SI24698A - An encryption coding modules - Google Patents

Abstract

Encryption coding module solves the encoding problem. encryption / encryption of speech (data, messages) in wired or wireless communication systems. This module contains the possibility of autonomous power supply with an internal battery (112) via the power module (107). This includes a battery controller and has the ability to connect external power. An own processing unit (113) which can be implemented with, but not limited to, a microcontroller, a FPGA circuit, or another microprocessor system. The module is equipped with a strenuous memory (106), a NFC Receiver / Broadband Module (102), Bluetooth or another module for providing wireless communication (103), an audio plug (104), an audio outlet (108), a microphone for capturing audio (110) , a sound playback loudspeaker (111), a USB connector (101), a security element (105) that ensures the safe storage of key data, while also includes mechanisms for preventing and detecting access to the module and the speaker for interfering the built-in microphone in the module 109). The encryption code encoder module is securely configured in such a way that any interference to the inside of the device prevents its further use while it also prevents the operation of the primary microphone on the communication device (100).

Description

CODING MODULE

The subject of the invention is a device "encryption coding module", which is intended for coding or. encryption / encryption of speech (data, messages) on a wired or wireless telephone, smartphone, smartphone, tablet, PC and similar devices (hereinafter referred to as "communication device").

A technical problem solved by the invention is the design of a device that enables two or more users (devices) to have a secure conversation or transfer of data (messages) that cannot be eavesdropped or the eavesdropping content is unintelligible and thus useless.

With the development of telecommunications over the last two decades, real-time wiretapping has become easier. Various intelligence agencies and private organizations carry out a routine interception of calls and / or data links, which enables the acquisition of sensitive political, military and economic and other information in an unlawful manner. Equipment for wireless interception of mobile phone calls and messages has become affordable and easily accessible, which is why eavesdropping has become so widespread, simple and uncontrolled today. Therefore, the use of a device that is the basis of the proposed patent is fully justified, since it allows for the protection of privacy during a voice connection.

Protecting speech data with strong and trusted encryption. encryption / encryption is not easy. Most of the coding algorithms used today are of dubious quality, as there is a growing body of studies and evidence that they contain different and relatively straightforward ways of "seeing" the contents of coded packages. i.e. side door. An additional reason is the fact that today's supercomputers with extreme computational power take advantage of the weak protections of some commonly used encryption algorithms. encryption / encryption. The aforementioned disadvantages are usually masked in the public by various marketing efforts to keep this public and to discuss it as little as possible. Last but not least, these same agency agencies that certify the adequacy of coding algorithms, on the other hand, are responsible for intercepting and tapping into telecommunications information.

There are some similar solutions known, none of which allow for the transmission of data and messages using a high rate of encoding. encryption / encryption on all communication links between two or more devices (users) as our proposed invention. EP 21 patent solutions are known

580 and DE 10 20 10 01 79 36, which, however, perform the entire encryption (encryption / encryption) process within the mobile device at the software level. This enables the transfer of encrypted data over the network, but it is still accessible at the mobile device operating system level to be intercepted by other applications on the mobile device.

In addition to these two, the most typical solutions are the patents US 20 13 02 36 015, US 20 13 02 52 585, US 80 05 223, CN 10 20 75 321, WO 20 08 15 02 24, VVO20 11 11 27 67, US 85 26 616, WO 20 08 12 95 46, US 08 63 87 16, CN 20 11 88 646, CN 10 13 04 306, JP 20 05 19 77 86, EP 21 75 580, US 85 55 068, US 20 08 01 41 331, US 20 06 01 54 695, WO 20 13 00 93 19, WO 20 13 13 38 36.

The point of the proposed solution is to allow secure conversation, transfer of data or messages between end users / -! oz. devices / -! by means of an encryption module. The proposed encryption module consists of the basic components shown in Figure 1:

- an encrypted coding module with autonomous power supply (may include an internal battery (112)), a power module (107) comprising a battery controller and having the ability to connect an external power supply, its own processing unit (113), which can be implemented by, a not limited to, microcontrollers, FPGAs or other micro-processor systems. The device is equipped with permanent memory (106), NFC transceiver / transmitter contactless module (102), Bluetooth module (103), audio plug (104), audio jack (108), microphone for audio capture (110), speaker for audio playback (111), a USB port (101), a security element (105) that provides secure storage of key data, while also providing mechanisms to prevent and detect access to the module and speakers to interfere with the built-in microphone in the device (109). The encryption module enclosure housing is adapted in such a way that any interference with the interior of the device prevents its further use (tamper-evident, tamper-responsive and tamperresistant) and at the same time can also prevent the primary microphone from operating on the communication device (100),

- an application on a communication device for managing an encryption module operating on a communication device.

The structure of the encryption module is given in Figure 1. The encryption module may be located in the housing of the device. The enclosure may, inter alia, disable audio capture on the device used.

The internal electronics of the encryption module performs the following basic functions:

- sound capture.

- audio playback,

- coding or. encryption / encryption and decoding or encryption. decrypt / decrypt audio, data and messages,

- communication through different communication interfaces.

The encryption module (205) can be connected to the communication device (204) (eg by mobile phone) in several different ways (Figure 2):

- USB interface (200),

- NFC contactless interfaces (201),

- Bluetooth interfaces (202) (other wireless interfaces such as RF, ZigBee, VViFi, IR, etc. may be used),

- electro-acoustic assembly (203).

In addition to the various connection options with the communication device, the encryption module can simultaneously establish and maintain communication through all possible connections available on the communication device (establish and maintain a communication multiplex), which further disables or prevents communication. makes it difficult to intercept data.

The encryption module (300) allows the connection of external devices (eg (303), (304) and other external devices) via the following communication interfaces (Figure 3):

- Bluetooth interface - (302) (eg wireless headset - (304), car radio - (305), other wireless interfaces such as RF, ZigBee, VViFi, IR are also possible),

- audio interface - (301) (eg wired headphones - (303)).

The encryption module can operate in two modes:

- as a completely stand-alone device where the communication device of its presence is unaware and does not affect its operation,

- in combination with an application on a communication device. Safe communication process:

the user launches the application on the communication device (601), authenticates himself with a PIN number or biometric sensor (602), if authentication fails, the user must re-authenticate (603),

- in case of successful authentication, the user enters the number or. the caller's address or select one or more users (604) from the directory,

- Press the button to initiate the process of establishing a secure connection (605), having successfully (606) or unsuccessfully (609) established a secure connection between the encryption coding modules of the connected communication devices of users, the application on the communication device notifies the user, audio / voice / data / message transmission (607),

- after the end of the conversation / data transmission / messaging, the user disconnects (608).

An application on a communication device that manages the encryption module enables:

- direct control of the encryption module (settings, choice of type of communication interface, ...),

- establishing a secure connection,

- secure conversation call,

- secure communication,

- secure data transmission,

- secure messaging,

- secure access to the application on the communication device (use of PIN number, biometric verification, etc.),

- managing the data of users of other encryption modules with which a secure connection is made,

- Remote software update and configuration of the encryption module.

Encryption coding modules the modules can connect to each other directly or through the communication interfaces of the communication device. A secure connection is made using two communication interfaces:

- data connection (other wireless interfaces such as RF, ZigBee, VViFi may be used),

- audio connection (making a call).

There are two ways to link the encryption modules:

- a direct connection where the encryption module (403), through the communication interface on the device (402), establishes a secure connection (401) directly with the device (404) which transmits the data to the encryption module (405) (Figure 4),

- indirect connection, where the encryption module (501) first establishes a secure connection (503) to the intermediate device (504) using the communication interface of the device (502). This device establishes a new secure session (505) to the end device (506), which transmits the received data to the encryption module (507) (Figure 5).

Modes of operation of the encryption module, which are implemented in the case of successfully established secure connection between the encryption modules:

- data transmission: The sending data is located on the communication device. The device sends the data to the encryption module. It encodes them. encrypts / encrypts and forwards to the device that sends them to the address communication or intermediate device (gateway). This device sends data to the encryption module that decodes or encodes it. decrypts / decrypts and transmits the result to the device.

- Message transmission: The sending messages are located on the communication device. The device sends these messages to the encryption module. It encodes them. encrypts / encrypts and transmits to the device which sends them to the address communication device. The device sends a message to the encrypting module which decodes them. decrypts / decrypts and transmits the result to the communication device.

- dial-up connection: Audio is captured via a microphone, which can be located on the encryption module, communication device or on an external device connected directly to the encryption module with a wired or wireless interface. If the audio is captured by a communication device, the audio in the form of the captured data is first transmitted to the encryption module, otherwise this information is already on the encryption module, as they come directly from the internal microphone or microphone. via an external device. It encodes them. encrypts / encrypts and transmits to the device, which transmits them to the address communication device. The address communication device transmits the received data to the encrypting module, which decodes them. decrypts / decrypts and plays on the selected communication interface (speaker of the communication device, speaker of the encryption module, forwarding to other external devices).

LIST OF ABBREVIATIONS

NFC - Near Field Communication is a high frequency short range communication technology

USB - Universal Serial Bus Universal Serial Bus

Bluetooth - Secure wireless high-frequency technology for connecting various digital electronic devices at distances of up to several meters

ZigBee - A wireless communication protocol designed for low-power personal networks

RF - radio frequency transmission

VViFi - wireless computer network

FPGA - Field-Programmable Gate Array Hardware Programmable Tamper-Evident Logic Circuit - Tamper-Responsive Traceability - Tamper-Resistant Response - Tamper Resistance

Claims (17)

PATENT APPLICATIONS A building for an encryption module, characterized in that it comprises an internal battery (112), a power unit that may comprise an external battery charging port, a battery management logic (107), a proprietary processing unit (113) implemented with, but not limited to, a microcontroller, an FPGA circuit, or other micro-processor system, a memory unit (106), a NFC receiver / transmitter module (102), Bluetooth (103), or other type of wireless communication interface, an audio plug (104) ), audio jack (108), audio pickup microphone (110), audio speaker (111), USB port (101), security element (105) for safe storage of key data, and also includes mechanisms for preventing and detecting access to the module, loudspeaker for interfering with the built-in microphone in the device (109), housing which is security-adjusted in such a way that any interference with the interior of the device prevents its further use by means of tamper-proof, tamper -responsive and tamper-resistant, but may also prevent the primary microphone from operating on the communication device (100). Coding module according to claim 1, characterized in that its structural design (100) is constructed (109) so as to make it difficult or impossible to capture the audio signal by physically blocking the receiving part of the communication device. 3. The encryption module according to claim 1, characterized in that it can operate in combination with an application on a communication device for the purposes of monitoring, configuring, managing and updating the encryption module. Coding module according to claim 1, characterized in that it can operate without application on a communication device in a stand-alone mode of operation. The encryption module according to claim 1, characterized in that it uses the encoded or encrypted / encrypted communication to the communication device. Coding module according to claim 1, characterized in that it has an implemented communication interface to the communication device (204) using a USB interface (200) and / or using Bluetooth wireless communication technology (202) and / or via electro-acoustic of assembly (203) e.g. using headphone input / output and / or the NFC (201) and / or other wireless interfaces, such as e.g. RF, ZigBee, WiFi, IR, etc. 7. The encryption module according to claim 1, characterized in that it can use its internal speaker and microphone, the speaker (s) and the microphone (s) of the communication device to capture and play audio data or speech. connected using headphones or. any other combination of external audio pickup and playback devices that can be connected directly to the encryption module using a wired (301) or wireless (302) connection, or may use any combination of the above audio capture and playback modes. Coding module according to claim 1, characterized in that it can be integrated or connected as an interface between the communication device to which it is connected (300) and another physically connected device capable of capturing and / or reproducing audio / speech with e.g. headphones (303) and / or display, storage or processing of data / messages. Coding module according to claim 1, characterized in that it can be integrated or connected as an interface between the communication device to which it is connected (300) and other external wireless device such as e.g. wireless headsets (304), car radios (305), etc. 10. The encryption module according to claim 1, characterized in that it can use any combination of integrated and / or different external devices for capturing and / or playing sound or. for sending and / or receiving, displaying, storing or processing messages / data. 11. The encryption module of claim 1, characterized in that the communication devices can connect directly to one another or use transient devices such as e.g. server or gateway to create a secure communication network. 12. The encryption module according to claim 1, characterized in that its use is not limited to communication devices but can be used with any other device that requires a secure connection. 13. A method of secure data communication between an encryption module and a communication device, characterized in that it is implemented in digital or analog form and by wired or wireless connection. 14. The method of secure data communication in digital form according to claim 13, characterized in that it includes the following steps: - establishing a data connection (701), - running the application on the communication device (702), - user authentication (703), (704), - selecting a communication interface (s) (705) where the user determines the source of the data / speech, - choice of addressee (s) (706), - the establishment of a secure session (707), (708), - in the case of successful (709) or unsuccessful (710) establishment of a secure session, this shall be reported to the user, - capture of input data (711) to which audio / speech / message belongs, - if the microphone is used on a communication or external device, the data is first transferred to the encryption module (713), but if the internal microphone of the encryption module is used, this step is skipped, - coding or. data encryption / encryption on the encryption module (714), - sending encrypted / encrypted packets to an application on a communication device (715), - the application transmits data on the caller's communication device via GSM / UMTS / IP or other wireless network or data connection to the addressee (716), - the application on the caller communication device receives coded or encrypted / encrypted data, - coded or. the encrypted / encrypted data is transmitted to the encryption module (717), - decoding or decrypt / decrypt data on the encryption module (718), - audio playback or data display on the encryption module / headset / communication device or transmission of data via communication interfaces to an external device (719), - interrupting a secure session after a call (720). 15. Analogue secure data communication method according to claim 13, characterized in that it includes the following steps: - running the application on the communication device (801), - user authentication (802), (803), - choice of communication interface (804), - making a call with the addressee / -! (805), - the establishment of a secure session (806), (807), - in case of successful (808) or unsuccessful (809) establishment of a secure session, this shall be reported to the user, - capture of input data (810), - in the case of using a microphone on a communication or external device, the data is first transferred to the encryption module (812), but if the internal microphone of the encryption module is used, this step is skipped, - coding or. data encryption / encryption on the encryption module (813), - sending encoded or encrypted / encrypted data directly to an established call channel (814), - capturing data directly from the call channel (815) on the recipient's communication device, - transmitting data to an encryption module connected to the addressee's communication device (816), • · »· - decoding or decrypt / decrypt data on the encryption module (817), - playing audio or displaying data on the encryption module / headset / communication device or. transmission of data via communication interfaces to an external device (818), - interrupting a secure session after the call has ended (819). 16. The method of connection in the encryption module according to claim 13, characterized in that it is implemented using a wired connection (301), wherein the specific features of the procedure for establishing secure voice transmission, respectively. data / messages: - if the user uses the encryption module in conjunction with the application on the communication device (901), the following steps are optionally followed: - running the application on the communication device (902), - user authentication (903), (904), - establishing a dial-up connection with the user / -! (905), - the module automatically arranges for synchronization and encoding / decoding, respectively. encryption / decryption and encryption / decryption of data (906), - if the user uses the application on the communication device (909), (908) he will be informed of the status of successful (912) or failed connection (911), - in the event of a successful meeting, communication is terminated (910), - data captured via an external device (913), e.g. headset, the encrypting coding module encodes or. encrypts / encrypts and passes the device (915) through an audio plug, which then sends them via voice channel to the addressee, - the addressee receives this information (916), this information is transmitted via an audio plug to the encryption module (917), - the module decodes the data or. decrypt / decrypt (918) and forward them to an external device (919), - interrupting a secure session after the call has ended (920). 17. The method of connection in the encryption module according to claim 13, characterized in that it is implemented using a wireless connection (302), wherein the specific features of the procedure for establishing secure voice transmission, respectively. data / messages: - if the user uses the encryption module in conjunction with the application on the communication device (1001), the following steps are optionally followed: - running the application on the communication device (1002), - user authentication (1003), (1004), the following steps are first used: - to pair an external device and an encryption module (1005) via an application on a communication device, - pair the encryption coding module and communication device (1006) via an application on a communication device, the user selects the encrypted connection option (1007) on the communication device application, establishes a secure session (1008) if the user uses the application on the communication device (1010), (1011 ), the status of successful (911) or unsuccessful (1012) connection establishment (1014) is reported; in case the session was not successfully established, the call is terminated (1013), the data captured via an external device (1015), such as . wireless headset, encrypted encoder module encrypts / encrypts (1016) and transmits it wirelessly to the communication device, which then sends it via the voice channel / data link to the addressee (1017), the recipient communication device receives this information (1018), the received data is transmitted via the encryption module wirelessly (1019), the encrypting coding module decodes the data respectively. decrypts / decrypts (1020) and forwards them via the wireless interface to the external device (1021), interrupting the secure session after the end of the call (1022).