generate tokens.
Network quality and bandwidth reflect network conditions during communication, including network speed, delay, packet loss rate, etc. Different network conditions may require dynamic tokens for different security measures. For example, in the case of poor network quality, it may be desirable to generate a more robust token to resist possible retransmissions and interference.
The security state of the device includes software version, application of security patches, etc. A device may be more vulnerable to attack if not updated for a long period of time, which needs to be taken into account when generating the token. For example, a device running the latest operating system version may be considered more secure, and a token generated when communicating with it may not need to take into account certain security vulnerabilities that have been repaired by the latest patch.
The sensitivity level of the communication content is different from the sensitivity of different communication content, for example, the sensitivity of banking transaction information is higher than that of common chat records. Depending on the sensitivity level of the communication content, the system may adjust the security characteristics of the token to provide adequate protection. For example, when sending a message containing credit card information, it may be desirable to generate a more complex, more secure dynamic token.
By integrating the dynamic factors, the high-security mobile phone communication system can generate a highly personalized and secure dynamic token for each communication, and effectively improves the communication security and privacy protection level.
A complex set of algorithmic flows is implemented within the unit for processing these variables and generating tokens. In addition, it is responsible for synchronizing the generated dynamic token to the transmitting and receiving ends of the communication system. The synchronization process adopts an encryption channel, ensures the security of the token in the transmission process, and avoids interception or tampering by a man-in-the-middle attacker.
Further, the dynamic token generation and synchronization unit is specifically configured to:
The dynamic token is generated according to equation 2 as follows:
;
Wherein, Representing the generated dynamic token; /(I)Is a hash function used to ensure the randomness of the dynamic token; Is a session identifier between the sender mobile phone and the receiver mobile phone; /(I) Representing a current timestamp; /(I)Encoding geographic location information representing devices of both communication parties; /(I)Representing the physical characteristics of the devices of both communication parties; /(I)Is a pre-negotiated parameter shared between the sender mobile phone and the receiver mobile phone; /(I)Is the expected session duration; /(I)A sensitivity level representing a current communication session; /(I)A quantization index representing network quality, a high value representing good network conditions, and a low value representing poor network conditions; /(I)A quantized value representing the available bandwidth, representing the maximum data transfer rate available for the current session; /(I)Representing signal intensity; /(I)And/>Is a weight coefficient; /(I)Is a modulus value.
In the high security mobile phone communication system provided in this embodiment, the dynamic token generation and synchronization unit uses a formula to generate the Dynamic Token (DT). This formula incorporates a number of parameters that are intended to ensure that each generated dynamic token is not only unique but also reflects the specific conditions of the current communication session and environment.
First, dynamic tokensIs generated by a formula that comprehensively considers a plurality of dynamic factors. The core of this formula is a hash function/>It is used to process the results of the whole expression, ensuring that the dynamic token output has a high degree of randomness and security. Hash function (/ >)May be SHA-256 or any other hash algorithm that provides sufficient security.
The Session Identifier (SID) is a flag that is used to uniquely identify a session between two communicating parties. It may be a string of numbers or characters that is generated by the communication system at the time of session establishment. Reference may be made to the relevant description in equation 1.
Current time stampIs the system time, typically in seconds, when the dynamic token is generated. It ensures that tokens generated at different times will differ even under the same conditions.
Encoding of geographic location informationAnd physical characteristics of both communication devices/>Additional information about the communication environment and the device itself is provided, further enhancing the uniqueness and security of the generated token.
An example is provided below as to how the encoding of the geographical location information (L) and the physical characteristics of the communication partner device (D) can be applied in particular to the generation of dynamic tokens.
Assuming that the two communication parties are located in different geographic positions, the mobile phone at the transmitting end is located in latitude 40.7128 degrees N and longitude-74.0060 degrees W (A city), and the mobile phone at the receiving end is located in latitude 34.0522 degrees N and longitude-118.2437 degrees W (B city). To encode this geographical location information into L, the following steps may be taken:
1. quantifying latitude and longitude: converting latitude and longitude to integer form, e.g., 40.7128 °n in market a may be converted to 407128, -74.0060 °w to-740060; 34.0522 °n in B was converted to 340522, -118.2437 °w was converted to-1182437.
2. Merging quantized values: And combining the quantized latitude and longitude values of the transmitting end and the receiving end. For example, combining 407128 and-740060 in A and 340522 and-1182437 in B may simply result in "407128-740060340522-1182437" by string concatenation.
3. Applying a hash function: to convert the combined strings into a fixed length code, a hash function may be applied. For example, "407128-740060340522-1182437" is processed using the SHA-256 hash function to obtain L.
The physical characteristics of the device may include the device model, manufacturer, and possibly hardware ID. Assume that the transmitting-end device is "Samsung Galaxy S20", and the receiving-end device is "iPhone 12".
1. Extracting key characteristic information: extracting keywords from the device information, for example, for "Samsung Galaxy S20", the keywords may be "Samsung", "S20"; for "iPhone 12", the keywords may be "iPhone", "12".
2. Quantization device information: converting these keywords into digital codes, e.g. ,"Samsung"=01、"S20"=20、"iPhone"=02、"12"=12.
3. Combining the quantized values: and combining the quantized values of the transmitting end and the receiving end. According to the above coding, "01200212" can be obtained.
4. Applying a hash function: similar to the processing of the geographical location information, a hash function may be applied to the combined string to obtain D. For example, "01200212" is processed using SHA-256 to give D.
In this way, the encoding of geographic location informationAnd physical characteristics of both communication devices/>Providing additional uniqueness and security for the generation of dynamic tokens. The combination of the information not only reflects the communication environment and the physical condition of the equipment, but also ensures that the generated dynamic token has high randomness and unpredictability through the application of the hash function, and further enhances the security of the high-security mobile phone communication system.
Parameters negotiated in advanceIs common to both communication parties, and reference is made to the description of parameter P in equation 1, which is the same.
Predicted session durationAnd sensitivity level/>, of the current communication sessionThe generation of dynamic tokens is directly affected to ensure that the tokens reflect the specific characteristics of the session.
To understand in depth how to predict session durationAnd sensitivity level/>, of the current communication sessionMerging dynamic tokens/>And ensures that these factors directly affect the generation of tokens, as will be shown by way of specific example.
Assuming that a communication session involves a video conference, both parties expect that the session will last for 30 minutes. In this scenario, the session duration is not only related to the allocation of communication resources, but may also affect the encryption policy employed. A long session may be more prone to use a dynamically updated key mechanism to reduce potential security risks.
To quantify this factor, 30 minutes can be converted to seconds, i.e=1800 Seconds. This value will directly participate in the dynamic token generation formulation, ensuring that the token is able to reflect the expected duration of the session. A long session the token obtained in this way will be different from a short session token, which provides the basis for a session length based security policy.
The video conference described above is assumed to contain sensitive commercial discussions, with higher sensitivity and thus higher sensitivity levels assigned to it. For simplicity, the quantized value of the sensitivity level is set to be 5%=5), Representing higher sensitivity. This level is higher than typical communications (which may be labeled 1 or 2), meaning that stronger security measures are required to protect the session content.
In the dynamic token generation formula,Is used to adjust the generation of tokens to reflect the sensitivity of the communication content. By a function/>Ensures even communication with low sensitivity (/ >)A value close to 1), this part can also have an effect on the results, for higher sensitivity sessions (as in this example/>=5), The contribution will be more pronounced. This design ensures that the generation of tokens can accommodate the communication requirements of different sensitivity levels.
By incorporating specific parameters such as the expected session duration (E) and the sensitivity level (Q) of the current communication session into the token generation process, the dynamic token can more accurately reflect the characteristics of the communication session. This not only improves security but also provides the possibility to adjust the encryption policy according to the specific requirements of the communication. Such a design allows each communication to obtain a unique token that matches its characteristics, thereby ensuring the security and efficiency of the communication.
Network quality [ ]) Available bandwidth (/ >)) Sum signal intensity (/ >)) Are quantized network condition indicators that directly reflect the quality of the current communication. Weight coefficient (/ >)And/>) Sum modulus value (/ >)) Is a parameter in the formula used to adjust the impact of these network metrics. Weight coefficient (/ >)And/>) Sum modulus value (/ >)) The data can be obtained through calculation of experimental data or can be set directly according to expert knowledge.
The% symbols in the formula represent modulo arithmetic to ensure that some computation results are within a certain range, adding complexity and unpredictability to the token generation process.
Network quality (NW), available Bandwidth (BW) and Signal Strength (SS) are key indicators for evaluating the performance of a communication system, directly affecting the stability and efficiency of communication. The following are specific examples of these metrics, showing how to quantify network conditions:
network quality is typically assessed by a combination of factors including delay, packet loss rate, jitter, etc. For simplicity, network quality may be classified into several classes:
-high: indicating low network delay (e.g., less than 30 milliseconds), very low packet loss rate (less than 0.1%), and small jitter (less than 5 milliseconds). In this case, the network quality NW may be quantized to a value of 3.
-In: indicating medium network delay (e.g., 30-100 ms), medium packet loss rate (0.1% -1%), medium jitter (5-15 ms). In this case, NW may be quantized to a value of 2.
-Low: the network delay is high (more than 100 milliseconds), the packet loss rate is high (more than 1%), and the jitter is large (more than 15 milliseconds). In this case, NW is quantized to a value of 1.
Available bandwidth refers to the maximum amount of data that a network can transmit in a particular time, typically in Mbps (megabits per second). For example:
-10Mbps: and the bandwidth level suitable for high-definition video conferences or streaming media playing.
-1Mbps: the method can meet the requirements of general web browsing and standard definition video streaming.
-100Kbps: at this bandwidth, the user may only be able to engage in basic text communications, such as sending an email or instant message.
Signal strength is typically quantified in dBm (decibel milliwatts), reflecting the received strength of a wireless signal:
-50dBm: the signal is very strong and typically indicates that the user is close to the wireless access point.
-70DBm: the signal is good, and is suitable for most online activities.
-90DBm: weak signals, may suffer from unstable connections or reduced speeds.
In the generation process of the dynamic token, the formula for generating the token can be adjusted according to the actual quantized values of the indexes, so that the dynamic token can reflect the current network condition. For example, if the current available Bandwidth (BW) is 1Mbps, the Signal Strength (SS) is-70 dBm, and the network quality (NW) is rated as medium (value 2), these information can be comprehensively considered and influence the generation of dynamic tokens through a specific algorithm to adapt to the current communication environment, so as to ensure the safety and stability of communication.
Further, the dynamic token generation and synchronization unit is specifically configured to:
Selecting hash functions based on user-set security levels Comprises the following species:
SHA-512 is selected as the hash function when the security level is set high;
Selecting SHA-256 when the security level is set to medium;
SHA-1 is selected when the security level is set low.
In this high security mobile communication system, the dynamic token generation and synchronization unit has a unique function that can select different kinds of hash functions H to operate according to security levels set by users or system administrators. This flexible security policy ensures that the system can operate under different security requirements and network environments while optimizing the use of computing resources and maintaining the efficiency of the communication.
To achieve this, the dynamic token generation and synchronization unit contains a security configuration module inside. This module is responsible for receiving user inputs or configuration by the system administrator, selecting the corresponding hash function according to the set security level. The hash function is an algorithm used in cryptography to convert data of arbitrary size into a fixed-size output, and plays an important role in ensuring data integrity, verifying data sources, generating digital signatures, and the like.
The user or administrator may set the security level high when the system needs to process highly sensitive data or operate in a network environment that is considered to be high risk. At this point, the dynamic token generation and synchronization unit will choose to use the SHA-512 hash function. SHA-512 is a secure hash algorithm, which can generate 512-bit long hash value, and provides higher security for the system. It provides greater collision resistance and pre-mapping resistance than SHA-256 and SHA-1, making it almost impossible to break the hash value generated by SHA-512 under current technical conditions.
For general communication needs, if a user or administrator deems a moderate level of security sufficient to secure the data, the system will select SHA-256 as the hash function. SHA-256 belongs to the family of secure hash algorithms as well, generates 256-bit hash values, can provide strong security guarantee, is more computationally efficient, and is suitable for most communication environments.
In the case where security requirements are not high or where computational resource constraints are stringent, the security level may be set low, at which point the system employs a SHA-1 hash function. Although SHA-1 is less secure than SHA-256 and SHA-512, it is computationally lighter and can increase the response speed and processing efficiency of the system while maintaining substantial security.
It is assumed that an intercom system of a small enterprise is employing this high security handset communication system. For strategic meeting discussions at a higher level of the company, the system administrator may set the communication security level high, ensuring encryption using SHA-512. Whereas for daily work reporting or communication of non-sensitive information, a medium security level is set, SHA-256 is used. In the case of poor network conditions or the need for rapid exchange of information, the security level may be temporarily adjusted to a low level, and SHA-1 may be selected to increase the processing speed.
In this way, the dynamic token generation and synchronization unit provides flexible security configuration options for the user, so that the communication system can dynamically adjust the hash function used according to actual security requirements and network environments, and optimize the balance of security and efficiency. The design not only increases the applicability and flexibility of the system, but also provides a solid guarantee for ensuring the safe transmission of sensitive data.
Still further, the dynamic token generation and synchronization unit is further configured to:
carrying out a safety handshake between the mobile phone at the transmitting end and the mobile phone at the receiving end before communication starts;
Determination by the secure handshake negotiation 、/>、/>Specific values of the parameters and generating an initial dynamic token based on these parameters after the handshake is completed.
In this high security mobile communication system, a key function of the dynamic token generation and synchronization unit is to perform a secure handshake procedure with the sender and receiver before the communication session starts. This secure handshake procedure not only establishes a secure communication channel, but also allows both parties to negotiate and determine key parameters for generating dynamic tokens, including P (pre-negotiated parameters), E (predicted session duration), and Q (sensitivity level of the current communication session). This process ensures that the dynamic token accurately reflects the specific characteristics and security requirements of each communication session.
The secure handshake process begins with the sending handset initiating a communication request that is received by the dynamic token generation and synchronization unit. The unit then initiates a secure handshake, which typically includes the steps of verifying the identity of the two parties and establishing an encrypted communication channel. The identity verification can be performed in various modes such as passwords, digital certificates or double-factor authentication, so as to ensure that the identities of the two communication parties are true and reliable.
Once the secure channel is established, both parties begin negotiating the three key parameters P, E, and Q. The P parameter may include secret information or a protocol used in a subsequent encryption process as a pre-negotiated parameter; e parameter, predicted session duration, critical to adjust the validity period of the dynamic token; q parameter, which indicates the sensitivity level of the communication content, directly affects the choice of encryption policy.
Once P, E, and Q parameters are determined, the dynamic token generation and synchronization unit uses these parameters to generate an initial dynamic token through a particular algorithm. This token is then synchronized to the sender and receiver handsets for use as the underlying encryption key for the current communication session.
This secure handshake and dynamic token generation process ensures that each communication is secure while allowing the communication system to flexibly accommodate different communication requirements and security levels. In this way, the high security handset communication system provides a reliable mechanism to ensure the privacy and integrity of communications.
Furthermore, the dynamic token generation and synchronization unit automatically regenerates the dynamic token when detecting that the network condition is switched from the 4G network to the WiFi, and synchronizes the dynamic token to the sending mobile phone and the receiving mobile phone through a safe channel.
In this high security mobile communication system, the dynamic token generation and synchronization unit has a very important capability, namely, the capability of sensing the change of the network condition and making corresponding adjustments accordingly. This unit is able to automatically regenerate dynamic tokens and ensure that these tokens are synchronized to the sender and receiver handsets of the communication via a secure channel, especially when the network switches from 4G to WiFi. The design of this process is intended to ensure that the security of the communication is maintained and enhanced even in the event of a change in the network environment.
The dynamic token generation and synchronization unit has integrated therein a network monitoring module that continuously monitors the current network state. When the user movement causes the network connection to automatically switch from the 4G mobile network to the WiFi network, this change is captured by the network monitoring module. Such a transition in the network environment often means that the physical location of the user has changed or that the user is entering an indoor environment from outdoors, which are factors that may affect the security of the communication.
Upon detecting a network switch from 4G to WiFi, the dynamic token generation and synchronization unit immediately initiates a procedure to regenerate the token. The regeneration process not only considers the current network environment, but also possibly combines the current time stamp, session identifier, possible location information and other parameters, so as to ensure that the newly generated dynamic token can reflect the latest communication environment and security requirements.
The newly generated dynamic token needs to be securely synchronized to the sender and receiver handsets so that both parties can continue encrypted communications. This is accomplished by establishing a secure communication channel, possibly using an already negotiated encryption protocol and a previously generated dynamic token. In this way, new dynamic tokens can be securely distributed to parties without interception or tampering by potential attackers, even in the event of a change in the network environment.
Suppose a is in encrypted communication with B over a 4G network. When a enters a cafe and a's handset automatically connects to the cafe's WiFi, the system detects a change in the network environment immediately. The system then generates a new dynamic token and synchronizes this token to the devices a and B via the previously established secure channel. The communications of a and B then begin to be encrypted using the new dynamic token, ensuring that their communications security is still guaranteed after the network environment changes.
A verification and security monitoring unit 104, configured on the mobile operator platform, for verifying the integrity and source of the encrypted message transmitted therethrough, ensuring that the message is not tampered with and comes from the intended sender; and dynamically adjusting the complexity of the encryption algorithm according to the security level requirement and the network condition of the communication link to balance the security and the communication efficiency, and transmitting the adjusted encryption algorithm to a transmitting end mobile phone and a receiving end mobile phone in the high-security mobile phone communication system.
In the high-security mobile phone communication system provided in this embodiment, the verification and security monitoring unit 104 plays a crucial role, so as to ensure the security and efficiency of communication. The system is positioned on a mobile operator platform, and comprehensively utilizes various technical means to realize the functions. The core tasks of this unit include verifying the integrity and origin of the encrypted message and monitoring the security status of the entire communication process. In addition, it is responsible for dynamically adjusting the complexity of the encryption algorithm based on real-time network conditions and the security level of the communication link.
First, with respect to verifying the integrity and origin of the encrypted messages, the verification and security monitoring unit 104 employs advanced verification techniques to ensure that each message transmitted through the system is neither tampered with nor does it come from the sender of the claims. This process involves digitally signing the message and/or employing techniques such as Message Authentication Codes (MACs) to ensure the authenticity and integrity of the message. Digital signature technology allows the receiver to verify that the message was indeed sent by the intended sender and was not tampered with during transmission. This authentication mechanism is critical to preventing man-in-the-middle attacks and other forms of security threats.
Second, the unit is also responsible for monitoring network conditions such as bandwidth utilization, delay, and packet loss rate. Based on these real-time data, the verification and security monitoring unit 104 can dynamically adjust the complexity of the encryption algorithm used to balance security and communication efficiency.
In this high security mobile communication system, the complexity of dynamically adjusting the encryption algorithm according to the security level requirements and network conditions of the communication link is a core feature. How this is carried out is illustrated below by specific examples:
Example 1 network conditions are good and security level requirements are high:
Suppose a and B are communicating sensitive business information through the communication system. The current network conditions are good, the bandwidth is sufficient, and the signal strength is strong (e.g., the bandwidth is 100 Mbps, the signal strength is-50 dBm). At the same time, the required security level is very high, since the information exchanged is very sensitive.
In this case, the authentication and security monitoring unit evaluates the current communication environment and decides to use a more complex encryption algorithm, such as 256-bit AES encryption, to secure the communication content. Although more complex encryption algorithms may slightly increase processing time, this does not have a significant impact on communication efficiency due to good network conditions. Therefore, in this case, the system tends to prioritize security over efficiency.
Example 2 network conditions are poor but security requirements are relatively low:
Consider another situation, where a and B are communicating some non-sensitive daily information through the system. At this time, the network conditions are poor, for example, the user is in an area where signal coverage is poor (bandwidth 5 Mbps, signal strength-90 dBm).
In view of the low content sensitivity of communications and to ensure that the smoothness of communications is maintained even in the case of poor network conditions, the system may decide to use a relatively simple encryption algorithm, such as 128-bit AES encryption. Thus, even if the network conditions are not good, the communication can still be carried out smoothly, and enough safety protection can still be provided, so that the requirement of low-sensitivity communication is met.
Example 3 dynamic adaptation to network changes:
It is assumed that a and B are initially in a good network environment during a communication session, but that a moves to an area of poor network coverage during the session. The system monitors network conditions in real time and finds this change (e.g., bandwidth drops from 50 Mbps to 10 Mbps, signal strength changes from-60 dBm to-85 dBm).
In this case, the verification and security monitoring unit dynamically adjusts the complexity of the encryption algorithm, and may reduce from the initial 256-bit AES encryption to 192-bit AES encryption, so as to reduce the computational burden in the encryption and decryption process, ensure the smoothness of communication, and also ensure the security of communication. The dynamic adjustment mechanism enables the system to flexibly cope with the change of the network environment and balance the security and the communication efficiency.
The examples show how the high-security mobile phone communication system dynamically adjusts the complexity of the encryption algorithm according to the security requirement of communication and the real-time network condition, ensures the security of communication, can adapt to different network environments and optimizes the communication efficiency.
Further, the verification and security monitoring unit comprises an abnormal behavior detection module for monitoring transmission characteristics of the encrypted message in real time so as to timely identify and respond to potential security threats; wherein the transmission characteristics include transmission frequency and size, and the security threat includes denial of service attacks or data leakage.
In this high security mobile phone communication system, the authentication and security monitoring unit plays a crucial role, in particular, the abnormal behavior detection module therein. This module is specifically designed to monitor in real time key features of the ongoing encrypted message transmission, such as the transmission frequency and message size. By continuously monitoring these features, the system can discover and deal with potential security threats, such as denial of service (DoS) attacks and data leaks, in a timely manner, thereby protecting communications from damage.
The abnormal behavior detection module collects and analyzes the transmission characteristics of all encrypted messages in real time. The transmission frequency refers to the rate at which messages are sent and received in a particular time, and the transmission size refers to the data size of the messages. Under normal communication conditions, these features may follow a pattern or range. The abnormal behavior detection module presets normal transmission frequency and magnitude thresholds, and when the detected actual value exceeds the preset thresholds, the system considers the abnormal behavior.
Through real-time monitoring and analysis of transmission characteristics, the abnormal behavior detection module can timely identify possible security threats. For example, if a sudden increase in transmission frequency is monitored for a short period of time, which may be an indication of a denial of service attack, an attacker attempts to overload the system by sending a large number of requests, resulting in normal communication requests not being handled. Also, if an abnormally large message is detected to be sent, this may be an indication of data leakage, indicating that a large amount of data is being illegally transmitted.
Upon detection of a potential security threat, the abnormal behavior detection module may immediately take action to deal with. Such measures may include temporarily blocking transmission of messages from suspected sources, notifying a system administrator, or automatically initiating a more stringent encryption protocol to protect data. Meanwhile, the module can also help identify the source of the attack by analyzing the abnormal behavior mode, and information support is provided for further safety response.
Assume that the system administrator sets a normal transmission frequency threshold of at most 100 messages per second, and a transmission size threshold of at most 1MB per message. If the abnormal behavior detection module detects that the number of messages from the same source suddenly increases to thousands of messages per second within a minute, or that a certain message is much more than 1MB in size, the module immediately marks this behavior as abnormal and triggers a safety response mechanism.
In this way, the abnormal behavior detection module in the high-security mobile phone communication system provides an important security layer for communication. The method not only can monitor and analyze key transmission characteristics in the communication process in real time, but also can timely identify and cope with potential security threats, and ensures the safety and reliability of communication.
Furthermore, the verification and security monitoring unit comprises a user authentication module for performing a user authentication step before the communication session starts, so as to enhance the security of the identity verification of both communication parties.
In this high security mobile communication system, the verification and security monitoring unit plays a crucial role, in particular its subscriber authentication module. The module is responsible for performing a series of user authentication steps prior to the start of a communication session, a key step in ensuring the security of the communication, as it directly verifies the identity of both parties of the communication, preventing access by unauthorized users and potential security threats.
The first step in the operation of the user authentication module is to identify and verify the identity of the user attempting to initiate a communication. This process may be accomplished in a variety of ways including, but not limited to, passwords, digital certificates, biometric identification techniques (e.g., fingerprint or facial recognition), or physical device-based authentication (e.g., smart cards or one-time password generators).
At the beginning of the authentication process, the user may be required to provide his authentication information, such as entering a password or performing a biometric scan. The user authentication module then compares the provided information with preset or pre-registered user authentication data stored in the system. If the matching is successful, the authentication module confirms the identity of the user and allows the establishment of the communication session; if the match fails, the communication session will be rejected and a security alarm may be triggered.
By doing so before the communication session begins, the system ensures that only authenticated users can participate in the communication. The pre-authentication mechanism remarkably enhances the security of the whole communication system, and effectively prevents the risks of identity theft and data leakage.
In addition, the user authentication module may be configured to support multi-factor authentication (MFA), which is a higher level of security that requires the user to provide two or more verification factors to complete authentication. These factors generally come from the following three classes: knowledge (something that some users know, such as a password), possession (something that some users have, such as a security token), biometric (biometric information of users, such as a fingerprint). By combining these different types of verification factors, multi-factor authentication can provide a higher security than single authentication methods.
Suppose a wishes to send an important file to B over this communication system. Before the communication session begins, the system prompts a for authentication. A has chosen to use facial recognition as an authentication method. The system confirms the identity of a by accessing the facial recognition data of a stored on the device. Subsequently, the system also requires B to perform authentication, B has selected the input password. Only after both a and B successfully pass the authentication will an encrypted communication session be established between them, ensuring the security of the communication.
By arranging such a user authentication module in the mobile phone communication system, the high-security mobile phone communication system provides a solid security foundation, ensures that only authorized users can participate in communication, and remarkably reduces security risks.
In summary, the verification and security monitoring unit 104 provides a strong security guarantee and efficient communication capability for the mobile phone communication system through its highly advanced verification technology and dynamic encryption algorithm adjustment mechanism, so as to ensure the security, integrity and high efficiency of the communication process.
In the high-security mobile phone communication system based on dynamic token link encryption provided in this embodiment, the communication process between the mobile phones at the transmitting end and the receiving end involves a plurality of key steps and components to ensure the security and efficiency of communication. The following is a detailed description of the communication process:
1. initiating a communication session:
When one party (the transmitting end) wishes to start communication with the other party (the receiving end), a dynamic token is first requested from the dynamic token generation and synchronization unit via the network. This request contains dynamic factors of the current communication environment and specific parameters of the communication session, such as time stamps, physical characteristics of the device, expected session duration, geographic location of both parties, network quality and bandwidth, and sensitivity level of the communication content.
2. Generating and synchronizing dynamic tokens:
The dynamic token generation and synchronization unit processes the request from the transmitting end on the mobile operator platform and generates a dynamic token according to the provided information and the internal algorithm. This process takes into account all relevant dynamic factors and specific parameters to ensure that the dynamic token generated is unique. The generated dynamic tokens are then synchronized to the devices on the sender and receiver.
3. Encrypting the communication content:
the communication encryption unit of the sender handset generates a key using a dynamic token that is synchronized to the device. It then encrypts the message to be sent using this key and an encryption algorithm provided by the authentication and security monitoring unit. This step ensures the security of the message content during transmission.
4. Transmitting an encrypted message:
The encrypted message is sent to the receiving end through the network. The encryption status of the message ensures that even if the data is intercepted, an unauthorized third party cannot understand the content of the message throughout the transmission.
5. Decrypting the communication content:
the communication decryption unit of the mobile phone at the receiving end uses the same dynamic token as the sending end to generate a corresponding secret key. It then decrypts the received encrypted message using this key and a corresponding decryption algorithm, recovering the original message content.
6. Verifying message integrity and origin:
at the receiving end, the verification and security monitoring unit further verifies the integrity and origin of the message, ensuring that the message is not tampered with and indeed comes from the intended sender. This is accomplished by checking the digital signature of the message or other authentication mechanism.
7. Dynamically adjusting an encryption algorithm:
The authentication and security monitoring unit can also dynamically adjust the complexity of the encryption algorithm to balance security and communication efficiency based on the current security level and network conditions of the communication link. This adjustment is based on the network status monitored in real time, ensuring that the communication is both safe and efficient under any given network condition.
Through the process, the high-safety mobile phone communication system can provide strong safety protection for communication between the sending end and the receiving end, ensure the privacy and the integrity of the message content, and simultaneously adapt to the continuously changing network environment and safety requirements.
While the application has been described in terms of preferred embodiments, it is not intended to be limiting, but rather, it will be apparent to those skilled in the art that various changes and modifications can be made herein without departing from the spirit and scope of the application as defined by the appended claims.
Claims (9)
1. A high security cellular communication system based on dynamic token link encryption, comprising:
the communication encryption unit is configured in the mobile phone and is used for generating a key according to the dynamic token provided by the dynamic token generation and synchronization unit; encrypting the message to be transmitted using the generated key and an encryption algorithm provided by the authentication and security monitoring unit;
the communication decryption unit is configured in the mobile phone and is used for generating a key according to the dynamic token provided by the dynamic token generation and synchronization unit; decrypting the received encrypted message by using the generated secret key and an encryption algorithm provided by the verification and security monitoring unit to obtain the original message content;
The dynamic token generation and synchronization unit is configured on the mobile operator platform and is used for generating a dynamic token based on specific parameters of the current communication session and dynamic factors of the current communication environment; a dynamic token is synchronously generated between a sending mobile phone and a receiving mobile phone of the high-security mobile phone communication system; wherein, the dynamic factors of the current communication environment comprise a time stamp, a session identifier and the physical characteristics of the two devices; the specific parameters of the current communication session include the expected session duration, the geographic location of both parties to the communication, the network quality and bandwidth, the device security status, and the sensitivity level of the communication content;
The verification and security monitoring unit is configured on the mobile operator platform and is used for verifying the integrity and the source of the encrypted message transmitted through the mobile operator platform, so as to ensure that the message is not tampered and comes from an expected sender; and dynamically adjusting the complexity of the encryption algorithm according to the security level requirement and the network condition of the communication link to balance the security and the communication efficiency, and transmitting the adjusted encryption algorithm to a transmitting end mobile phone and a receiving end mobile phone in the high-security mobile phone communication system.
2. The high security mobile phone communication system according to claim 1, wherein the communication encryption unit is specifically configured to:
the key is generated according to equation 1 as follows:
;
Wherein, Representing the generated key; /(I)And/>Is a hash function; /(I)Is a dynamic token, and is provided by a dynamic token generation and synchronization unit; /(I)Is a session identifier between the sender mobile phone and the receiver mobile phone; /(I)Is a pre-negotiated parameter shared between the sender handset and the receiver handset.
3. The high security mobile phone communication system according to claim 1, wherein the dynamic token generation and synchronization unit is specifically configured to:
The dynamic token is generated according to equation 2 as follows:
;
Wherein, Representing the generated dynamic token; /(I)Is a hash function used to ensure the randomness of the dynamic token; /(I)Is a session identifier between the sender mobile phone and the receiver mobile phone; /(I)Representing a current timestamp; /(I)Encoding geographic location information representing devices of both communication parties; /(I)Representing the physical characteristics of the devices of both communication parties; /(I)Is a pre-negotiated parameter shared between the sender mobile phone and the receiver mobile phone; /(I)Is the expected session duration; /(I)A sensitivity level representing a current communication session; /(I)A quantization index representing network quality, a high value representing good network conditions, and a low value representing poor network conditions; /(I)A quantized value representing the available bandwidth, representing the maximum data transfer rate available for the current session; /(I)Representing signal intensity; /(I)And/>Is a weight coefficient; /(I)Is a modulus value.
4. The high security mobile communication system according to claim 3, wherein the dynamic token generation and synchronization unit is specifically configured to:
Selecting hash functions based on user-set security levels Comprises the following species:
SHA-512 is selected as the hash function when the security level is set high;
Selecting SHA-256 when the security level is set to medium;
SHA-1 is selected when the security level is set low.
5. The high security cellular telephone communication system of claim 3, wherein the dynamic token generation and synchronization unit is further configured to:
carrying out a safety handshake between the mobile phone at the transmitting end and the mobile phone at the receiving end before communication starts;
Determination by the secure handshake negotiation 、/>、/>Specific values of the parameters, and generating an initial dynamic token based on the negotiated parameters after the handshake is completed.
6. The high security mobile phone communication system according to claim 1, wherein the dynamic token generation and synchronization unit automatically regenerates the dynamic token and synchronizes to the transmitting mobile phone and the receiving mobile phone through the secure channel when detecting that the network condition is switched from the 4G network to the WiFi.
7. The high security handset communication system according to claim 1, wherein said communication encryption unit comprises an encryption strength selection module capable of automatically selecting encryption strength based on the characteristics of the dynamic token and the sensitivity level of the current communication session, thereby optimizing the computational resource consumption of the encryption process without sacrificing security.
8. The high security mobile communication system of claim 1, wherein the authentication and security monitoring unit comprises an abnormal behavior detection module for monitoring transmission characteristics of encrypted messages in real time to timely identify and respond to potential security threats; wherein the transmission characteristics include transmission frequency and size, and the security threat includes denial of service attacks or data leakage.
9. The high security mobile communication system of claim 1, wherein the authentication and security monitoring unit comprises a user authentication module for performing a user authentication step prior to initiation of the communication session to enhance security of authentication of both parties.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410405216.XA CN118019000B (en) | 2024-04-07 | High-security mobile phone communication system based on dynamic token link encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410405216.XA CN118019000B (en) | 2024-04-07 | High-security mobile phone communication system based on dynamic token link encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118019000A true CN118019000A (en) | 2024-05-10 |
| CN118019000B CN118019000B (en) | 2024-10-22 |
Family
ID=
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103635912A (en) * | 2011-02-25 | 2014-03-12 | 威斯科数据安全国际有限公司 | Method and apparatus for encoding and decoding data transmitted to an authentication token |
| US20160335531A1 (en) * | 2015-05-12 | 2016-11-17 | Dynamics Inc. | Dynamic security codes, tokens, displays, cards, devices, multi-card devices, systems and methods |
| CN115051809A (en) * | 2022-06-15 | 2022-09-13 | 道和邦(广州)电子信息科技有限公司 | SMG-wscomm-Msession-ECToken dynamic token technology based on encrypted CookieToken login-free authentication |
| CN115643573A (en) * | 2022-09-30 | 2023-01-24 | 东方中泰(北京)科技有限公司 | Privileged account authentication method and system based on dynamic security environment |
| CN117201076A (en) * | 2023-08-01 | 2023-12-08 | 中电信量子科技有限公司 | Identity authentication and key distribution method and system based on white-box cryptographic algorithm |
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103635912A (en) * | 2011-02-25 | 2014-03-12 | 威斯科数据安全国际有限公司 | Method and apparatus for encoding and decoding data transmitted to an authentication token |
| US20160335531A1 (en) * | 2015-05-12 | 2016-11-17 | Dynamics Inc. | Dynamic security codes, tokens, displays, cards, devices, multi-card devices, systems and methods |
| CN115051809A (en) * | 2022-06-15 | 2022-09-13 | 道和邦(广州)电子信息科技有限公司 | SMG-wscomm-Msession-ECToken dynamic token technology based on encrypted CookieToken login-free authentication |
| CN115643573A (en) * | 2022-09-30 | 2023-01-24 | 东方中泰(北京)科技有限公司 | Privileged account authentication method and system based on dynamic security environment |
| CN117201076A (en) * | 2023-08-01 | 2023-12-08 | 中电信量子科技有限公司 | Identity authentication and key distribution method and system based on white-box cryptographic algorithm |
Non-Patent Citations (1)
| Title |
|---|
| 孙前明, 周斌: "时间同步双因素身份认证系统在江苏网通的应用", 电信科学, no. 03, 15 March 2005 (2005-03-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4199074B2 (en) | Method and apparatus for secure data communication link | |
| EP2803165B1 (en) | System and method of lawful access to secure communications | |
| CN105828332B (en) | improved method of wireless local area network authentication mechanism | |
| CN113626802B (en) | Login verification system and method for equipment password | |
| US20100005300A1 (en) | Method in a peer for authenticating the peer to an authenticator, corresponding device, and computer program product therefore | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| WO2016082401A1 (en) | Conversation method and apparatus, user terminal and computer storage medium | |
| CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
| Di Pietro et al. | A two-factor mobile authentication scheme for secure financial transactions | |
| CN109492359B (en) | Secure network middleware for identity authentication and implementation method and device thereof | |
| CN118019000B (en) | High-security mobile phone communication system based on dynamic token link encryption | |
| Gardezi | Security in wireless cellular networks | |
| KR101451163B1 (en) | System and method for access authentication for wireless network | |
| CN112054905B (en) | Secure communication method and system of mobile terminal | |
| CN118019000A (en) | High-security mobile phone communication system based on dynamic token link encryption | |
| KR102308247B1 (en) | Encryption communication device equipped with quantum encryption chip based a quantum random number and method of providing encryption communication service using the same | |
| Islam et al. | Security enhancement of d2d communication based on handshaking mechanism | |
| Astrakhantsev et al. | Improving user security during a call | |
| Zhang | End-to-end encrypted communication security technology for mobile terminals | |
| Nour-El Aine et al. | Securing IoT Communication: A Steganographic Protocol for Efficient Mutual Authentication and Data Integrity | |
| Zhu et al. | Unified layered security architecture for cognitive radio networks | |
| CN118740420A (en) | Security protection system and method for Internet of things server | |
| CN104901932A (en) | Secure login method based on CPK (Combined Public Key Cryptosystem) identity authentication technology | |
| CN115603957A (en) | Communication data processing method and device based on VOIP communication and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |