RU2559714C2 - Personal portable digital video radio station and method of providing reliable identification of operator of transmitting radio station through electronic digital signature - Google Patents

Abstract

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to radio engineering and mobile communication systems. Disclosed is a method of identifying an operator of a transmitting radio station, as well as a personal mobile real-time digital broadcast audio, video and text communication device - radio station. A portable radio station with a processor, memory, a colour touch screen, a camera, a GLONASS/GPS receiver, a microSD card reader, one or more radio modules, which enables to transmit, record and repeatedly playback video, audio and text information with association of radio communication with the map of an area. Radio communication is protected from interception by encrypting all the transmitted and stored information using an algorithm with a symmetrical key. A transmitting radio station is identified by the digital electronic signature of transmitted packets and verifying said signature at receiving radio stations. Exchange of public keys for verification of the signatures is carried out by radio stations in broadcast mode in X.509 certificates signed by an authorisation centre.

EFFECT: more secure radio communication.

2 cl, 8 dwg

Description

This invention relates to the field of radio communications, namely to personal portable radio stations, and can be used to carry out operational safe digital radio communications, with the possibility of transmitting sound, video, still images, text messages and navigation information (geographical coordinates), between an unlimited number of radio exchange participants, as well as to display all the information received on the integrated high-resolution color display.

A number of devices are known, including, but not limited to, Bowman H4855 [1], Harrison RF-7800S-TR [2], Motorola XTS 5000 [3], which are functionally designed to provide personal digital radio communication with elements for ensuring secure communication by using industrial AES symmetric key cipher.

None of the known devices has a high-resolution color touch screen, is not equipped with a camera - a photosensitive sensor (or a connector for connecting one) and does not have the function of operational video communication.

None of the known devices has the function of identifying the operator and / or the transmitting station by signing and verifying the transmitted traffic, i.e. does not implement electronic digital signature (EDS) algorithms. H4855 [1] has the function of identifying the sending radio station. It is not exactly established exactly how the H4855 device implements this function, however, it has been established that this device does not implement the EDS mechanisms of the transmitted traffic, which means that the identification of the operator in this device is not reliable, i.e. the identifier of the operator of the transmitting radio station may be substituted without the knowledge of other participants in the radio exchange.

In conventional analogue radio communication, the following methods for identifying the operator of a transmitting radio station are known and widely used:

1. Voice call sign or code word. The operator identifier is spoken by the operator in the voice path before or after the radio broadcast. The call sign is assigned either by the public authority responsible for control and supervision in the field of radio communications, or by the operating organization, or by prior arrangement between the participants of the radio exchange. This identification method is unreliable, since the operator of the receiving radio station does not have a method or technical means for comparing and checking the received identifier with his communicating person, except for the voice timbre, which can be greatly distorted when transmitted through the radio channel;

2. DTMF tone sequence or similar multi-frequency code. The device of the radio station is equipped with tonal generators and detectors, which allow you to transmit digital sequences in the voice path of the radio channel and detect them. Identification is carried out according to the following principle:

a. Each radio station is assigned and entered into the configuration (programmed) a certain number, which serves as its identifier;

b. When conducting a radio communication session, the radio station automatically transmits its identification number before (sometimes after) the session by issuing into the voice path a sequence of multi-frequency tones that uniquely encode the specified number;

c. The receiving radio station detects the tone transmission, compares the received identifier with the internal list of numbers known to it, and thus can either limit the reception of the radio signal from unwanted subscribers, or it can inform the user (for example, display on the display) the received identifier.

The disadvantages of this method are as follows:

a. When transmitting tonal sequences in the voice path of a radio channel, frequent occurrence of detection errors caused by the presence of noise in the radio channel;

b. The receiving radio station (or its operator), as is the case with the method described in paragraph 1, does not have any method or technical means to verify that the received identifier is correct and that it matches the person (operator) performing the radio transmission. It is known that in the presence of simple technical means, the tonal identifier is easy to replace or distort without the knowledge of other participants in the radio exchange.

The following identification methods are widely used in digital radio communications:

1. Digital identifier of type IMEI or similar. Each radio station is assigned a digital identifier that is programmatically entered into it either during tuning or during production. When performing radio communications, the transmitting radio station includes its identifier either in each packet of transmitted information, or transmits it in a specialized "identification" packet. The receiving radio station extracts the identifier from the received packets, verifies its integrity by digital methods (CRC calculation) and checks - verifies the received identifier through the switch, which, as a rule, is part of the infrastructure. This method has the following disadvantages:

a. Requires infrastructure and a switch in its composition for verification;

b. The method is unreliable, since the digital package is not protected by an electronic digital signature, which, theoretically, allows you to replace the identifier or to communicate using someone else's identifier.

2. Identification using a SIM card (see [4]), the essence of which is as follows:

a. The digital radio station (subscriber terminal in terms of cellular communication) is equipped with a special device - a SIM card, which contains a microprocessor device and a read-only memory. A random number is entered into the memory of the SIM card, either during its production or during the configuration process, which serves as a secret key. The SIM card is designed in such a way that the secret key cannot be removed (read) from it under any circumstances. The microprocessor device as part of the SIM card allows you to sign any other data sequence using the digital signature method using the secret key from the SIM card memory;

b. The interaction of the subscriber terminal and the SIM card is carried out through a specialized interface with a strictly defined protocol;

c. Access to the SIM card is limited by another digital key - a PIN code, which is received from the user of the subscriber terminal and transferred to the SIM card the first time it is used;

d. When performing radio communications, the subscriber terminal supplies all transmitted packets with a special number - a signature, which depends on the data received from the switch and the result of calculating the digital signature using a SIM card. Thus, the subscriber is “linked” to the secret key stored in the SIM card and the subscriber is uniquely verified by the switch as part of the infrastructure. This identification method is recognized as very reliable and is widely used in cellular communications.

The disadvantage of the SIM-based identification method is that it is mainly designed to be used as part of a complex infrastructure in which there is a switch or other central device whose functions include authentication of subscribers. This method is not applicable for operational radio communications.

None of the known devices allows the use of an external removable storage medium such as an SD card (or similar) as a place to safely store electronic keys.

None of the known operational radio communication devices allows restricting access to electronic keys (or to the device itself) by means of a PIN code, and, therefore, they may endanger the safety of radio communication in the event of loss of a radio station by one of the participants of the radio exchange or if an unauthorized person takes possession of it.

None of the known devices allows automatic exchange of navigation information received from the built-in navigation receiver, and does not allow the participants of the radio exchange to automatically track and display the relative position on the map.

None of the devices allows the operator to obtain information about the participants of the radio exchange - their number, list of identifiers, distance and geographical coordinates of the participants.

None of the known devices is equipped with a removable storage medium such as an SD card and does not allow recording and subsequent multiple reproduction of radio exchanges directly on the device.

Known RF patent No. 2484584 dated 05/10/2012 (see [5]) for a radio station having a system for documenting negotiations and allowing for the recording, storage and retrieval of information. A well-known radio station does not allow recording on a removable storage medium such as an SD card, it is not equipped with a high-resolution color touch screen, it is not equipped with a camera, it is not equipped with a GLONASS / GPS receiver, it does not allow transmitting video images, text messages and navigation information, it does not have a transmitting identification function stations by electronic digital signature.

The technical result to which this invention is directed is to expand the functionality of the radio station and increase the security level of personal mobile operational radio communications by eliminating the above disadvantages.

This invention is the radio station shown in figure 1, is a portable computer with dimensions that can easily fit in the operator’s hand, equipped with a central processor (1A) and a DSP coprocessor (1B) for encoding and decoding audio and video information, one or more radio modules ( 2, 3) with an internal (4) or external (5) antenna for transmitting information over the air, a color LCD touch screen (or similar) high-resolution display (6) to display video information and control the radio, the front camera - light a sensitive matrix (7) for capturing video information, a microphone (8), a loudspeaker (9), a connector for connecting an external headset (10), a USB connector (11) for connecting one or more external cameras and other peripheral devices, a GLONASS navigation information receiver / GPS (12), a card reader (13) in microSD format (or similar) for supplying electronic keys on a removable external medium - an SD card (14) and for storing successful radio broadcasts, using the PTT button (15) to initiate a radio broadcast by the operator. The radio station contains firmware stored on a built-in NAND-type media (16), which provides a full range of functions (see below). The operator interacts with the device through a graphical interface based on touch input.

By periodically exchanging public electronic keys through a broadcast digital radio channel as part of digital certificates in the X.509 format and verifying the signature of the received certificates, it is possible to determine the circle of participants in radio exchange and exclude the participation of unauthorized participants, i.e. participants who do not have the corresponding certificate issued by the authorization center.

By digitally signing the transmitted information packets and verifying this signature at the receiving radio stations, the operator of the transmitting radio station is uniquely identified. At the same time, the operator of the transmitting radio station is not able to change or replace his identifier without having the appropriate X.509 certificate issued and signed by the authorization center.

By encrypting all transmitted packets using a symmetric key algorithm, a reliable level of radio protection is achieved.

By storing the electronic keys, certificates and records of the exchanges on removable media (SD card), in encrypted form, a certain level of independence of the operator from the radio station itself is achieved, which allows the operator, if necessary, a) to quickly change the radio stations, while maintaining their identification and history of radio exchanges, b) contain confidential information - keys and records of radio exchanges, separately from the radio station.

Access to information on removable media is carried out only after the PIN code entered by the operator of the radio station, which is used as a key for a cipher protecting information on removable media, which further increases the reliability of information storage and restricts access to it. Without the PIN code entered, the radio station does not have access to keys and certificates, which means it is inoperative and cannot participate in radio exchanges. Removing removable media from the card reader also puts the radio inoperative. This property of the invention solves the problem of the threat to the safety of radio exchange in case of loss of the radio station by one of the operators.

In use, this radio station is similar to the widely used conventional analog portable radio stations operating on the principle of "push-to-talk" or "push-speak, release, listen." However, due to the complete rejection of analog radio, the use of only digital broadcast packet communication in conjunction with a symmetric and asymmetric cipher, this radio station can not only solve a number of problems of conventional radio, such as: identifying the operator of the transmitting station, protection against intrusion into the radio and listening to the radio unauthorized persons; but also in tight integration with other digital technologies it provides a completely new class of services, such as:

- operational broadcast video communication allows you to make the radio more informative. By choosing the front or one of the external cameras, the operator can shoot a high-resolution image of an object, the surrounding area or a suspicious person and send this image to all participants of the radio exchange for analysis or comment;

- integration with GLONASS / GPS allows the participants of the radio exchange to receive operational information about the mutual geographical location and distance relative to each other, to record information about the movement of each other, to observe each other on a geographical map on the display of the radio station in "real time" mode;

- recording and saving of radio exchanges with the possibility of subsequent repeated playback of both a particular selected record and several records in a row in chronological order, allows the operator at any time to get a complete picture of the subject of the current conversation in the radio exchange, or to restore the subject of the conversation that took place earlier.

This radio station operates on a broadcast basis and, in general, does not require the deployment of any infrastructure, in contrast to mobile cellular communications, which are not always and not always available. Nevertheless, the mode of operation through existing digital networks or through rapidly deployable infrastructure is also provided with the aim of increasing the communication range or organizing a certain hierarchy. On figa-2D shows the following options for the use of infrastructure:

- Option 1. Without and infrastructure. The participants of the radio exchange, partially or completely, are located in the coverage area of the radio signal of each of the radio stations. Access to the environment is regulated by the radio module of each of the radio stations individually based on the CSMA-CD algorithm (random access, carrier detection).

- Option 2. Minimum infrastructure in the form of an access point. All radio communication is conducted through an access point (AP) of the WIFI standard (IEEE 802.11a / b / g), which regulates access to the medium in accordance with this standard.

- Option 3. Radio communication is conducted through a network of WIFI access points. Each of the radio stations is associated with its own access point. Access points, in turn, are connected to a single infrastructure via a local network or the global Internet.

- Option 4. WIFI bridge. Radio communication is conducted through the bridge (M), which, on the one hand, acts as a radio station according to Option 1 and operates in broadcast mode, and on the other hand, as a WIFI access point. Any of the radio stations equipped with two radio modules of different standards can act as such a bridge.

- Option 5. 3G / 4G bridge. Radio communication is carried out through the bridge (M), which, on the one hand, acts as a regular radio station and operates in broadcast mode, and on the other hand, has a connection to the gateway (Ш) via the network of a 3G / 4G mobile operator. At the same time, a central console (CPU) can be connected to the gateway, from which radio communications are controlled, and all radio communications can be fixed on a separate external medium (VN).

Due to the fact that when using this invention, there is no need to establish a logical connection between subscribers, then in the infrastructure, if necessary, there is no switching equipment, the presence of which is inherent in cellular and trunk communication networks. This property of the invention allows you to organize operational digital audio, video and text communication in the shortest possible time and without additional costs for the deployment of switching centers.

Another difference of this invention from digital cellular communication is that communication with it is performed in broadcast mode ("point-to-multipoint"), while in cellular communication is always made between two subscribers ("point-to-point"), if no additional conference equipment is used.

Establish a connection and activate.

Since the radio is in broadcast mode, there is no connection setup process, i.e. the operator of a radio station at any time can press the PTT button to start a radio transmission that will be received by all participants of the radio exchange located in the coverage area of the radio signal of that radio station, WIFI access point or gateway. In this regard, the invention is similar in functionality to traditional (conventional) radio stations. However, unlike traditional radio stations, this radio station requires the operator to activate it, which consists in the following:

1. After turning on the power and downloading the firmware, the radio asks the operator to insert a removable medium - an SD card containing files with a private key, with a symmetric key, with an authorized personal certificate X.509 and with a settings file;

2. Having found the card with the keys in the card reader, the radio station asks the operator to enter the PIN code using the “on-screen” keyboard on the touch screen;

3. Having received the PIN code, the radio station uses it to decrypt files with keys, certificates and settings and checks the CRC16 checksum of the decrypted files;

4. If the checksum does not match, then it is considered that the PIN code is entered incorrectly, and it cannot be used to correctly decrypt the above files. In this case, the radio station notifies the operator and asks to try again to enter the PIN code;

5. If the checksum matches, then it is considered that the PIN code is correct and the above files are decrypted correctly.

6. The radio station verifies the personal X.509 certificate, including verifies the start and expiration dates of its validity, and also verifies the digital signature of the authorization center contained in the certificate;

7. If the certificate has expired or the signature is incorrect, then such a certificate is considered invalid and cannot be used, as the radio station informs the operator and offers to replace (insert another) an SD card with keys, repeating the activation process from step 2;

8. If the personal certificate is successfully verified, the radio station broadcasts this certificate and from that moment is considered activated.

Since, according to clause 8, the personal certificate of the operator of the activated radio station was sent at the final stage of activation, this most likely means that all radio stations located in the coverage area of the radio signal from this (activated) radio station received its certificate and, accordingly, can decrypt and verification of packets sent by this radio station.

All radio stations periodically send out personal certificates of their operators with an interval of no more than 30 seconds. This means that within 30 seconds all the radio stations located in the mutual coverage zone will have each other's certificates, and, therefore, will be able to decrypt and verify each other's packets.

The above also means that a newly activated radio station cannot decrypt packets for an arbitrary time, but no more than 30 seconds from the moment of activation, since this time is necessary for collecting and accumulating personal certificates from other radio stations.

For the convenience of the operator, the radio station displays on the display the received and verified certificates of other radio stations in the form of a list of operator identifiers taken from the received certificates. Thus, the operator of this radio station has an idea of who at a particular moment in time can participate in the radio exchange.

The process of activation, distribution, collection of certificates and their use for decryption and verification of radio exchange participants is a characteristic distinguishing feature of this invention, the principle of its operation and use.

Exchange protocol

The format of the package and the exchange algorithm in a digital radio channel is presented in figa-3b and consists in the following:

1. All information is transmitted by the radio station in the form of packets (Fig. 3a) of sequential bytes (octets) of variable length, but not more than the established limit of 1500 bytes per packet through one or more radio modules (radio modems) that are part of the radio station;

2. The radio station transmits packets in broadcast mode, this means that the packet transmitted by one radio station can be received and processed by any number of other radio stations located in the coverage area of the radio signal of the transmitted radio station;

3. Each transmitted packet has a fixed HEAD service header, PAYLOAD payload area of variable length and ends with a SIGNATURE digital signature obtained on the basis of a private (secret) key and using one of the algorithms with an asymmetric key (for example, RSA or according to GOST 34.10-2001 ) to the service header area and part of the payload area;

4. The service header (Fig.3b), in addition to other information, contains an indication of the type of TYPE payload transmitted, the CRC16 checksum, and also contains the operator identifier of the transmitted station STATION ID obtained from the personal X.509 certificate of the operator located on removable media - SD card;

5. In the field of useful data of a package, in general, any information may be contained, in particular:

- a fragment of a voice frame obtained by compressing a digitized voice stream using the SPEEX algorithm;

- a fragment of a video frame obtained by compressing a video stream from one of the cameras with the MPEG4 or H.264 algorithm;

- a fragment of a high-resolution image obtained by compressing the image obtained from one of the cameras using the MJPEG algorithm;

- a frame with navigation information received from the built-in receiver of the navigation signal GLONASS / GPS;

- a fragment of a text message entered by the operator of the radio station;

- a fragment of a binary (arbitrary) file prepared by the operator of the radio station for broadcasting;

- Signed and authorized personal X.509 certificate of the radio station operator;

- other service and user information.

The payload area also contains the information needed to assemble the fragments into a single voice or video stream.

6. Before sending the packet, the contents of the service header and the contents of the payload area must be encrypted using an algorithm with a symmetric key (for example, AES 128 or according to GOST 28147-89). The encryption key is also taken from removable media.

Upon receipt of the package, the radio station performs the following sequence of actions:

1. Decrypts the service header and payload area using an algorithm with a symmetric key and using the key located on the removable media of this radio station;

2. Calculates the CRC16 checksum and checks against the checksum in the service header of the received packet;

3. If the checksums do not match, then it is considered that the received packet is encrypted with the wrong (not matching) key, or the wrong format. Such a packet is discarded and is not further processed;

4. If the checksums match, then it is considered that the radio stations that transmitted the packet and received this packet have the same key, and therefore the packet is further processed;

5. From the decrypted service header, the identifier of the operator of the transmitting station is removed;

6. In the memory of the radio station, an X.509 certificate is searched for, among those accumulated, containing the received operator identifier. If such a certificate is not found, it is considered that the operator of the sending radio station is not authorized, i.e. does not have the appropriate permission to participate in the radio exchange. Such a package is not further processed;

7. If the corresponding X.509 certificate is found, then the public key of the operator of the sending station is extracted from it and the digital signature of the packet is verified using the existing key;

8. If the digital signature does not pass verification (ie, the signature is “fake”), then such a package is considered unsafe or sent by an “intruder” and is not processed further;

9. If the EDS is successfully verified, it is considered that the operator of the sending station is authorized to participate in the radio exchange, and its identifier is uniquely determined;

10. The content of the payload area is processed, the fragments of voice and video frames are combined, i.e. demultiplexing.

11. If the voice frame is successfully demultiplexed, it is decoded using the SPEEX algorithm, and the sample stream received at the output is played to the operator through a hardware audio codec and a loudspeaker or earphone (headset) connected to it;

12. If the video frame is successfully demultiplexed, it is decoded using the MPEG4 or H.264 algorithm using a hardware DSP coprocessor and the resulting image is displayed on the radio station display;

13. In the case of successful demultiplexing of a high-resolution picture frame, it is decoded using the MJPEG algorithm and displayed to the operator on the display of the radio station;

14. If the package contains navigation information, then this information is associated with the operator of the sending radio station, distances are calculated, and corresponding changes are made in the display of the radio exchange participants on a geographical or topographic map, that is, object - the sender moves to the desired point on the map, which is displayed (at the request of the operator) on the display of the radio station;

15. All successfully verified packets are stored in their original (encrypted) form on a removable medium - an SD card, broken down by the identifier of the operator of the sending station and time. This allows you to search, re-decode and display information at the request of the operator of this radio station, i.e. allows you to view or listen to previously held radio exchanges.

The essence of the technical solution is illustrated by drawings.

1. Figure 1 shows a portable digital video radio station.

2. On figa presents an option for using a radio station without infrastructure.

3. On figb presents an option for using a radio station with a WiFi access point.

4. FIG. 2c shows an embodiment of using a radio station through a network of access points.

5. FIG. 2g shows an embodiment of using a radio station through a bridge with two radio modules of different standards.

6. On fig.2d presents a use case through a bridge equipped with a 3G / 4G modem, through the network of a cellular operator and through a gateway.

7. FIG. 3a shows a packet format for exchange in a digital radio channel.

8. On figb presents the format of the service header.

Information sources

1. www.prc68.com [site]. URL: http://www.prc68.com/I/Bowman.shtml (accessed June 17, 2013).

2. Harris [officer. website]. URL: http://rf.harris.com/capabilities/tactical-radios-networking/rf-7800s.asp (accessed June 17, 2013).

3. RadioReference.com [site]. URL: http://wiki.radioreference.com/index.php/Motorola_XTS_Series (accessed June 17, 2013).

4. Specifications on the Interface. Subscriber Identity Module - Mobile Equipment (SIM-ME), fuel and lubricants 11.11, version 4.10.0 of January 21, 1994.

5. Pat. 2484584 Russian Federation, IPC H04B 7/00, H04W 8/22. Radio station / Ponimatkin V.E., Shpileva A.A., Lukyanov Yu.M., Voropaev A.S .; patent holder of the BFU named after I. Kant - publ. 06/10/2013, Bull. No. 16.

Claims (2)

1. A method for identifying the operator of a transmitting radio station, characterized in using an electronic digital signature based on public keys obtained from authorized certificates exchanged on a periodic basis between radio stations in a digital broadcast radio channel; at the same time, before identifying the operator of the transmitting station, the radio station is activated, which consists in inserting a removable storage medium (SD card) into the radio station that contains files with a private key, a symmetric key, an X.509 authorized personal certificate and a settings file; then the operator enters the PIN code, which is used by the radio station to decrypt files with keys, certificate and settings; then checksum CRC16 decrypted files; verification of a personal X.509 certificate is carried out, the start and expiration dates of its validity are verified, the signature of the authorization center contained in the certificate is verified by digital signature; after the radio station is activated, packet data transmission is carried out, with each packet having a fixed service header, a payload area of variable length and ending with an electronic digital signature obtained on the basis of a private key using encryption with a symmetric key to the service header area and part of the payload area; the header contains an indication of the type of useful data, the CRC16 checksum and the identifier of the operator of the transmitted station, obtained from the personal X.509 certificate of the operator located on a removable storage medium. 2. Personal mobile operational digital broadcasting audio, video and text communication device — a radio station, which is a portable computer that can easily fit in the operator’s hand, equipped with random access memory and a central processor, a DSP coprocessor, a high-resolution color LCD touch screen, and a camera that is photosensitive a matrix, a GLONASS / GPS navigation signal receiver, a microphone, a loudspeaker, sockets for connecting an external camera and a headset, a card reader for supplying replaceable a storage medium (SD card) that stores files with a private key, a symmetric key, an X.509 authorized personal certificate and a settings file, firmware on the built-in storage medium such as NAND, as well as a PTT button, one or more radio modules, with connected internal or external antenna; characterized by the presence of cryptographic protection of the transmitted audio, video and text information via an open radio channel and providing identification of the operator of the transmitting radio station by electronic digital signature in accordance with clause 1, with the possibility of recording radio programs on a removable storage medium and playing back recorded radio programs; exchange and recording information about the location of radio exchange participants and displaying information about radio exchanges with reference to the geographical map of the area on the integrated display using the GLONASS / GPS navigation information receiver.

Images