CN118118276A

CN118118276A - Speech encryption near-end device, far-end device, system and encryption and decryption method based on coprocessor

Info

Publication number: CN118118276A
Application number: CN202410508750.3A
Authority: CN
Inventors: 余文珣; 余斯聪; 钟英南; 郭艺钊; 林烨; 张钦杨; 刘少燕
Original assignee: Guangdong Achieve Information Technology Development Co ltd
Current assignee: Guangdong Achieve Information Technology Development Co ltd
Priority date: 2024-04-26
Filing date: 2024-04-26
Publication date: 2024-05-31
Anticipated expiration: 2044-04-26
Also published as: CN118118276B

Abstract

The application relates to a voice encryption near-end device, a far-end device, a system and an encryption and decryption method based on a coprocessor, wherein the near-end device comprises an uplink codec chip; an uplink DSP chip; the uplink communication processor is used for receiving the code stream formed after the PCM audio data from the target mobile transmitting terminal is processed, carrying out network side processing, encrypting to obtain encrypted audio data and transmitting the encrypted audio data; the uplink communication processor generates a first key for voice call encryption protection by acquiring a private key protection password of a target mobile transmitting terminal and an identification private key for voice call encryption protection and temporarily negotiating; deriving a temporary negotiated second key from the first key; and deriving a third key, a fourth key and a fifth key for temporarily negotiating the voice call through the second key so as to encrypt the encrypted audio data. The application has the effect of improving the voice data security of the existing encrypted communication mobile intelligent terminal.

Description

Speech encryption near-end device, far-end device, system and encryption and decryption method based on coprocessor

Technical Field

The application relates to the technical field of voice user service encryption, in particular to a voice encryption near-end device, a far-end device, a system and an encryption and decryption method based on a coprocessor.

Background

In the prior art, when a mobile intelligent terminal performs voice call, in order to ensure the security of voice data, an encryption key is used for encryption protection for the voice data. The encryption communication mobile intelligent terminal uses the mobile phone number as an identity mark based on an SM9 algorithm, so that the voice call encryption protection is realized. However, as the SM9 algorithm is popularized and widely used in the end-to-end voice call scene, sensitive data is easily stolen by an attacker by utilizing means such as system loopholes, malicious interception, trojan virus implantation and the like, and the security problem of voice data of the existing encrypted communication mobile intelligent terminal is caused.

Disclosure of Invention

In order to improve the security of voice data of the existing encrypted communication mobile intelligent terminal, the application provides a voice encryption near-end device, a far-end device, a system and an encryption and decryption method based on a coprocessor.

In a first aspect, the present application provides a coprocessor-based voice encryption near-end apparatus.

The application is realized by the following technical scheme:

A voice encryption near-end device based on a coprocessor is applied to mobile phone call and comprises,

The uplink codec chip is used for collecting PCM audio data of the target mobile transmitting terminal;

the uplink DSP chip is used for receiving the PCM audio data and obtaining a code stream after resampling, preprocessing and encoding;

The uplink communication processor is used for receiving the code stream, carrying out network side processing, encrypting to obtain encrypted audio data and transmitting the encrypted audio data;

The uplink communication processor generates a first key for voice call encryption protection by acquiring a private key protection password of the target mobile transmitting terminal and an identification private key for voice call encryption protection and temporarily negotiating; deriving a temporarily negotiated second key from the first key; deriving a third key for voice call temporary negotiation, a fourth key for voice call temporary negotiation and a fifth key for voice call temporary negotiation from the second key; and encrypting by using the third key, the fourth key and the fifth key to obtain encrypted audio data.

The present application may be further configured in a preferred example to: the upstream communication processor includes an identification private key module,

The identification private key module is used for generating an identification private key for voice call encryption protection, and comprises the following formula,

PRK = HMAC-Hash(salt, IKM)

Wherein PRK represents an identification private key, salt represents a salt value, and the salt is a key generated by using any pseudo-random number generator, the length of the key is the block size of a corresponding hash algorithm, and 0 is used for filling by default; IKM denotes an original key; HMAC represents a Hash operation message authentication code, which is IKM message authentication code calculated by taking IKM as plaintext and salt as a key based on a Hash () function.

The present application may be further configured in a preferred example to: the upstream communication processor further comprises a first key module,

The first key module is used for enabling the two parties of the call to pass through an SM9 algorithm, the first key is calculated using R _ i, where r_r represents the generated random number and r_i represents any random function.

The present application may be further configured in a preferred example to: the upstream communication processor further comprises a second key module,

The second key module is used for combining the first key by adopting an SM3 algorithm and deriving the second key.

The present application may be further configured in a preferred example to: the upstream communication processor further comprises a key derivation module,

The key derivation module is configured to derive the third key, the fourth key, and the fifth key by using an SM4 algorithm and combining the second key.

In a second aspect, the present application provides a coprocessor-based voice encryption method.

The application is realized by the following technical scheme:

the voice encryption method based on the coprocessor is applied to any voice encryption near-end device based on the coprocessor, the uplink communication processor executes the following steps,

Acquiring a private key protection password of the target mobile sending terminal and an identification private key for voice call encryption protection, and temporarily negotiating to generate a first key for voice call encryption protection;

deriving a temporary negotiated second key based on the first key;

Deriving a third key for voice call temporary negotiation, a fourth key for voice call temporary negotiation and a fifth key for voice call temporary negotiation according to the second key;

And encrypting by using the third key, the fourth key and the fifth key to obtain encrypted audio data.

The present application may be further configured in a preferred example to: the identification private key is generated using the following formula,

PRK = HMAC-Hash(salt, IKM)

The present application may be further configured in a preferred example to: comprising the steps of, when deriving a temporary negotiated second key based on said first key,

The second secret key is derived by adopting a pseudo random function PRF in an MIKEY protocol, wherein input parameters of the pseudo random function PRF comprise the first secret key, a preset safety session, a safety session set randomly generated by the target mobile transmitting terminal and a random RAND value generated by a random function RAND.

The present application may be further configured in a preferred example to: deriving a third key for temporary negotiations of a voice call from said second key, comprising the steps of,

Dividing the second key to obtain an uplink key and a downlink key, wherein the byte length of the second key is 60;

taking the last 14 bytes of the uplink key or the downlink key, and updating the first 14 bytes of a preset first target parameter, wherein the byte length of the first target parameter is 16;

And deriving the third key according to the first target parameter and the first 16 bytes of the uplink key or according to the first target parameter and the first 16 bytes of the downlink key by using an SM4 algorithm, wherein the byte length of the third key is 16.

The present application may be further configured in a preferred example to: deriving a fourth key for temporary negotiations of voice calls based on the second key, comprising the steps of,

Taking the last 14 bytes of the uplink key or the downlink key, and performing exclusive OR operation with a label with the value of 0x02 to obtain a second target parameter;

And deriving the fourth key according to the second target parameter and the first 16 bytes of the uplink key or according to the second target parameter and the first 16 bytes of the downlink key by using an SM4 algorithm, wherein the byte length of the fourth key is 14.

The present application may be further configured in a preferred example to: deriving a fifth key for temporary negotiations of a voice call based on the second key, comprising the steps of,

Taking the last 14 bytes of the uplink key or the downlink key, and performing exclusive OR operation on the label with the value of 0x01 to obtain a third target parameter;

And deriving the fifth key according to the third target parameter and the first 16 bytes of the uplink key or according to the third target parameter and the first 16 bytes of the downlink key by using an SM4 algorithm, wherein the byte length of the fifth key is 32.

The present application may be further configured in a preferred example to: when the third key, the fourth key and the fifth key are used for encrypting to obtain the encrypted audio data, the method comprises the following steps,

And taking the third key as a key of an SM4 algorithm, combining the fourth key, the identification number of the target data packet and the serial number of the target data packet, and calculating to generate an IV value so as to encrypt voice data and control data in the target data packet, thereby obtaining the encrypted target data packet.

The present application may be further configured in a preferred example to: when the third key, the fourth key and the fifth key are used for encrypting the obtained encrypted audio data, the method further comprises the following steps,

Based on the fifth key, verifying the head part and the payload of the encrypted target data packet by using an HMAC-SM3 algorithm, generating a verification tag, and adding the verification tag to the tail part of the encrypted target data packet, wherein the encryption is carried out at the moment, so that the encrypted audio data is obtained, and the byte length of the verification tag is 16.

The present application may be further configured in a preferred example to: the method also comprises the following steps of,

And immediately destroying the third key, the fourth key and the fifth key after encrypting the encrypted audio data.

In a third aspect, the present application provides a coprocessor-based voice encryption remote device.

The application is realized by the following technical scheme:

A voice encryption remote device based on a coprocessor is applied to mobile phone call and comprises,

The downlink communication processor is used for receiving the encrypted audio data sent by the uplink communication processor, carrying out network side processing and decrypting to obtain the original audio data;

The downlink DSP chip is used for receiving the original audio data, and obtaining PCM audio data after decoding, post-processing and resampling;

the downlink codec chip is used for receiving the PCM audio data and playing the PCM audio data;

The downlink communication processor acquires a key protection password of the target mobile receiving terminal and a device root key for voice call encryption protection; deriving an application authentication key for temporary negotiation, a device authentication key for temporary negotiation and a device clearing key for temporary negotiation based on the device root key derivation; and decrypting the original audio data by using the application authentication key, the equipment authentication key and the equipment clearing key.

The present application may be further configured in a preferred example to: the downstream communication processor includes a device root key module,

The device root key module is used for deriving the device root key based on the target mobile sending terminal ID or the target mobile receiving terminal ID, and the device root key meets the preset length byte.

The present application may be further configured in a preferred example to: the downstream communication processor further comprises a key storage module,

The key storage module is used for dividing the device root key into two sub-keys by adopting a split key storage mode, wherein one sub-key is stored in the TEE, the other sub-key is stored in the downlink communication processor, and the resources in the downlink communication processor are only acquired and called by the TEE.

The present application may be further configured in a preferred example to: the downstream communication processor further comprises a key transmission module,

The key transmission module is used for encrypting and transmitting the sub-key stored in the TEE to the TEE by adopting an SM4 algorithm.

In a fourth aspect, the present application provides a coprocessor-based speech decryption method.

The application is realized by the following technical scheme:

The voice decryption method based on the coprocessor is applied to any voice encryption remote device based on the coprocessor, the downlink communication processor executes the following steps,

Acquiring a key protection password PIN_E code of a target mobile receiving terminal and an equipment root key for voice call encryption protection;

deriving an application authentication key for temporary negotiation, a device authentication key for temporary negotiation and a device clearing key for temporary negotiation based on the device root key derivation;

and decrypting the original audio data by using the application authentication key, the equipment authentication key and the equipment clearing key.

In a fifth aspect, the present application provides a coprocessor-based voice encryption system.

The application is realized by the following technical scheme:

A voice encryption system based on a coprocessor is applied to mobile phone call and comprises,

The voice encryption near-end device collects PCM audio data of the target mobile transmitting terminal through the uplink codec chip;

The voice encryption near-end device receives the PCM audio data through an uplink DSP chip and carries out resampling, preprocessing and encoding to obtain a code stream;

The voice encryption near-end device receives the code stream through an uplink communication processor, processes the code stream on a network side, encrypts the code stream to obtain encrypted audio data and sends the encrypted audio data;

the uplink communication processor generates a first key for voice call encryption protection by acquiring a private key protection password of the target mobile transmitting terminal and an identification private key for voice call encryption protection, generates a second key for temporary negotiation by deriving the first key, generates a third key for voice call temporary negotiation by deriving the second key, generates a fourth key for voice call temporary negotiation and a fifth key for voice call temporary negotiation, and encrypts the encrypted audio data;

the voice encryption remote device receives the encrypted audio data through a downlink communication processor, processes the encrypted audio data at a network side and decrypts the encrypted audio data to obtain original audio data;

the downlink communication processor obtains an application authentication key for temporary negotiation, an equipment authentication key for temporary negotiation and an equipment clearing key for temporary negotiation by obtaining a key protection password of a target mobile receiving terminal and an equipment root key for voice call encryption protection through derivation, and obtains the original audio data through decryption based on the equipment root key;

the voice encryption remote device receives the original audio data through a downlink DSP chip, and obtains the PCM audio data after decoding, post-processing and resampling;

and the voice encryption remote device receives the PCM audio data through the downlink codec chip and plays the PCM audio data.

In summary, compared with the prior art, the technical scheme provided by the application has the beneficial effects that at least:

The uplink codec chip collects PCM audio data of the target mobile transmitting terminal; the uplink DSP chip receives the PCM audio data, and carries out resampling, preprocessing and encoding to obtain a code stream; the uplink communication processor receives the code stream, processes the code stream at the network side, encrypts the code stream to obtain encrypted audio data and transmits the encrypted audio data; the uplink communication processor generates a first key for voice call encryption protection by acquiring a private key protection password of a target mobile transmitting terminal and an identification private key for voice call encryption protection and temporarily negotiating; deriving a temporary negotiated second key from the first key; deriving a third key for voice call temporary negotiation, a fourth key for voice call temporary negotiation and a fifth key for voice call temporary negotiation from the second key; the third key, the fourth key and the fifth key are utilized to encrypt and obtain encrypted audio data, so that confidentiality of voice data is improved, safety of voice data of the existing encrypted communication mobile intelligent terminal is improved, and occurrence of replay attack of voice data packets can be reduced.

Drawings

Fig. 1 is a topology diagram of an application scenario of a coprocessor-based voice encryption system according to an exemplary embodiment of the present application.

Fig. 2 is a schematic diagram of a partial key derivation relationship of a voice encryption near/far-end device based on a coprocessor according to an exemplary embodiment of the present application.

Fig. 3 is a schematic diagram of a key hierarchy of a voice encryption system based on a coprocessor according to an exemplary embodiment of the present application.

Fig. 4 is a schematic flow chart of a voice encryption key negotiation protocol based on a coprocessor according to an exemplary embodiment of the present application.

Fig. 5 is a schematic diagram of audio data flow of a voice encryption near/far-end device based on a coprocessor according to an exemplary embodiment of the present application.

Detailed Description

The present embodiment is only for explanation of the present application and is not to be construed as limiting the present application, and modifications to the present embodiment, which may not creatively contribute to the present application as required by those skilled in the art after reading the present specification, are all protected by patent laws within the scope of claims of the present application.

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein, as specifically described in the method, generally indicates that the associated object is an "or" relationship.

The embodiment of the application provides a voice encryption near-end device based on a coprocessor, which is applied to mobile phone conversation and comprises,

The uplink communication processor generates a first key TGK for voice call encryption protection by acquiring a private key protection password PIN_P code of the target mobile transmitting terminal and an identification private key PRK for voice call encryption protection and temporarily negotiating; deriving a temporary negotiated second key TEK from the first key TGK; obtaining a third key Session key for voice call temporary negotiation, a fourth key Session salt for voice call temporary negotiation and a fifth key Session auth key for voice call temporary negotiation through the second key derivation; and encrypting by using the third key, the fourth key and the fifth key to obtain encrypted audio data.

In one embodiment, the upstream communication processor includes an identification private key module,

The identification private key module is used for generating an identification private key PRK for voice call encryption protection, and comprises the following formula,

PRK = HMAC-Hash(salt, IKM)

In one embodiment, the upstream communication processor further comprises a first key module,

The first key module is used for enabling the two parties of the call to calculate the first key TGK by adopting r_r_R_i through SM9 algorithm, where r_r represents the generated random number and r_i represents any random function.

In one embodiment, the upstream communication processor further comprises a second key module,

The second key module is used for combining the first key TGK by adopting an SM3 algorithm to derive the second key TEK.

In one embodiment, the upstream communication processor further comprises a key derivation module,

The above-described modules in a coprocessor-based voice encryption near-end device may be implemented in whole or in part in software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

The embodiment of the application also provides a voice encryption remote device based on the coprocessor, which is applied to mobile phone conversation and comprises,

the downlink communication processor acquires a key protection password PIN_E code of the target mobile receiving terminal and a device root key DRK for voice call encryption protection; deriving an application authentication key AAK for temporary negotiation, a device authentication key DAK for temporary negotiation and a device clearing key WDK for temporary negotiation based on the device root key; and decrypting the original audio data by using the application authentication key, the equipment authentication key and the equipment clearing key.

In one embodiment, the downstream communication processor includes a device root key module,

In one embodiment, the downstream communication processor further comprises a key storage module,

The key storage module is used for dividing the device root key DRK into two sub-keys by adopting a split key storage mode, wherein one sub-key is stored in the TEE, the other sub-key is stored in the downlink communication processor, and resources in the downlink communication processor are only acquired and called by the TEE.

In one embodiment, the downstream communication processor further comprises a key transmission module,

The above-described modules in a coprocessor-based voice encryption remote device may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

The embodiment of the application also provides a voice encryption system based on the coprocessor, which is applied to mobile phone call and comprises,

The uplink communication processor generates a first key TGK for voice call encryption protection by acquiring a private key protection password PIN_P code of the target mobile transmitting terminal and an identification private key PRK for voice call encryption protection, generates a second key TEK for temporary negotiation by deriving the first key TGK, and encrypts to obtain the encrypted audio data by deriving the second key to obtain a third key Session key for voice call temporary negotiation, a fourth key Session salt for voice call temporary negotiation and a fifth key Session auth key for voice call temporary negotiation;

The downlink communication processor obtains an application authentication key AAK for temporary negotiation, a device authentication key DAK for temporary negotiation and a device clearing key WDK for temporary negotiation by obtaining a key protection password PIN_E code of a target mobile receiving terminal and a device root key DRK for voice call encryption protection through derivation, and obtains the original audio data through decryption based on the device root key derivation;

The various modules in a coprocessor-based voice encryption system described above may be implemented in whole or in part in software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

The embodiment of the application also provides a voice encryption method based on the coprocessor, which is applied to any voice encryption near-end device based on the coprocessor in the embodiment. The main steps of the coprocessor-based voice encryption method are described below.

The upstream communication processor performs the following steps,

Acquiring a private key protection password PIN_P code of the target mobile sending terminal and an identification private key PRK for voice call encryption protection, and temporarily negotiating to generate a first key TGK for voice call encryption protection;

Deriving a temporarily negotiated second key TEK based on the first key TGK;

Obtaining a third key Session key for voice call temporary negotiation, a fourth key Session salt for voice call temporary negotiation and a fifth key Session auth key for voice call temporary negotiation according to the second key derivation;

In one embodiment, the identification private key is generated using the following formula,

PRK = HMAC-Hash(salt, IKM)

In one embodiment, deriving the provisional negotiated second key TEK based on said first key TGK, comprises the steps of,

The second key is derived by adopting a pseudo random function PRF in an MIKEY protocol, wherein input parameters of the pseudo random function PRF comprise the first key TGK, a preset secure session cs_id, a secure session set csb_id randomly generated by the target mobile transmitting terminal and a random RAND value generated by a random function RAND.

In one embodiment, when deriving the third key Session key for the temporary negotiation of the voice call according to the second key derivation, the method comprises the following steps,

In one embodiment, when deriving the fourth key Session salt for the temporary negotiation of the voice call according to the second key derivation, the method comprises the following steps,

In one embodiment, when deriving the fifth key Session authkey for the temporary negotiation of the voice call according to the second key derivation, the method comprises the following steps,

In one embodiment, the encrypting the encrypted audio data using the third key, the fourth key and the fifth key comprises the steps of,

In one embodiment, when the third key, the fourth key and the fifth key are used to encrypt the encrypted audio data, the method further comprises the following steps,

In one embodiment, the method further comprises the following steps,

It should be understood that, in the foregoing embodiments, the steps are not performed sequentially, and the execution sequence of each process should be determined by the functions and internal logic of each process, and should not be construed as limiting the implementation process of the embodiments of the present application.

The embodiment of the application also provides a voice decryption method based on the coprocessor, which is applied to any voice encryption remote device based on the coprocessor in the embodiment. The main steps of the coprocessor-based speech decryption method are described below.

The downstream communication processor performs the following steps,

Acquiring a key protection password PIN_E code of a target mobile receiving terminal and a device root key DRK for voice call encryption protection;

Deriving an application authentication key AAK for temporary negotiation, a device authentication key DAK for temporary negotiation and a device clearing key WDK for temporary negotiation based on the device root key;

The method of deriving the application authentication key AAK for temporary negotiation, the device authentication key DAK for temporary negotiation, and the device clear key WDK for temporary negotiation based on the device root key may refer to the derived key method in the above-mentioned voice encryption method based on the coprocessor, which is not described herein again.

And, the method for decrypting the original audio data by using the application authentication key, the device authentication key and the device clearing key can refer to the voice data encryption method in the voice encryption method based on the coprocessor, which is not described herein.

Various embodiments of the application are described in further detail below with reference to the drawings accompanying the specification.

Referring to fig. 1, in this embodiment, an encrypted communication mobile terminal module is used as a user communication terminal, that is, a voice encryption near/far-end device, and is responsible for voice encryption and decryption communication, and is internally integrated with a mobile intelligent terminal collaborative signature module (SHM 1906), and the encrypted communication mobile terminal module accesses a service system through the internet/an operator to form a cryptographic module encryption system, so as to provide functions of encrypting communication for users, and the like, and on the basis of normal communication, the voice data between the encrypted communication mobile terminal modules is encrypted and protected by using a secure encryption technology, so as to realize voice data encryption protection, prevent an attacker from stealing sensitive data by means of system loopholes, malicious interception, implantation of Trojan viruses, and the like, and ensure the security of the voice data of the mobile intelligent terminal.

The encryption communication mobile terminal module is matched with a service system, and the service system is responsible for providing functions of encryption equipment management, secure communication exchange, joint signature service and the like of the encryption module on line. Consists of authenticated SM9 identification crypto machine (SJJ 1631), communication server, encryption device management server and SM2/SM9 collaborative signature server system (SHT 1908).

Voice data acquired by a transmitting end (equipment 1) are acquired through a microphone, noise reduction, gain and the like are processed in a coder-decoder (CODEC), the voice data are converted into voice digital signals, the voice digital signals are encrypted through an encrypted communication mobile terminal module, ciphertext is generated, the ciphertext is packaged through application, and the ciphertext is transmitted to a receiving end through a wireless network module or a cellular network module connected to the Internet. The wireless network module or the cellular network module of the receiving end sends the received ciphertext to the encryption communication mobile terminal module for decryption to generate plaintext, and then the plaintext is converted into audio data through a CODEC, and the audio data is played to a user of the receiving end through a receiver.

Referring to fig. 2, in the on phase, two parties of a call perform key negotiation first to temporarily generate a first key TGK for voice call encryption protection, an SM3 algorithm is adopted to derive a second key TEK for temporary negotiation through the first key TGK, then an SM4 algorithm is adopted to derive a third key Session key for voice call temporary negotiation, a fourth key Session salt for voice call temporary negotiation and a fifth key Session auth key for voice call temporary negotiation through the second key TEK, and an SM4 algorithm is adopted to derive a third key Session key for voice call temporary negotiation, a fourth key Session key for voice call temporary negotiation and a fifth key Session key for voice call temporary negotiation through the second key TEK; and then, through key negotiation, the calling party and the called party respectively generate 6 keys, namely a Session key, a Session salt, a Session auth of SRTP and a Session key, a Session salt and a Session auth of SRTCP.

The method for deriving the Session key, session salt and Session auth of the SRTP of the calling party in the key negotiation stage in the MIKEY protocol is as follows:

the TGK key derivation TEK key is derived by adopting a PRF pseudo-random function in MIKEY protocol, and input parameters of the PRF pseudo-random function comprise a key input value (a preset key/public key/DH key), a secure session cs_id, a secure session set csb_id and a random RAND value.

Specifically:

Firstly, the system obtains marked TEKs;

calculating HMAC values in 256bits blocks; definition of the definition

Where s is a key, A_0 is a tag,M= outkey _len (output key length)/160 nearest integer;

dividing the input key length inkey _len into n parts, n= inlen _len/256 of the nearest integer, so that Each part is 256bits; calculating PRF (inkey, lable) =p (s_1, label, m) XOR P (s_2, label, m) XOR … XOR P (s_n, label, m);

Wherein, HMAC calculation adopts SM3 algorithm, section 6.1 definition of cs_id and csb_id in rfc3830, and cs_id takes value of 0x01; csb_id is randomly generated by the calling party and is a random number.

Further, the method for deriving the Session key, the Session salt and the Session auth by the TEK is as follows:

Session key: TEK [60] is divided into an uplink MASTERKEY [30] and a downlink MASTERKEY [30]; using 30 bytes as MASTER KEY, taking the last 14 bytes of MASTER KEY as the first 14 bytes of counter [16], then using SM4 (CTR mode) algorithm to derive 16 bytes of Session Key from the first 16 bytes of counter and MASTER KEY, using Session Key as Key of SM4 algorithm, encrypting voice data (payload data in rtp packet);

Taking the last 14 bytes of MASTER KEY and the label with the value of 0x02 for exclusive OR operation to obtain a counter, and then using an SM4 (CTR mode) algorithm to derive the Session salt of 14 bytes from the first 16 bytes of the counter and MASTER KEY, and calculating the Session salt, SSRC and packet index together to generate an IV value;

Session ault performing exclusive OR operation on the last 14 bytes of MASTER KEY and a label with a value of 0x01 to obtain a counter, then using SM4 (CTR mode) algorithm to derive 32 bytes Session ault from the first 16 bytes of the counter and MASTER KEY, using HMAC-SM3 algorithm to verify RTP (comprising RTP header and encrypted RTP payload) by Session ault, and placing the 16 bytes tag at the tail of RTP packet;

the two parties of the call encrypt the voice data by combining the derivative secret key through an SM4 algorithm.

Algorithms adopted by the encryption communication mobile terminal module comprise algorithms of SM2, SM3, SM4 and SM9, so that the security of the mobile terminal for transmitting voice data is ensured.

When voice data of both parties of a call are encrypted and protected by using an encryption key, a safe real-time transmission protocol SRTP protocol is used during voice transmission, the SRTP protocol is used as an expansion of an RTP protocol, confidentiality of the data is enhanced, safety mechanisms such as message authentication, integrity protection, replay attack protection and the like are defined, the defect of RTP in the aspect of safety performance is overcome, and the SRTP uses a voice format of rfc3711 standard.

Specifically, referring to fig. 3, the uplink communication processor generates a first key TGK for voice call encryption protection by acquiring a private key protection password pin_p code of the target mobile transmitting terminal and an identification private key PRK for voice call encryption protection, and performs temporary negotiation, obtains a second key TEK for temporary negotiation by deriving the first key TGK, obtains a third key Session key for voice call temporary negotiation by deriving the second key TEK, and encrypts to obtain encrypted audio data by a fourth key Session salt for voice call temporary negotiation and a fifth key Session auth key for voice call temporary negotiation.

The downlink communication processor acquires a key protection password PIN_E code of the target mobile receiving terminal and a device root key DRK for voice call encryption protection; deriving an application authentication key AAK for temporary negotiation, a device authentication key DAK for temporary negotiation and a device clearing key WDK for temporary negotiation based on the device root key DRK, and decrypting to obtain the original audio data.

The private key protection password PIN_P code and the secret key protection password PIN_E code are memorized by the user and are not stored.

The identification private key PRK (i.e., the identification private key PRK fragment) and the device root key DRK (i.e., the device root key DRK fragment) are stored for encryption.

The first key TGK used for voice call negotiation, the second key TEK used for voice call negotiation, the third key Session key used for voice call temporary negotiation, the fourth key Session salt used for voice call temporary negotiation and the fifth key Session auth key used for voice call temporary negotiation, the application authentication key AAK used for temporary negotiation, the device authentication key DAK used for temporary negotiation and the device clearing key WDK used for temporary negotiation are destroyed after use and are not stored.

The encryption communication mobile terminal module is matched with a public key cryptographic algorithm, a digest algorithm, a block cryptographic algorithm and an identification cryptographic algorithm according to security requirements, and the algorithm matching table is shown in the following table 1.

TABLE 1

The key details are shown in the key distribution table of table 2 below.

TABLE 2

The SM9 algorithm is used to protect the most critical voice data, but the SM2 algorithm, the SM3 algorithm and the SM4 algorithm are also involved in the complete encryption process based on the coprocessor in consideration of signature, encryption speed and other factors affecting the encryption process, so as to balance the complete encryption process based on the coprocessor.

The TGK key is generated as shown in table 3.

TABLE 3 Table 3

The TEK key is generated as shown in table 4.

TABLE 4 Table 4

The manner of generating the voice call Session key is shown in table 5.

TABLE 5

The manner of generating the voice call Session salt key is shown in table 6.

TABLE 6

The manner of generating the voice call Session auth key is shown in table 7.

TABLE 7

The factory state of the encryption communication mobile terminal module is the just factory state of the software cryptographic module, wherein an SSL root certificate and an IBC main public key [ MPK ] are packaged along with a software APP and are installed in a TEE.

The SSL root certificates are generated as shown in table 8.

TABLE 8

The IBC master public key is generated as shown in table 9.

TABLE 9

The key protection password PIN _ E is generated in the manner shown in table 10.

Table 10

The encryption communication mobile terminal module in the initialized state only provides the function of the public address and can not use the encryption function. Wherein the key is issued into the TEE at the time of the washing process, including the device root key. The root key is written into the encryption module of the TEE system when leaving the factory.

The device root key [ DRK ] is generated as shown in table 11.

TABLE 11

In the encryption communication mobile terminal module in this embodiment, the SSL channel used follows the SSL protocol defined in the national cryptographic standard GM/T0024-2014 SSL VPN technical Specification, and the server certificate adopts an SM2 public key algorithm certificate, and adds a cipher suite: ECC_Sm4_Sm3. The cipher suite uses ECC based on SM2 algorithm for key agreement. The SM4 algorithm is used for encrypting and protecting session transmission data, and the SM3 algorithm is used for making consistency integrity of the session transmission data.

1) The application is as follows: the method is used for encrypting and transmitting the bearing layer data between the client and the server;

2) Safety target:

a) Server identity authentication;

b) Confidentiality of data;

c) Integrity of the data;

3) Protocol elements:

The whole protocol process is SSL protocol defined in the national secret standard GM/T0024-2014 SSL VPN technical Specification, wherein the key negotiation process is as follows:

1) The client sends a ClientHello message to the server, and requests to negotiate a cipher suite of the ECC_S4_S3 type;

2) The server responds the ServerHello message to the client, confirms that the ECC_Sm4_Sm3 cipher suite is supported, and determines information such as protocol version, session identification and the like;

3) The server sends a certification message to the client and presents the SM2 public key Certificate information of the server to the client; at the moment, the client verifies the SM2 certificate of the server;

4) The server signs the data such as the encryption certificate and the random number and then sends the data to the client through the ServerKeyexchange;

5) The server sends a ServerHelloDone message to the client to finish the key negotiation process;

6) After receiving the ServerKeyexchange message, the client randomly generates a 48-byte premaster key, encrypts the 48-byte premaster key by using a server encryption public key and sends the 48-byte premaster key to the server through the ClientKeyexchange;

7) After receiving the ClientKeyexchange message of the client, the server decrypts the message by using the private key in the certificate to obtain the corresponding 48-byte premaster secret key and other data information;

8) The client and the server derive the session key by the following methods:

the session key comprises a verification key and an encryption key, and the specific key length is determined by the selected cryptographic algorithm. The method comprises the steps of generating a master key, a client random number, a server random number and a constant character string through PRF calculation;

Parameter meaning:

The calculation method comprises the following steps:

Securityparameters, master_secret: a master key;

key expansion: a constant string;

SecurityParameters. Server_range: a server random number;

SecurityParameters.client_range: a client random number;

key_block = PRF(SecurityParameters.master_secret,"key expansion",

SecurityParameters.server_random+SecurityParameters.client_random);

Until a key set with the required length is generated and output, then cutting is carried out according to the preset byte length, and each target key is obtained in sequence:

client_write_MAC_secret[SecurityParameters.hash_size]；

server_write_MAC_secret[SecurityParameters.hash_size]；

client_write_key[SecurityParameters.key_material_length]；

erver_write_key[SecurityParameters.key_material_length]；

9) Finally, the client sends a changecipherespec message, immediately encrypts and sends a handshake Finished message by using the SM 4/SM 3 algorithm and the session key just negotiated; the server responds to the changecipherespec message, encrypts and sends a handshake Finished message by using the SM 4/SM 3 algorithm and the session key which are just negotiated;

10 After the handshake is finished, the two parties in the subsequent communication process use a session encryption key and an SM4 cryptographic algorithm to encrypt and protect session transmission data; and the integrity of session transmission data is ensured by using a session MAC key and an SM3 cryptographic algorithm.

A voice key negotiation protocol is adopted in the negotiation process and is used for encrypting voice data between the encrypted communication mobile terminal modules, wherein the key negotiation adopts a MIKEY protocol;

The security targets of the voice key agreement protocol are:

a) Confidentiality of voice data;

b) Preventing voice data packet replay attack;

c) Integrity of voice data;

the protocol elements of the voice key agreement protocol are as follows:

a) Common elements:

id_i: calling party mobile phone number;

id_r: a called party mobile phone number;

SM9 algorithm;

SM4 algorithm;

SM2 algorithm;

SM3 algorithm;

b) Calling party private element:

RAND: is a 32 byte random number;

PRK_i is 128 bytes private key;

c) Called Fang Siyou element: prk_r.

In one embodiment, referring to fig. 4, the voice key negotiation protocol flow is specifically as follows:

The first stage: initiating a stage;

a) The calling party acquires the system time T, the telephone number ID_i of the calling party and the telephone number ID_r of the opposite party;

b) The calling party generates a random number of 32 bytes r _ i, and calculates a doubling point r P based on the SM2 elliptic curve parameter P,

C) The caller generates a random number 32-byte RAND and calculates a digest using SM3 algorithm

D) Completing joint signature operation on HASH_i by a mobile intelligent terminal software cryptographic module (SHM 1906) and an SM2/SM9 system (SHT 1908) to obtain complete signature data SIGN_i;

e) The calling party forms an initiation information frame: t, RAND, id_i, id_r, r_i, sign_i;

f) The method comprises the steps that an initiating information frame is sent to a server through an SSL channel, the server sends the initiating information frame to a called party through the SSL channel, and a calling party waits for a response information frame;

And a second stage: a response phase;

a) The called party receives the initiation information frame, and checks whether T is within 30 seconds (configurable) of local acquisition time deviation;

b) Checking whether the ID_r is the ID of the party;

c) Checking whether the ID_i is an identity in FROM in the initiator INVITE message;

d) H_i is calculated by self according to a HASH_i calculation method;

e) Verifying whether the signature SIGN_i is legal or not, and alarming if the signature SIGN_i is illegal;

f) Called Fang Suiji generates r _ r of 32 bytes, calculates a doubling point r P based on SM2 elliptic curve parameter P,

G) Called party calculates digest using SM3 algorithm

H) The same steps as the calling party, the complete signature data is obtained by adopting a joint signature mode, the sign_r=SGN_Sm9PRK_r (hash_r), and the steps are completed by a mobile intelligent terminal collaborative signature module (SHM 1906) and an SM2/SM9 collaborative signature system (SHT 1908);

i) The called party generates a response information frame: t, RAND, id_i, id_r, r_r, sign_r, where T is T in the initiation information frame;

j) The called party uses r_r r_i = [ r_i r_r ] P as TGK;

k) The server sends a response information frame to the server through the SSL channel, the server sends the response information frame to the calling party through the SSL channel, the calling party verifies the signature validity of the SIGN_r after receiving the response, and r_i_r= [ r_i_r_r ] P is adopted as TGK after success;

and a third stage: a voice encryption voice packet stage;

a) The two parties of the call calculate [ r_i r_r ] P as TGK through SM9 algorithm;

After the common TGK is calculated by both parties of the call, the TEK is derived through SM 3. The TEK is derived by the SM4, and 6 keys of the calling party and the called party are respectively Session key, session salt and Session auth of SRTP, session key, session salt and Session auth of SRTCP, and are destroyed by oneself after the call is ended.

In one embodiment, the session key negotiation protocol flow is as follows:

the calling party performs the following steps:

g) The calling party acquires the system time T, the telephone number ID_i of the calling party and the telephone number ID_r of the opposite party;

h) The calling party generates a random number of 32 bytes r _ i, and calculates a doubling point r P based on the SM2 elliptic curve parameter P,

I) The caller generates a random number 32-byte RAND and calculates a digest using SM3 algorithm

J) Completing joint signature operation on HASH_i by a mobile intelligent terminal software cryptographic module (SHM 1906) and an SM2/SM9 system (SHT 1908) to obtain complete signature data SIGN_i;

k) The calling party forms an initiation information frame: t, RAND, id_i, id_r, r_i, sign_i;

l) sending an initiation information frame to a server through an SSL channel, and then sending the initiation information frame to a called party through the SSL channel by the server, wherein a calling party waits for a response information frame;

the called party performs the following steps:

j) The called party receives the initiation information frame, and checks whether T is within 30 seconds (configurable) of local acquisition time deviation;

k) Checking whether the ID_r is the ID of the party;

l) checking whether the ID_i is an identity in FROM in the initiator INVITE message;

m) self-calculating H_i according to a HASH_i calculation method;

n) verifying whether the signature SIGN_i is legal or not, and alarming if the signature SIGN_i is illegal;

o) called Fang Suiji generates 32 bytes of r_r, calculates the doubling point [ r ] P based on the SM2 elliptic curve parameter P.

P) called party calculates digest using SM3 algorithm

Q) the same step as the calling party, and adopting a joint signature mode to obtain the complete signature data. Sign_r=sgn_sm9prk_r (hash_r). The steps are completed by a mobile intelligent terminal collaborative signature module (SHM 1906) and an SM2/SM9 collaborative signature system (SHT 1908);

r) the called party generates a response information frame: t, RAND, id_i, id_r, r_r, sign_r, where T is T in the initiation information frame;

s) called party by R/u r_i = [ r_i r_r ] P as TGK;

t) sending a response information frame to the server through the SSL channel, and then sending the response information frame to the calling party through the SSL channel by the server, and after receiving the response, verifying the signature validity of the SIGN_r by the calling party.

Both sides calculate [ r_i r_r ] P as TGK through SM9 algorithm; after the two parties of the call calculate the common TGK, the TEK is derived through SM 3; the TEK is derived by the SM4, and 6 keys of the calling party and the called party are respectively the Session key, session salt and Session auth of SRTP, and the Session key, session salt and Session auth of SRTCP.

The embodiment of the application also provides a voice encryption near/far-end device based on the coprocessor, which comprises,

The uplink communication processor generates a first key TGK for voice call encryption protection by acquiring a private key protection password PIN_P code of the target mobile transmitting terminal and an identification private key PRK for voice call encryption protection and temporarily negotiating; deriving a temporary negotiated second key TEK from the first key TGK; obtaining a third key Session key for voice call temporary negotiation, a fourth key Session salt for voice call temporary negotiation and a fifth key Session auth key for voice call temporary negotiation through the second key derivation; encrypting by using the third key, the fourth key and the fifth key to obtain encrypted audio data;

The downlink DSP chip is used for receiving the original audio data, and obtaining the PCM audio data after decoding, post-processing and resampling;

The Audio logic of the phone call in the smart phone, the AP application processor (application processor) mainly processes logic on some control, the most commonly used processor is ARM, the CP communication processor (communication processor) is also called baseband processor (baseband processor, BP) or modem, the Audio DSP mainly processes related to the signal of the communication mobile phone, and the AP is in sleep state most of the time when the phone call is made and the music is listened, so that the power consumption is reduced. The CP and the Audio DSP are not only provided with control logic, but also are used for processing voice data.

The AP, the CP and the audio DSP communicate with each other through IPC (inter-processor communication) to exchange control messages and audio data. Typically, the AP, CP and audio DSP (and of course the processor including other functions) are integrated in a chip to form a SOC (system on chip). In addition, there is a hardware codec chip mainly used for audio acquisition and playback, which is controlled by the AP (enabling and selecting different audio paths, etc., mainly configuration registers), and exchanges audio data with the audio DSP through the I2S bus. Attached to the hardware codec are various peripherals, such as MIC (currently, the mainstream is a dual MIC scheme), earpiece (earpiece), speaker (speaker), wired earphone (three-segment four-segment two, three-segment has no MIC function, four-segment has), and the like. However, the Bluetooth headset is special, and is directly connected with the audio DSP through the I2S bus, mainly because the collection and the playing of the audio are all carried out in the Bluetooth chip. When the Bluetooth earphone is used for listening to music, the audio code stream is decoded into PCM data on the AP, and the PCM data is directly sent to the Bluetooth earphone for playing through the UART by using the A2DP protocol instead of being sent to the Bluetooth earphone for playing through the IIS bus by using the audio DSP.

The uplink is that voice is collected from MIC and is processed by the Audio DSP and then becomes code stream to be sent to CP, the CP is processed and then sent to the network through an air interface, the downlink is that the CP takes the voice code stream from the air interface, the voice code stream is processed and then sent to the Audio DSP, and the Audio DSP is decoded and then sent to the codec chip until the peripheral is played. Some scenes only relate to Audio software in part of the processor, for example, the Audio software on the CP cannot be related when playing music, and when playing music by the APP, the music is uploaded to the Audio DSP from the AP, and is played through the peripheral after being subjected to related processing.

The audio software on the audio DSP mainly comprises codec (MP 3/AAC/AMR/EVS, etc.), preprocessing (AGC/ANS/AGC, etc.), post-processing (EQ/AGC/ANS, etc.), resampling (SRC), mixing (MIX), acquiring collected audio data from DMA (CAPTURE), sending the audio data to DMA and Playing (PLAY), etc., and naturally, also comprises audio data processing for receiving and sending the audio data to other processors, wherein both AP and CP need to interact voice data with the audio DSP.

Audio software on the CP handles voice communication related. The 2/3G/4G treatment is quite different. 2/3G is CS call, with dedicated channels processing speech. 4G is a pure IP network, is PS call, and has two processing mechanisms.

In this embodiment, the application scenario of voice encryption communication is call making. It is different from audio playing or recording, and is bidirectional, and is divided into uplink (transmitting collected voice to the opposite side) and downlink (playing received voice out), and the audio playing or recording is unidirectional. The audio data flow is different from the audio playing or recording, and only passes through the audio DSP and the CP.

Referring to fig. 5, an audio data streaming process of a coprocessor-based voice encryption near/far end device includes,

The PCM data collected by the codec chip in the uplink direction is sent to an Audio DSP to obtain a code stream after resampling, preprocessing (AEC/ANS/AGC, etc.), encoding, and the code stream is sent to a CP, and the CP is sent to the other party through an air interface (AIR INTERFACE) after being processed;

In the downlink direction, firstly receiving voice data sent by the opposite party from an air interface, processing the voice data by a network side (jitter buffer, etc.), then sending the voice data to an Audio DSP, decoding, post-processing (ANS/AGC, etc.), resampling, etc. after the voice data is received by the Audio DSP, and sending the PCM data to a codec chip for playing through DMA/I2S.

The encryption scheme of the application is the scheme closest to the front end of the recording and is suitable for mobile phone conversation. The scheme has less phase jitter and less signal alignment problem, and adopts a single processing unit, so that the calculation power of the CPU is not affected. Even if more functions are integrated, the CPU is affected, and the echo noise reduction effect of the Bluetooth call is not affected.

In one embodiment, a computer device is provided, which may be a server. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements any of the coprocessor-based voice encryption methods described above.

In one embodiment, a computer readable storage medium is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing any of the above coprocessor-based voice encryption methods when executing the computer program.

In one embodiment, a computer program product is provided, comprising a computer program that, when executed by a processor, implements any of the above-described coprocessor-based speech encryption methods.

Those skilled in the art will appreciate that implementing all or part of the above-described embodiments of the system may be accomplished by way of computer programs stored on a non-transitory computer readable storage medium, comprising instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the system according to the embodiments of the application. The computer program, when executed, may include the flow of embodiments of the systems described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.

In summary, the PCM audio data of the target mobile transmitting terminal is collected through the uplink codec chip; the uplink DSP chip receives the PCM audio data, and carries out resampling, preprocessing and encoding to obtain a code stream; the uplink communication processor receives the code stream, processes the code stream at the network side, encrypts the code stream to obtain encrypted audio data and transmits the encrypted audio data; the uplink communication processor generates a first key for voice call encryption protection by acquiring a private key protection password of a target mobile transmitting terminal and an identification private key for voice call encryption protection and temporarily negotiating; deriving a temporary negotiated second key from the first key; deriving a third key for voice call temporary negotiation, a fourth key for voice call temporary negotiation and a fifth key for voice call temporary negotiation from the second key; the third key, the fourth key and the fifth key are utilized to encrypt and obtain encrypted audio data, so that confidentiality of voice data is improved, safety of voice data of the existing encrypted communication mobile intelligent terminal is improved, and occurrence of replay attack of voice data packets can be reduced.

It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the system is divided into different functional units or modules to perform all or part of the above-described functions.

Claims

1. A voice encryption near-end device based on a coprocessor, which is characterized by being applied to mobile phone conversation and comprising,

2. The coprocessor-based voice encryption near end apparatus of claim 1, wherein the upstream communication processor comprises an identification private key module,

PRK = HMAC-Hash(salt, IKM)；

3. The voice encryption near-end coprocessor of claim 1, wherein the upstream communication processor further comprises a first key module,

4. The voice encryption near-end coprocessor of claim 1, wherein the upstream communication processor further comprises a second key module,

5. The voice encryption near-end apparatus based on a coprocessor of claim 1, wherein said upstream communication processor further comprises a key derivation module,

6. A voice encryption method based on a coprocessor, which is applied to the voice encryption near-end device based on the coprocessor of any one of claims 1-5, the uplink communication processor performs the following steps,

deriving a temporary negotiated second key based on the first key;

7. The coprocessor-based voice encryption method of claim 6, wherein the identification private key is generated using the following formula,

PRK = HMAC-Hash(salt, IKM)；

8. The coprocessor-based voice encryption method of claim 6, wherein deriving the temporary negotiated second key based on the first key comprises the steps of,

9. The voice encryption method based on the coprocessor of claim 6, wherein deriving a third key for temporary negotiation of a voice call based on the second key comprises the steps of,

10. The voice encryption method based on the coprocessor of claim 9, wherein deriving a fourth key for voice call temporary negotiation based on the second key comprises the steps of,

11. The voice encryption method based on the coprocessor of claim 10, wherein deriving a fifth key for voice call temporary negotiation based on the second key comprises the steps of,

12. The coprocessor-based voice encryption method of claim 11, wherein encrypting the encrypted audio data using the third key, the fourth key, and the fifth key comprises the steps of,

13. The coprocessor-based voice encryption method of claim 12, further comprising the steps of, when encrypting the encrypted audio data using the third key, the fourth key, and the fifth key,

14. The coprocessor-based voice encryption method of claim 13, further comprising the steps of,

15. A voice encryption remote device based on a coprocessor, which is characterized by being applied to mobile phone conversation and comprising,

16. The voice encryption remote device based on the coprocessor of claim 15, wherein the downstream communication processor comprises a device root key module,

17. The voice encryption remote device based on the coprocessor of claim 15, wherein the downstream communication processor further comprises a key storage module,

18. The voice encryption remote device based on the coprocessor of claim 17, wherein the downstream communication processor further comprises a key transmission module,

19. A method for decrypting speech based on a co-processor, applied to a far-end device for encrypting speech based on a co-processor according to any of claims 15-18, said downstream communication processor performing the steps of,

20. A voice encryption system based on a coprocessor, which is applied to mobile phone call, comprising,