JP4803538B2 - Terminal for call, method for establishing secret call, and program for establishing secret call - Google Patents

Description

The present invention calls for the terminal used in the call system for performing privacy call, privacy call establishment method and a privacy call establishment program.

  For example, Patent Document 1 discloses that a digital audio signal obtained by digitally encoding an input audio is read from a ROM based on a technology for realizing a secret call by converting (encrypting) PCM data based on a certain encryption algorithm. A voice secret talk transmission / reception system is described in which a secret talk is transmitted by taking exclusive OR logic with a bit.

  Also, for example, Patent Document 2 describes a secret device that inverts and transmits every other polarity bit of a digital signal converted by a PCM codec.

JP 58-48545 A JP-A-10-112701

  However, the method of only encrypting voice data described in Patent Document 1 and Patent Document 2 does not consider the authentication of the partner terminal between the terminals involved in the call secret story. Therefore, a fixed encryption method is used for the hardware of the terminal device that encrypts or decrypts the audio data itself, and the encryption method cannot be changed for each call.

  Also, if the other terminal is authenticated using control data different from the voice data packet to switch the encryption method for each call, the control data packet jumps on the network. There is a problem that the encryption rules of the secret call are easily analyzed.

  SUMMARY OF THE INVENTION An object of the present invention is to make it possible to realize a secret talk call more safely and easily in a call system for making a secret talk call.

A call terminal according to the present invention is a call terminal used in a call system for performing a secret call, and is included in a data unit that is transmitted and received by a voice data packet link for transmitting and receiving a voice data packet obtained by converting voice into a digital signal. A control data bit stream is formed using predetermined bits of data to be transmitted, and the control data bit stream is provided with a control unit for exchanging information necessary for a secret call between terminals performing a secret call , The control unit selects an encryption algorithm for the secret call for each secret call, and notifies the partner terminal with the control data bit stream formed in the voice data packet link .

The call terminal according to the present invention is a call terminal used in a call system for performing a secret call, and is a data unit that is transmitted and received by a voice data packet link for transmitting and receiving a voice data packet obtained by converting voice into a digital signal. A control unit that forms a bit stream for control data using predetermined bits of data included in the data, and exchanges information necessary for the secret call between the terminals that perform the secret call using the bit stream for the control data. The control unit may exchange the information necessary for the secret call after performing terminal authentication between the terminals performing the secret call using the control data bit stream formed in the voice data packet link .

In addition, the secret call establishment method according to the present invention is a secret call establishment method for establishing a secret call in a call system for performing a secret call. selected for each speech to form a bit stream control data using a predetermined bit of the data contained in the data unit to be transmitted and received voice data packets link for sending and receiving voice data packets digital signal, said The control data bit stream is characterized in that information necessary for a secret call is exchanged between terminals performing a secret call including information on a selected encryption algorithm .
The secret call establishment method according to the present invention uses a predetermined bit of data included in a data part transmitted and received by a voice data packet link for transmitting and receiving a voice data packet in which a voice terminal converts a voice into a digital signal. A control data bit stream is formed, and after the terminal authentication is performed between the terminals performing the secret call, the information necessary for the secret call is exchanged between the terminals performing the secret call. You may go.

A program for establishing a secret call according to the present invention is a program for establishing a secret call for establishing a secret call applied to a call terminal used in a call system for performing a secret call. Control data using a predetermined bit of data included in the data portion transmitted / received by a voice data packet link for transmitting / receiving a voice data packet in which voice is converted into a digital signal by selecting an encryption algorithm for each secret call Forming a bitstream for use, and executing processing for exchanging information necessary for the secret call between the terminals performing the secret call including the information of the selected encryption algorithm with the control data bitstream .
The program for establishing a secret call according to the present invention uses a predetermined bit of data included in a data portion transmitted / received by a voice data packet link for transmitting / receiving a voice data packet obtained by converting voice into a digital signal. A control data bit stream is formed, and terminal authentication is performed between terminals performing a secret call using the control data bit stream, and information necessary for the secret call is exchanged between terminals performing the secret call. Processing may be executed.

  ADVANTAGE OF THE INVENTION According to this invention, in the call system which performs a secret call, a secret call can be implement | achieved more safely and easily.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a configuration example of a call terminal according to the present invention. The call terminal according to the present invention is a call terminal used in a call system for making a secret call, and includes a control unit 10 as shown in FIG.

  The control unit 10 uses a predetermined bit (for example, LSB) of data included in a data unit transmitted / received through an audio data packet link for transmitting / receiving an audio data packet obtained by converting audio into a digital signal. A stream is formed, and information necessary for the secret call is exchanged between the terminals performing the secret call using the bit stream for the control data.

  In addition, the control unit 10 may select an encryption algorithm for a secret call for each secret call, and notify the partner terminal with a control data bit stream formed in the voice data packet link. In addition, the control unit 10 may exchange information necessary for the secret call after performing terminal authentication between the terminals performing the secret call using the control data bit stream formed in the voice data packet link. .

  For example, the control unit 10 determines the coincidence of the encrypted data obtained by encrypting the redundant data selected for each secret call from one of the call terminals using data depending on the terminal that performs the secret call. Thus, terminal authentication may be performed. Furthermore, an encryption algorithm for a secret call may be determined based on redundant data used for terminal authentication or encrypted data generated based on the redundant data.

  Further, the control unit 10 may synchronize the control data bit stream by applying a data format of a predetermined communication protocol to the control data bit stream formed in the voice data packet link.

  Moreover, the control part 10 may be comprised by the functional block as shown in FIG. FIG. 2 is a block diagram illustrating a configuration example of functional blocks in the control unit 10. In the example shown in FIG. 2, the secret call processing unit 101, the transmission data unit synthesis unit 102, and the reception data unit separation unit 103 are included.

  The secret call processing unit 101 terminates the control data and performs processing necessary for the secret call between the terminals performing the secret call. The transmission data unit combining unit 102 combines the voice data and the control data to be transmitted, and generates a data unit that is actually transmitted through the voice data packet link. The reception data part separation part 103 separates the voice data and the control data from the data part received by the voice data packet link.

  Hereinafter, more specific embodiments will be described. FIG. 3 is a block diagram showing an example of the configuration of an IP telephone used in the call system as an embodiment of the present invention.

  An IP telephone 1 shown in FIG. 3 is connected to a communication network (LAN, WAN, etc.) 100, and includes a PHY (PHY chip) 2, a CPU 3, a jitter buffer 4, a PCM codec 5, a microphone (microphone) 6, A speaker 7 is provided. The storage device also stores a random number table 31, a terminal authentication target encryption algorithm 32, an authentication password 33, and a PCM encryption algorithm designation table 34.

  The CPU 3 operates in accordance with the program to execute the following process for establishing a secret call according to the present invention in addition to the process for making a normal call. That is, in a call system that forms a call by converting voice into a digital signal, the voice data packet link for transmitting and receiving the digital signal-converted voice data (hereinafter referred to as PCM data) is transmitted / received. A bit stream for control data is formed using the LSB of each data included in the data portion of the IP packet, and the other party between the terminal devices involved in the secret call using the bit stream for control data. Provides terminal authentication and encryption rule notification.

  FIG. 4 is an explanatory diagram showing the relationship between the PCM data and the control data bit stream. As shown in FIG. 4, the IP packet data for transmitting and receiving PCM data includes an IP packet header part including an AP port number in addition to an IP address of the transmission destination and the IP address of the terminal itself, and a data part (PCM). Data portion) and a tailor data portion for error checking of the entire IP packet data. In such a data format, each LSB of the PCM data included in the PCM data portion is connected in order to form a bit stream composed of LSB bit strings. Not only a method of arranging a bit stream sequence in LSBs of all PCM data, but also arrangement of PCM data in a certain byte unit is possible.

  For example, G. In the case of a call system that generates PCM data using the 711 code rule (μ-law rule), in 1 PCM data, the most significant bit (MSB) indicates a code, b6 to b4 indicate a range level, and b3 to b0 indicate The level in each range (16 level resolution) is shown. The telephone call level is about −8 db, and the change in the least significant bit (LSB, b0 in this example) in 1 PCM data hardly affects the telephone call. Using this b0 bit, a transmission path for exchanging control data on the voice data packet link is established. It should be noted that depending on the audio encoding method for generating PCM data, it is also possible to form a bit stream using bits other than LSB. The bits used are G. Bits that have the least influence on the call, such as the least significant bit of the range level in the 711 coding rule.

  For example, in the ISDN service, an in-band digital transmission path may be established in a B channel call. Note that, when applied to voice data packets used in a synchronous digital network, it is a requirement that bit conversion of an LSB bit stream is not performed by a relay exchange or the like.

  FIG. 5 is an explanatory diagram illustrating an example of a data format applied to a bitstream. As shown in FIG. 5, for example, a data stream of a serial communication protocol such as HDLC may be applied to a bit stream composed of an LSB bit string of PCM data for synchronization, and information necessary for a secret call may be exchanged. . The data format of other communication protocols such as the Bi-SYNC method is not limited to HDLC. The data format may be any format as long as it is a data format that is commonly recognized among terminals so that transmission contents can be correctly recognized on the bitstream. For example, the format may be uniquely defined. In such a case, confidentiality can be further improved.

  In this example, as a function for establishing a secret call, the CPU 3 specifically combines a voice data and a control data to generate a data part for transmission, and a received data part. It includes a separation function that separates voice data and control data, and a secret call processing function that terminates the control data and performs processing necessary for a secret call. In this embodiment, as a synthesis function, the CPU 3 performs a process of replacing each LSB of PCM data as transmission voice data with the value of control data targeted for transmission. Further, as a separation function, the CPU 3 obtains reception control data by extracting and assembling the LSB value of each data included in the data portion read from the PHY 2, and supplements each LSB with a predetermined bit value to receive the received voice. Processing to acquire PCM data as data is performed. Further, as the secret call processing function, the CPU 3 determines the encryption rule used for encryption of the PCM data after performing terminal authentication between the terminals performing the secret call.

  In addition to the above, the CPU 3 has a function for establishing a call and a function for actually making a secret call using the determined encryption rule (encryption of transmitted PCM data, decryption of received PCM data, etc.). Contains.

  In the present embodiment, the transmission data portion combined with the control data is incorporated into the IP packet format and then written into PHY 2 to be transmitted to the counterpart terminal via the network. Further, by writing PCM data (received voice data) from which the control data is separated into the jitter buffer 4, it is demodulated sequentially and the received voice is reproduced via the speaker. In the case of a secret call, based on the determined encryption rule, the PCM data to be transmitted is encrypted and then incorporated into the IP packet format, or the received encrypted PCM data is decrypted and separated. Just do.

  The random number table 31 is a table for generating a random number for switching the encryption method of PCM data for each secret call. The terminal authentication target encryption algorithm 32 is information indicating a target encryption algorithm used for terminal authentication. The PCM encryption algorithm designation table 33 is a table that holds information indicating an encryption algorithm (hereinafter referred to as a PCM encryption algorithm) used when encrypting PCM data in association with an index for designating the encryption algorithm.

  Note that the PHY 2, the jitter buffer 4, the PCM codec 5, the microphone 6 and the speaker 7 only need to include the functions possessed by a general telephone system. For example, the PHY 2 converts a logical signal indicated by the IP packet format into an electric signal and sends it to the communication network, or converts an electric signal received from the communication network into a logical signal to form an IP packet format. Further, for example, the jitter buffer 4 holds a predetermined amount of PCM data in order to remove voice fluctuations due to a data transmission delay or the like. For example, the PCM codec 5 converts the speech waveform data input from the microphone 6 into a digital signal to generate PCM data, or demodulates the PCM data to generate speech waveform data. The microphone 6 inputs voice uttered by the user as voice waveform data. The speaker 7 outputs the voice waveform data demodulated by the PCM codec 5 as voice.

  Moreover, although an IP telephone is shown as an example of a call terminal to which the present invention is applied, the call terminal may be, for example, a personal computer or a mobile terminal that realizes the function of an IP telephone.

  Next, the operation of this embodiment will be described. 6 to 9 are flowcharts showing an example of the operation of the IP telephone in this embodiment. First, with reference to FIG. 6 and FIG. 7, the operation | movement at the time of performing terminal authentication between a calling side terminal and a calling side terminal is demonstrated. FIG. 6 is a flowchart showing an example of the terminal authentication operation in the calling terminal. FIG. 7 is a flowchart showing an example of the terminal authentication operation in the called terminal.

  First, in the calling side terminal, as shown in FIG. 6, the CPU 3 generates a random number for each secret call using the random number table 31, and generates redundant data based on the random number (step A101). In this embodiment, random numbers generated using the random number table 31 are used as they are as redundant data. Next, the generated redundant data is transmitted to the called terminal using a bit stream using each LSB of the PCM data portion (hereinafter referred to as PCM data LSB bit stream) (step A102).

  Further, the CPU 3 of the calling side terminal encrypts the terminal authentication encryption based on the generated redundant data, the authentication password 33 and the terminal authentication symmetric encryption algorithm 32 associated with the called side terminal in the terminal. Generate data. In this example, the generated redundant data and the authentication password 33 are combined by a predetermined method to generate encryption target data (step A103), and the encryption target data is encrypted by the terminal authentication symmetric encryption algorithm 32 and encrypted. Data is generated (step A104).

  Thereafter, the CPU 3 of the calling terminal waits to receive encrypted data from the called terminal using the PCM data LSB bit stream.

  When encrypted data is received from the called terminal (step A105), the received encrypted data is compared with the encrypted data generated in step A104 to determine whether the two encrypted data match (step S105). Step A106).

  If the two encrypted data match (Yes in step A106), it is assumed that the calling terminal has been able to authenticate the called terminal that is the communication partner, and the authentication result indicating that (OK) is the same. The PCM data LSB bit stream is transmitted to the called terminal (step A107). Then, the PCM encryption algorithm is determined using redundant data used for terminal authentication (step A108), and the secret call is started (step A109). At this time, the CPU 3 of the calling terminal may notify the user that the secret call is to be started. During the secret call, encryption of the PCM data portion to be transmitted and decryption of the PCM data portion to be received may be executed based on the determined PCM encryption algorithm.

  On the other hand, if the two encrypted data do not match (no in step A106), it is determined that the callee terminal cannot authenticate the callee terminal as the other party, and the authentication result indicating that (NG) Is transmitted to the called terminal using the PCM data LSB bit stream (step A107). In this case, the secret call establishment process is terminated without starting the secret call. That is, even if the call is continued as it is, the encryption of the PCM data portion to be transmitted and the decryption of the PCM data portion to be received are not executed. At this time, the CPU 3 of the calling terminal may notify the user that the secret call has not been established.

  Note that the above-described operation is started, for example, at the timing when the user of the calling terminal instructs the start of a secret call. Also, for example, if the interface is such that the user selects a secret call when making a call, it may be started at the timing when the voice data packet ring is established.

  Next, the operation of the called terminal corresponding to the operation of the calling terminal will be described. In the called terminal, the CPU 3 monitors the PCM data LSB bit stream when data transmission / reception via the voice data packet link is started. Here, as shown in FIG. 7, the CPU 3 of the called terminal receives redundant data from the calling terminal in the PCM data LSB bit stream (step A201).

  When the redundant data is received from the calling terminal, the CPU 3 of the called terminal generates encrypted data by the same method as that of the calling terminal based on the received redundant data. Here, the encrypted data for terminal authentication is generated based on the notified redundant data and the authentication password 33 and the symmetric encryption algorithm 32 for terminal authentication associated with the calling terminal in the called terminal. do it. That is, in a method similar to that performed at the calling side terminal, the generated redundant data and the authentication password 33 are combined to generate data to be encrypted (step A202), and this data to be encrypted is symmetric for terminal authentication. Encrypted by the encryption algorithm 32 to generate encrypted data (step A203).

  Then, the CPU 3 of the called terminal transmits the generated encrypted data to the calling terminal using the PCM data LSB bit stream (step A204).

  Thereafter, the CPU 3 of the called terminal waits for reception of the authentication result from the calling terminal using the PCM data LSB bit stream.

  When the authentication result is received from the calling terminal (step A205), the success or failure of the received authentication result is determined (step A206), and it is determined whether or not to start the secret call. If the authentication result is OK (OK in step A206), the PCM encryption algorithm is determined using redundant data used for terminal authentication (step A208), and the secret call is started (step A209). In step A208, redundant data used for authentication is used to determine the same PCM encryption algorithm as determined by the calling terminal.

  The CPU 3 of the called terminal may also notify the user that the secret call is to be started. During the secret call, encryption of the PCM data portion to be transmitted and decryption of the PCM data portion to be received may be executed based on the determined PCM encryption algorithm.

  On the other hand, if the authentication result is NG (NG in step A206), the secret call establishment process is terminated without starting the secret call. That is, even if the call is continued as it is, the encryption of the PCM data portion to be transmitted and the decryption of the PCM data portion to be received are not executed. At this time, the CPU 3 of the called terminal may also notify the user that the secret call has not been established.

  Next, PCM encryption algorithm determination processing will be described with reference to FIGS. FIG. 8 is a flowchart showing an example of a process flow of the PCM encryption algorithm determination process (step A108 in FIG. 6) in the calling terminal. FIG. 9 is a flowchart showing an example of the processing flow of the PCM encryption algorithm determination processing (step A207 in FIG. 7) in the called terminal.

  When the terminal authentication is successful, in the calling terminal, as shown in FIG. 8, the CPU 3 extracts a reference number (index number) to the PCM encryption algorithm designation table 34 from the encrypted data generated by itself (step). B101). For example, the CPU 3 extracts predetermined bits of the encrypted data by converting them into reference numbers for the PCM encryption algorithm designation table 34.

  Then, by acquiring the PCM encryption algorithm corresponding to the extracted reference number from the PCM encryption algorithm designation table 34, the PCM encryption algorithm used for the current secret call is determined (step B102).

  When the PCM encryption algorithm is determined, the CPU 3 of the calling side terminal notifies the PCM data encryption start position to the called side terminal using the PCM data LSB bit stream (step B103). The start position of encryption may be specified by a frame number value provided in a data format to be applied to a bit stream, for example. For example, it is prescribed that the PCM encrypted data is sent in accordance with the start position of the frame after the specified number of frames from the frame attached to the data frame for notifying the start position, and the number of frames indicating how many frames later is indicated. May be specified.

  Thereafter, the CPU 3 of the calling terminal waits for reception of a response (acceptance / non-acceptance) from the called terminal using the PCM data LSB bit stream.

  When a response is received from the called terminal (step B104), the content of the received response is determined (step B105). If an acceptance response is received (Yes in step B105), the CPU 3 of the calling terminal sets the determined PCM encryption algorithm and encryption start position, and ends the process (step B106: success). End).

  Thereafter, based on the determined PCM encryption algorithm and the start position of encryption, encryption of the PCM data portion to be transmitted and decryption of the PCM data portion to be received are executed. In this example, the PCM data portion of the IP packet data transmitted from the calling side terminal is transmitted at the timing when the data frame of the transmitting side PCM data LSB bit stream is synchronized with the frame position indicated by the set start position. It encrypts using the determined PCM encryption algorithm, and transmits. Similarly, the PCM data portion of the IP packet data received by the calling terminal is determined at the timing when the data frame of the receiving PCM data LSB bit stream is synchronized with the frame position indicated by the set start position. The received voice data is acquired and reproduced by decoding with the PCM encryption algorithm.

  FIG. 10 is an explanatory diagram showing an example of the PCM encryption algorithm designation table 34. As shown in FIG. 10, in the PCM encryption algorithm designation table 34, the PCM encryption algorithm that is the encryption method of each PCM data in the PCM data portion is associated with the reference number (index number) extracted in step B101. Information to be stored is stored. In the example shown in FIG. 10, for example, as the PCM encryption algorithm corresponding to the reference number 000, data generated by replacing b7 to b4 of 1PCM data (in this example, 8-bit data) with b3 to b0 is encrypted. It is shown that it is converted into data. Also, for example, as a PCM encryption algorithm corresponding to the reference number 001, data obtained by applying an exclusive OR (XOR) on b7 to b4 and b3 to b0 of 1PCM data to b7 to b4 is encrypted. The data is indicated. In the example illustrated in FIG. 10, b0 that is the PCM data LSB bit stream is included in the encryption target. However, b0 may be excluded from the encryption target.

  On the other hand, if the response is not received or the response cannot be received within a predetermined time (No in Step B105), it is determined that the secret call is not started, and the process is ended (Step B107: end of failure). In the case of failure end, as a precaution, it may be notified to the called terminal using the PCM data LSB bit stream. The subsequent processing may be the same as when terminal authentication has failed.

  Note that the process of step A107 in FIG. 6 (authentication response transmission process) may be performed after the PCM encryption algorithm is determined, and the start position may be notified together with the authentication response.

  Next, the operation of the called terminal corresponding to the operation of the calling terminal will be described. As shown in FIG. 9, when receiving the authentication response (OK), the CPU 3 of the called terminal receives a reference number (index number) to the PCM encryption algorithm designation table 34 from the encrypted data generated for terminal authentication. Extract (step B201). The process in step B201 is a process for determining the same PCM encryption algorithm as that of the calling terminal. Then, by acquiring the PCM encryption algorithm corresponding to the extracted reference number from the PCM encryption algorithm designation table 34, the PCM encryption algorithm used for the current secret call is determined (step B202).

  In the called terminal, the CPU 3 continues to monitor the PCM data LSB bit stream after receiving the authentication response (OK), and receives the start position of the encryption of the PCM data from the calling terminal. (Step B203).

  When receiving the PCM data encryption start position from the calling terminal, the CPU 3 of the called terminal determines whether or not the notified start position can be handled (step B204). If this is possible (Yes in step B204), the CPU 3 of the called terminal transmits a response indicating acceptance of the start position to the calling terminal using the PCM data LSB bit stream (step B205). . Then, the determined PCM encryption algorithm and encryption start position are set, and the process ends (step B206: successful end).

  Thereafter, the PCM data portion to be transmitted and the PCM data portion to be received may be decrypted based on the determined PCM encryption algorithm and the encryption start position.

  On the other hand, if the response is not possible (No in Step B204), the CPU 3 of the called terminal transmits a response indicating that the start position is not accepted to the calling terminal using the PCM data LSB bit stream. (Step B205), it is determined that the secret call is not started, and the processing is ended (Step B207: failure end).

  In the present embodiment, an example in which a symmetric encryption algorithm is used as the encryption algorithm for terminal authentication is shown, but an asymmetric encryption algorithm can also be used. Further, in the above description, the calling side terminal has been described as an example that takes the initiative in establishing a secret call such as redundant data selection, authentication determination, start position determination, etc. The terminal that first receives the call start instruction may perform the call.

  As described above, according to the present embodiment, a secret call can be realized more safely and easily in a call system that performs a secret call. For example, by using an LSB bit string of PCM data without using an IP packet containing data that can be identified from the outside such as an IP address, a MAC address, or a dial number, which is likely to be a key for decryption at the time of authentication confirmation, Decoding is difficult. In addition, for example, by using different redundant data for each secret call, it is difficult to perform decryption in terminal authentication. Further, for example, the PCM encryption algorithm is determined by using redundant data different for each secret call, thereby making it difficult to decrypt the PCM encryption algorithm.

  By using the LSB bit, the above effect can be obtained with almost no influence on the call voice. Further, by performing only with the LSB bit, even when processing such as synthesis / separation and encryption of PCM data is realized by hardware, it can be realized very simply.

  Further, according to the present embodiment, since the LSB bit string of PCM data is used as a bit stream for control data, not only a secret call between IP phones and a secret call between synchronous digital terminals, but also an IP phone and a synchronous digital terminal It is also possible to realize a secret talk between them.

  In the above embodiment, as an example of the start timing of encryption / decryption of PCM data, a method synchronized with the header code of the data format in the PCM data LSB bit stream has been described. However, the timing is in units of PCM data packets. It is also possible to start encryption / decryption.

  In the above embodiment, an example in which the PCM data portion is synthesized and separated as the processing of the CPU that operates according to the program has been described. However, for example, it is possible to cause hardware to synthesize and separate the PCM data portion. is there.

  The present invention can be applied universally to a call terminal used in a call system that establishes a call by converting voice into a digital signal and exchanging packets. For example, the present invention can be applied not only to IP telephones but also to synchronous digital terminals using ISDN lines.

It is a block diagram which shows the structural example of the terminal for telephone calls by this invention. 3 is a block diagram illustrating an example of a configuration of functional blocks in a control unit 10. FIG. It is a block diagram which shows the structural example of the IP telephone set used for the communication system as one Embodiment of this invention. It is explanatory drawing which shows the relationship between PCM data and the bit stream for control data. It is explanatory drawing which shows the example of the data format applied to a bit stream. It is a flowchart which shows an example of operation | movement of the IP telephone (calling side) at the time of performing terminal authentication. It is a flowchart which shows an example of operation | movement of the IP telephone (calling side) at the time of performing terminal authentication. It is a flowchart which shows an example of operation | movement of the IP telephone (calling side) at the time of determining a PCM encryption algorithm. It is a flowchart which shows an example of operation | movement of the IP telephone (calling side) at the time of determining a PCM encryption algorithm. It is explanatory drawing which shows the example of the PCM encryption algorithm designation | designated table.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Control part 101 Secret call processing part 102 Transmission data part synthetic | combination part 103 Reception data part isolation | separation part 1 IP telephone 2 PHY
3 CPU
4 Jitter Buffer 5 PCM Codec 6 Microphone 7 Speaker 31 Random Number Table 32 Target Authentication Algorithm for Terminal Authentication 33 Authentication Password 34 PCM Encryption Algorithm Specification Table 100 Communication Network

Claims (12)

A call terminal used in a call system for performing a secret call,
A bit stream for control data is formed by using predetermined bits of data included in a data part transmitted / received by an audio data packet link for transmitting / receiving an audio data packet obtained by converting audio into a digital signal. With a bitstream, equipped with a control unit that exchanges information necessary for secret talks between terminals that make secret talks ,
The call terminal is characterized in that the control unit selects an encryption algorithm for a secret call for each secret call and notifies the partner terminal by a control data bit stream formed in a voice data packet link . The bit stream for control data is formed using the LSB of the data included in the data part transmitted / received by the audio | voice data packet link for transmitting / receiving the audio | voice data packet which converted the audio | voice into the digital signal. Terminal. The control unit performs exchange of information necessary for the secret call after performing terminal authentication between the terminals performing the secret call with the control data bit stream formed in the voice data packet link. The call terminal according to 2. The control unit determines whether the redundant data selected for each secret call from one of the call terminals is encrypted data encrypted by a predetermined method using data dependent on the terminal that performs the secret call, Perform device authentication
The call terminal according to any one of claims 1 to 3 . The call terminal according to claim 4 , wherein the control unit determines an encryption algorithm for the secret call based on redundant data used for terminal authentication or encrypted data generated based on the redundant data. Control unit, the bitstream control data formed in the voice data packet link, by applying the data format of the predetermined communication protocol, among of claims 1 to 5 in which synchronize the control data bit stream The call terminal according to any one of the above. The control unit
Terminate the control data, and the secret call processing unit that performs processing necessary for the secret call between the terminals that perform the secret call,
A transmission data unit combining unit that combines the voice data and the control data to be transmitted, and generates a data unit that is actually transmitted through the voice data packet link;
The call terminal according to any one of claims 1 to 6 , further comprising: a reception data part separation unit that separates the voice data and the control data from the data part received by the voice data packet link.   A call terminal used in a call system for performing a secret call,
  A bit stream for control data is formed by using predetermined bits of data included in a data part transmitted / received by an audio data packet link for transmitting / receiving an audio data packet obtained by converting audio into a digital signal. With a bitstream, equipped with a control unit that exchanges information necessary for secret talks between terminals that make secret talks,
  The control unit exchanges information necessary for the secret call after performing terminal authentication between the terminals performing the secret call with the control data bit stream formed in the voice data packet link.
  A call terminal characterized by that. A method for establishing a secret call for establishing a secret call in a call system for performing a secret call,
The call terminal selects an encryption algorithm for a secret call for each secret call , and transmits / receives data included in a data portion transmitted / received by a voice data packet link for transmitting / receiving a voice data packet obtained by converting voice into a digital signal. using a predetermined bit to form a bit stream control data, in the control data bit stream, to exchange information necessary for the privacy calls between terminal for privacy call including information about the selected encryption algorithm The secret call establishment method characterized by this.   A method for establishing a secret call for establishing a secret call in a call system for performing a secret call,
  A call terminal forms a control data bit stream using predetermined bits of data included in a data portion transmitted and received by an audio data packet link for transmitting and receiving an audio data packet obtained by converting audio into a digital signal, Using the control data bitstream, terminal authentication is performed between terminals performing a secret call, and then information necessary for the secret call is exchanged between terminals performing the secret call.
  The secret call establishment method characterized by this. A program for establishing a secret call for establishing a secret call applied to a call terminal used in a call system for performing a secret call,
On the computer,
The encryption algorithm at the time of the secret call is selected for each secret call , and a predetermined bit of data included in the data part transmitted / received by the voice data packet link for transmitting / receiving the voice data packet obtained by converting the voice into a digital signal is used. A control data bit stream, and a process for exchanging information necessary for the secret call between the terminals performing the secret call including the information of the selected encryption algorithm with the control data bit stream. A program for establishing a secret call.   A program for establishing a secret call for establishing a secret call applied to a call terminal used in a call system for performing a secret call,
  On the computer,
  A control data bit stream is formed by using a predetermined bit of data included in a data portion transmitted / received by an audio data packet link for transmitting / receiving an audio data packet obtained by converting audio into a digital signal, and the control data bit stream The process of exchanging information necessary for a secret call between terminals performing a secret call after performing terminal authentication between terminals performing a secret call
  A program for establishing a secret call to execute.

Images