TWI589146B - Communication system and communication authentication method thereof - Google Patents

Communication system and communication authentication method thereof Download PDF

Info

Publication number
TWI589146B
TWI589146B TW101134536A TW101134536A TWI589146B TW I589146 B TWI589146 B TW I589146B TW 101134536 A TW101134536 A TW 101134536A TW 101134536 A TW101134536 A TW 101134536A TW I589146 B TWI589146 B TW I589146B
Authority
TW
Taiwan
Prior art keywords
authentication data
authentication
encrypted
data
calling device
Prior art date
Application number
TW101134536A
Other languages
Chinese (zh)
Other versions
TW201414268A (en
Inventor
宋政桓
邱彥錡
謝杰泰
郭建甫
蘇晨豪
Original Assignee
走著瞧股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 走著瞧股份有限公司 filed Critical 走著瞧股份有限公司
Priority to TW101134536A priority Critical patent/TWI589146B/en
Publication of TW201414268A publication Critical patent/TW201414268A/en
Application granted granted Critical
Publication of TWI589146B publication Critical patent/TWI589146B/en

Links

Landscapes

  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Description

通話系統及通話認證方法 Call system and call authentication method

本發明係關於一種通話系統及其通話認證方法。更具體而言,本發明之通話系統及其通話認證方法可透過認證通道確認發話端之合法性。 The invention relates to a call system and a call authentication method thereof. More specifically, the call system of the present invention and its call authentication method can confirm the legitimacy of the caller through the authentication channel.

電信通訊之技術已被廣泛地使用,而為了增加通訊時之便利性,大部分之通訊裝置皆具顯示發話方身份辨識碼之功能,例如:行動電話於接收來電時顯示來電方之電話號碼。如此一來,使用者於使用通訊裝置進行通訊時,將可透過發話方之身份辨識碼,初步地判斷其身份。 The technology of telecommunications has been widely used, and in order to increase the convenience of communication, most communication devices have the function of displaying the identity of the calling party. For example, the mobile phone displays the telephone number of the calling party when receiving the incoming call. In this way, when the user communicates using the communication device, the identity of the utterer's identity code can be used to initially determine the identity.

然隨著科技之發展,目前已有技術可直接變造發話方之身份辨識碼,或者,發話方亦可透過不正當之管道,利用非本身所具有之身份辨識碼進行通訊,因此,此種變造發話方身份辨識碼之方式,將容易被有心人士用於不法行為。舉例來說,現今常有不法集團,透過軟體操作之方式,直接於發話時竄改發話方之號碼,藉由透過假冒之身份進行通訊,以達成其目的;又或不法集團可透過與電信業者之不肖雇員合作之方式,間接於發話時竄改發話方之號碼,以達其身份假冒之目的,如此一來,受話端將無從得知發話方實際上係不法集團所假冒,進而受到錯誤之引導。 However, with the development of technology, the existing technology can directly change the identity code of the Talker, or the Talker can use the illegitimate channel to communicate with the identity code that is not owned by itself. The way of changing the identity of the Talker will be easily used by those who are interested in the wrongful act. For example, there are often unscrupulous groups that use software to directly tamper with the number of the calling party when they speak, to communicate through the identity of the counterfeit to achieve their purpose; or the illegal group can communicate with the telecommunications operators. In a way that the employees do not cooperate, they indirectly change the number of the calling party when they speak, in order to achieve their purpose of counterfeiting. As a result, the receiving end will have no way of knowing that the uttering party is actually impersonating the unscrupulous group and is thus guided by mistakes.

有鑑於此,如何避免有心人士利用竄改發話方之身份辨識碼以達成其詐欺目的,乃業界亟需努力之目標。 In view of this, how to avoid the use of tampering with the identity code of the whistle-blower to achieve its fraudulent purpose is an urgent need of the industry.

為解決前述問題,本發明提供了一種通話系統及及其通話認證方法,其主要係由通話系統之受話設備,透過公正建立之認證通道確認通話系統之發話設備之合法性,並據以進行通訊。 In order to solve the foregoing problems, the present invention provides a call system and a call authentication method thereof, which are mainly used by a call device of a call system to confirm the legitimacy of a call device of a call system through a fair establishment authentication channel, and to perform communication according to the present invention. .

為完成前述目的,本發明提供了一種通話系統。通話系統包含發話設備及受話設備。發話設備利用識別碼與受話設備建立通訊頻道,並同時建立認證通道。發話設備透過認證通道,傳送與識別碼相對應之認證資料至受話設備。受話設備透過認證資料確認發話設備係為合法通話設備,並透過通訊頻道與受話設備交換通訊資料。 To accomplish the foregoing objects, the present invention provides a call system. The calling system includes a calling device and a receiving device. The calling device establishes a communication channel with the receiving device by using the identification code, and simultaneously establishes an authentication channel. The calling device transmits the authentication data corresponding to the identification code to the receiving device through the authentication channel. The receiving device confirms that the calling device is a legitimate calling device through the authentication data, and exchanges communication materials with the receiving device through the communication channel.

為完成前述目的,本發明更提供了一種用於前述通話系統之通話認證方法。通話系統包含發話設備以及受話設備。通話認證方法包含下列步驟:(a)令發話設備利用識別碼與受話設備建立通訊頻道;(b)令發話設備於步驟(a)後,與受話設備建立認證通道;(c)令發話設備透過認證通道,傳送與識別碼相對應之認證資料至受話設備;(d)令受話設備透過認證資料確認發話設備係為合法通話設備;(e)令受話設備於步驟(d)後,透過通訊頻道與受話設備交換通訊資料。 To accomplish the foregoing objects, the present invention further provides a call authentication method for the aforementioned call system. The calling system includes a calling device and a receiving device. The call authentication method includes the following steps: (a) causing the calling device to establish a communication channel with the receiving device by using the identification code; (b) causing the calling device to establish an authentication channel with the receiving device after step (a); (c) causing the calling device to pass through The authentication channel transmits the authentication data corresponding to the identification code to the receiving device; (d) the receiving device confirms that the calling device is a legitimate calling device through the authentication data; (e) causes the receiving device to pass the communication channel after step (d) Exchange communication data with the receiving device.

透過上述所揭露之技術特徵,本發明之通話系統及其通話認證方法,主要係透過額外建立之認證通道傳送認證資料,使受話設備得以查驗發話設備之合法性。如此一來,則可避免有心人士利用竄改識別碼之方式進行不法之行為。在參閱圖式及隨後描述之實施方式後,此技術領域具有通常知識者便可瞭解本發明之其他目的,以及本發明之技術手段及實施態樣。 Through the above-mentioned technical features, the call system and the call authentication method of the present invention mainly transmit authentication data through an additionally established authentication channel, so that the called device can check the legality of the calling device. In this way, it is possible to prevent the intentional person from using the tampering identification code to conduct illegal activities. Other objects of the present invention, as well as the technical means and implementations of the present invention, will be apparent to those skilled in the art in view of the appended claims.

以下將透過實施例來解釋本發明內容。然而,本發明的實施例並非用以限制本發明需在如實施例所述之任何環境、應用或方式方能實施。因此,關於實施例之說明僅為闡釋本發明之目的,而非用以直接限制本發明。需說明者,以下實施例及圖示中,與本發明非直接相關之元件已省略而未繪示。 The contents of the present invention will be explained below by way of examples. However, the embodiments of the present invention are not intended to limit the invention to any environment, application, or manner as described in the embodiments. Therefore, the description of the embodiments is merely illustrative of the invention and is not intended to limit the invention. It should be noted that in the following embodiments and illustrations, elements that are not directly related to the present invention have been omitted and are not shown.

請參考第1圖,其為本發明之一通話系統1之示意圖。通話系統1包含具有一識別碼110之一發話設備11以及一受話設備13。需特別說明,發話設備11與受話設備13可為同時具有一般通訊功能以及網路通訊功能之裝置(例如智慧型手機);或者,發話設備11與受話設備13可為一般電信通話設備(例如家用電話),而其可與具有網路通訊功能之裝備協作。其中,當發話設備為一般手機或電話時,識別碼110即為發話設備11之電話號碼。然而,前述內容並非用以限制本發明之實施態樣。元件間之互動將於下文中予以進一步闡述。 Please refer to FIG. 1, which is a schematic diagram of a communication system 1 of the present invention. The call system 1 includes a calling device 11 having an identification code 110 and a receiving device 13. It should be specifically noted that the calling device 11 and the receiving device 13 may be devices having both a general communication function and a network communication function (for example, a smart phone); or, the calling device 11 and the receiving device 13 may be general telecommunication devices (for example, households). Phone), which can work with equipment with network communication capabilities. Wherein, when the calling device is a general mobile phone or a telephone, the identification code 110 is the telephone number of the calling device 11. However, the foregoing is not intended to limit the implementation of the invention. The interaction between components will be further elaborated below.

首先,發話設備11準備與受話設備13進行一般通話通訊,因此,發話設備11需利用其本身具有之識別碼110,與受話設備13建立一通訊頻道10(如電信通訊頻道)。隨即,在發話設備11與受話設備13進行通話前,發話設備11與受話設備13間需另外建立一認證通道12(如網際網路連線),用以進行通話合法性之確認。 First, the calling device 11 is ready to perform general call communication with the receiving device 13. Therefore, the calling device 11 needs to use its own identification code 110 to establish a communication channel 10 (such as a telecommunication communication channel) with the receiving device 13. Then, before the calling device 11 and the receiving device 13 make a call, an authentication channel 12 (such as an Internet connection) needs to be additionally established between the calling device 11 and the receiving device 13 for confirming the legality of the call.

進一步來說,發話設備11透過認證通道12,將與識別碼110相應之一認證資料112(如發話設備之辨識碼)以可認證之方式傳送至受話設備13。接著,受話設備13比對發話設備11之識別碼110 與認證資料112之內容是否互相對應。若比對結果為正確,代表發話設備11係為合法設備,則受話設備13接受發話設備11之通話請求,並透過通訊頻道10與發話設備11交換通訊資料(如語音資料)。反之,若比對結果為錯誤,代表發話設備11可能具惡意性質,則受話設備13拒絕發話設備11之通話請求。 Further, the calling device 11 transmits the authentication data 112 (such as the identification code of the calling device) corresponding to the identification code 110 to the receiving device 13 in an identifiable manner through the authentication channel 12. Next, the receiving device 13 compares the identification code 110 of the calling device 11 Whether the contents of the authentication material 112 correspond to each other. If the comparison result is correct, and the representative device 11 is a legitimate device, the receiving device 13 accepts the call request of the calling device 11 and exchanges communication materials (such as voice data) with the calling device 11 through the communication channel 10. On the other hand, if the result of the comparison is an error, indicating that the calling device 11 may be malicious, the receiving device 13 rejects the call request of the calling device 11.

需特別說明者,認證資料除了用以進行身份比對之發話設備之識別碼外,更可以包含附加之資訊,例如受話設備之辨識碼,或是時效性訊息。其中,時效性訊息可用以限制認證資料傳送之即時性,換言之,若受話設備所接收之認證資料中,判斷時效性訊息已超過規定之處理時間,則受話設備將可拒絕發話設備之通訊請求,以增加發話設備合法性判斷之可靠性。 In particular, the authentication data may include additional information, such as the identification code of the called device, or the time-sensitive information, in addition to the identification code of the device for identity comparison. The time-sensitive information can be used to limit the immediacy of the authentication data transmission. In other words, if the time-sensitive information in the authentication data received by the receiving device exceeds the specified processing time, the receiving device can reject the communication request of the calling device. To increase the reliability of the legality of the calling device.

請參考第2圖,其為本發明之一通話系統2之示意圖。其中,須特別說明者,第二實施例中與先前實施例之系統架構及網絡連接環境相同,因此符號相同之元件功能亦同,於此不再贅述。而第二實施例與先前實施例之差異在於,第二實施例進一步詳述如何利用金鑰架構完成認證之過程。 Please refer to FIG. 2, which is a schematic diagram of a communication system 2 of the present invention. In the second embodiment, the system architecture and the network connection environment of the previous embodiment are the same, and therefore the functions of the components having the same symbols are the same, and details are not described herein again. The difference between the second embodiment and the previous embodiment is that the second embodiment further details how to complete the authentication process using the key structure.

同樣地,於第二實施例中,發話設備11準備與受話設備13進行一般通話通訊,因此,發話設備11需利用其本身具有之識別碼110,與受話設備13建立通訊頻道10。隨即,在發話設備11與受話設備13進行通話前,發話設備11與受話設備13間需另外建立認證通道12,用以進行通話合法性之確認。 Similarly, in the second embodiment, the calling device 11 is prepared to perform general call communication with the called device 13, and therefore, the calling device 11 needs to establish the communication channel 10 with the receiving device 13 by using the identification code 110 itself. Then, before the calling device 11 and the receiving device 13 make a call, an authentication channel 12 needs to be additionally established between the calling device 11 and the receiving device 13 for confirming the legality of the call.

接著,發話設備11利用一發話設備私鑰(未繪示)將認證資料112加密成一加密認證資料114,並將加密認證資料114透過認證 通道12傳送至受話設備13。隨後,受話設備13便利用相對於該發話設備私鑰之一發話設備公鑰(未繪示),將加密認證資料114解密為認證資料112,如此一來,受話設備13同樣可透過比對發話設備11之識別碼110與認證資料112是否互相對應之方式,完成發話設備11合法性之確認。 Next, the calling device 11 encrypts the authentication data 112 into an encrypted authentication data 114 by using a calling device private key (not shown), and passes the encrypted authentication data 114 through authentication. The channel 12 is transmitted to the called device 13. Then, the receiving device 13 facilitates decrypting the encrypted authentication data 114 into the authentication data 112 with respect to the public key (not shown) of the calling device private key, so that the receiving device 13 can also perform the speaking through the comparison. The identification of the authenticity of the calling device 11 is completed in such a manner that the identification code 110 of the device 11 and the authentication data 112 correspond to each other.

舉例來說,假設有惡意設備欲以發話設備之識別碼冒充發話設備與受話設備進行通訊,其最多僅能透過發話設備公鑰得知認證資料之內容,而並無法假造傳送之認證資料。更進一步來說,在惡意設備不具有發話設備私鑰之情況下,其透過認證通道傳送至受話設備之認證資料,將無法被受話設備利用發話設備之公鑰正確地解密,如此一來,其認證之過程確係安全可靠。其中,由於非對稱式金鑰技術之使用為習知技術,於此不再贅述。 For example, suppose that a malicious device wants to use the identification code of the calling device to pretend that the calling device communicates with the receiving device, and at most, the content of the authentication data can be known only through the public key of the calling device, and the transmitted authentication data cannot be faked. Furthermore, in the case that the malicious device does not have the private key of the calling device, the authentication data transmitted to the receiving device through the authentication channel will not be correctly decrypted by the receiving device by using the public key of the calling device, and thus, The process of certification is safe and reliable. The use of the asymmetric keying technique is a conventional technique and will not be described herein.

另外,因前述之方式僅保證受話設備用以比對之認證資料之正確性,其並無法保證認證資料不被惡意設備擷取,據此,若使用者欲針對認證資料之內容作進一步之保護,其可透過雙層金鑰加密之方式完成。具體而言,發話設備11利用該發話設備私鑰將認證資料112加密成加密認證資料114後,更進一步地利用受話設備13之一受話設備公鑰(未繪示)將加密認證資料114加密成一進階加密資料116,並將進階加密資料116透過認證通道12傳送至受話設備13。 In addition, because the foregoing method only guarantees the correctness of the authentication data used by the receiving device, it cannot guarantee that the authentication data is not captured by the malicious device, and accordingly, if the user wants to further protect the content of the authentication data. It can be done by double-layer key encryption. Specifically, after the utterance device 11 encrypts the authentication data 112 into the encrypted authentication data 114, the utterance device 11 further encrypts the encrypted authentication data 114 into one by using a receiving device public key (not shown) of the receiving device 13. The encrypted data 116 is advanced and the advanced encrypted data 116 is transmitted to the receiving device 13 through the authentication channel 12.

隨後,受話設備13先利用相對於該受話設備公鑰之一受話設備私鑰(未繪示),將進階加密資料116解密為加密認證資料114,再利用相對於該發話設備私鑰之該發話設備公鑰,將加密認證資 料114解密為認證資料112,如此一來,受話設備13同樣可透過比對發話設備11之識別碼110與認證資料112是否互相對應之方式,完成發話設備11合法性之確認,且在惡意設備不具有受話設備私鑰之情況下,其亦無法得知認證資料112之內容,且無法假造認證資料。 Then, the receiving device 13 first decrypts the advanced encrypted data 116 into the encrypted authentication data 114 with respect to the receiving device private key (not shown) with respect to the receiving device public key, and then uses the private key relative to the calling device. The public key of the calling device will be encrypted and certified. The material 114 is decrypted into the authentication material 112. In this way, the receiving device 13 can also confirm the legality of the calling device 11 by comparing the identification code 110 of the calling device 11 with the authentication data 112, and the malicious device is confirmed. If the private key of the called device is not available, the content of the authentication material 112 cannot be known, and the authentication data cannot be faked.

請參考第3圖,其為本發明之一通話系統3之示意圖。同樣地,第三實施例中與先前實施例之系統架構及網絡連接環境相同,因此符號相同之元件功能亦同,於此不再贅述。而第三實施例與先前實施例之差異在於,第三實施例進一步利用第三方伺服器完成認證之過程。 Please refer to FIG. 3, which is a schematic diagram of a communication system 3 of the present invention. Similarly, in the third embodiment, the system architecture and the network connection environment of the previous embodiment are the same, and therefore the functions of the components having the same symbols are the same, and details are not described herein again. The difference between the third embodiment and the previous embodiment is that the third embodiment further utilizes a third-party server to complete the authentication process.

具體而言,發話設備11先利用識別碼110向一伺服器6註冊,以自伺服器6獲得對稱式之一發話設備密鑰(未繪示)。接著,類似地,發話設備11準備與受話設備13進行一般通話通訊,因此,發話設備11需利用其本身具有之識別碼110,與受話設備13建立通訊頻道10。隨即,在發話設備11與受話設備13進行通話前,發話設備11透過伺服器6與受話設備13間需建立認證通道12,用以進行通話合法性之確認。 Specifically, the calling device 11 first registers with a server 6 using the identification code 110 to obtain a symmetric calling device key (not shown) from the server 6. Next, similarly, the calling device 11 is ready to perform general call communication with the called device 13, and therefore, the calling device 11 needs to establish the communication channel 10 with the receiving device 13 by using the identification code 110 itself. Then, before the calling device 11 and the receiving device 13 make a call, the calling device 11 needs to establish an authentication channel 12 between the server 6 and the receiving device 13 for confirming the legality of the call.

接著,發話設備11利用該發話設備密鑰將認證資料112加密成一第一加密認證資料118,並將第一加密認證資料118透過認證通道12傳送至伺服器6。因此,伺服器6便可利用該發話設備密鑰將第一加密認證資料118解密為認證資料112。隨後,伺服器6再利用一伺服器私鑰(未繪示)將認證資料112加密為一第二加密認證資料120,並透過認證通道12將其傳送至受話設備13。 Then, the calling device 11 encrypts the authentication data 112 into a first encrypted authentication data 118 by using the calling device key, and transmits the first encrypted authentication data 118 to the server 6 through the authentication channel 12. Therefore, the server 6 can decrypt the first encrypted authentication material 118 into the authentication material 112 by using the calling device key. Subsequently, the server 6 encrypts the authentication material 112 into a second encrypted authentication material 120 by using a server private key (not shown), and transmits it to the receiving device 13 through the authentication channel 12.

據此,受話設備13於透過認證通道12,自伺服器6接收第二加密認證資料120後,便利用相對於該伺服器私鑰之一伺服器公鑰(未繪示),將第二加密認證資料120解密成認證資料112,並同樣透過比對發話設備11之識別碼110與認證資料112是否互相對應之方式,完成發話設備11合法性之確認。須特別說明者,比對之過程以及金鑰之使用範例已於前述實施例中說明,因此不再贅述。 Accordingly, after receiving the second encrypted authentication data 120 from the server 6, the receiving device 13 facilitates the second encryption by using a server public key (not shown) relative to the server private key. The authentication data 120 is decrypted into the authentication data 112, and the validity of the utterance device 11 is confirmed by comparing the identification code 110 of the utterance device 11 with the authentication data 112. It should be noted that the process of comparison and the use of the key are described in the foregoing embodiments, and therefore will not be described again.

如此一來,透過第三方伺服器之方式同樣可完成認證之過程,並加強認證之可靠性。然同樣地,由於第三實施例之方式僅保證受話設備用以比對之認證資料之正確性,其並無法保證認證資料自伺服器傳送至受話設備途中不被惡意設備擷取並解碼,據此,若使用者欲針對認證資料之內容作進一步之保護,其亦可透過雙層金鑰加密之方式完成。 In this way, the certification process can also be completed through the third-party server, and the reliability of the certification is enhanced. Similarly, since the manner of the third embodiment only guarantees the correctness of the authentication data used by the receiving device, it cannot guarantee that the authentication data is not captured and decoded by the malicious device from the server to the receiving device. Therefore, if the user wants to further protect the content of the authentication data, it can also be completed by double-layer key encryption.

具體而言,發話設備11同樣先利用該發話設備密鑰將認證資料112加密成第一加密認證資料118,並將第一加密認證資料118透過認證通道12傳送至伺服器6。其中,由於此處採用對稱式密鑰,因此,此過程並無資料內容外洩之疑慮。隨後,伺服器6利用該發話設備密鑰將第一加密認證資料118解密為認證資料112。接著,伺服器6先利用該伺服器私鑰將認證資料112加密為第二加密認證資料120,再利用一受話設備公鑰(未繪示)將第二加密認證資料120加密成一進階加密資料122,並透過認證通道12將其傳送至受話設備13。 Specifically, the calling device 11 first encrypts the authentication data 112 into the first encrypted authentication data 118 by using the calling device key, and transmits the first encrypted authentication data 118 to the server 6 through the authentication channel 12. Among them, since the symmetric key is used here, there is no doubt about the leakage of the data in this process. Subsequently, the server 6 decrypts the first encrypted authentication material 118 into the authentication material 112 using the calling device key. Then, the server 6 first encrypts the authentication data 112 into the second encrypted authentication data 120 by using the server private key, and then encrypts the second encrypted authentication data 120 into an advanced encrypted data by using a receiving device public key (not shown). 122, and transmits it to the receiving device 13 through the authentication channel 12.

據此,受話設備13透過認證通道12自伺服器6接收進階加密 資料122後,便可利用相對於該受話設備公鑰之一受話設備私鑰(未繪示),將進階加密資料122解密成第二加密認證資料120,再利用相對於該伺服器私鑰之一伺服器公鑰(未繪示)將第二加密認證資料120解密為認證資料112,並同樣透過比對發話設備11之識別碼110與認證資料112是否互相對應之方式,完成發話設備11合法性之確認。同樣地,在惡意設備不具有發話設備密鑰以及受話設備私鑰之情況下,其亦無法得知認證資料之內容,並無法假造認證資料。 Accordingly, the receiving device 13 receives the advanced encryption from the server 6 through the authentication channel 12. After the data 122, the advanced encrypted data 122 can be decrypted into the second encrypted authentication data 120 by using a private key (not shown) of the receiving device public key, and then the server private key is used. The server public key (not shown) decrypts the second encrypted authentication data 120 into the authentication data 112, and also completes the calling device 11 by comparing the identification code 110 of the calling device 11 with the authentication data 112. Confirmation of legality. Similarly, in the case where the malicious device does not have the calling device key and the receiving device private key, the content of the authentication data cannot be known, and the authentication data cannot be faked.

本發明之一第四實施例係為一通話認證方法,其流程圖請參考第4圖。此通話認證方法適用於一通話系統(例如前述實施例之通話系統1)。該通話系統包含具有一識別碼之一發話設備以及一受話設備。該通話認證方法之詳細步驟如下所述。 A fourth embodiment of the present invention is a call authentication method, and a flowchart thereof is referred to FIG. This call authentication method is applicable to a call system (for example, the call system 1 of the foregoing embodiment). The calling system includes a calling device having an identification code and a receiving device. The detailed steps of the call authentication method are as follows.

首先,執行步驟401,令該發話設備利用該識別碼與該受話設備建立一通訊頻道。接著,執行步驟402,令該發話設備與該受話設備建立一認證通道。執行步驟403,令該發話設備透過該認證通道,傳送與該識別碼相對應之一認證資料至該受話設備。隨即,執行步驟404,令該受話設備透過該認證資料確認該發話設備係為合法通話設備。最後,執行步驟405,令該發話設備透過該通訊頻道與該受話設備交換通訊資料。 First, step 401 is executed to enable the calling device to establish a communication channel with the receiving device by using the identification code. Then, step 402 is executed to enable the calling device to establish an authentication channel with the called device. Step 403 is executed to enable the calling device to transmit the authentication data corresponding to the identification code to the receiving device through the authentication channel. Then, step 404 is executed to enable the receiving device to confirm that the calling device is a legitimate calling device through the authentication data. Finally, step 405 is executed to enable the calling device to exchange communication materials with the called device through the communication channel.

本發明之一第五實施例係為一通話認證方法,其流程圖請參考第5圖。此通話認證方法適用於一通話系統(例如前述實施例之通話系統2)。該通話系統包含具有一識別碼之一發話設備以及一受話設備。該通話認證方法之詳細步驟如下所述。 A fifth embodiment of the present invention is a call authentication method, and the flowchart thereof is referred to FIG. This call authentication method is applicable to a call system (for example, the call system 2 of the foregoing embodiment). The calling system includes a calling device having an identification code and a receiving device. The detailed steps of the call authentication method are as follows.

首先,執行步驟501,令該發話設備利用該識別碼與該受話設備建立一通訊頻道。接著,執行步驟502,令該發話設備與該受話設備建立一認證通道。執行步驟503,令該發話設備利用一發話設備私鑰,將一認證資料加密成一加密認證資料。執行步驟504,令該發話設備透過該認證通道,將該加密認證資料傳送至該受話設備。隨即,執行步驟505,令該受話設備利用一發話設備公鑰,將該加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。最後,執行步驟506,令該發話設備透過該通訊頻道與該受話設備交換通訊資料。 First, step 501 is executed to enable the calling device to establish a communication channel with the receiving device by using the identification code. Then, step 502 is executed to enable the calling device to establish an authentication channel with the called device. Step 503 is executed to enable the calling device to encrypt an authentication data into an encrypted authentication data by using a private device key. Step 504 is executed to enable the calling device to transmit the encrypted authentication data to the receiving device through the authentication channel. Then, step 505 is executed to enable the receiving device to decrypt the encrypted authentication data into the authentication data by using a public device key to confirm that the calling device is a legitimate calling device. Finally, step 506 is executed to enable the calling device to exchange communication data with the called device through the communication channel.

同樣地,實施例五之方式僅保證受話設備用以比對之認證資料之正確性,其並無法保證認證資料不被惡意設備擷取,據此,若使用者欲針對認證資料之內容作進一步之保護,其可透過雙層金鑰加密之方式完成。 Similarly, the method of the fifth embodiment only guarantees the correctness of the authentication data used by the called device, and the authentication data cannot be ensured that the authentication data is not captured by the malicious device. Therefore, if the user wants to further the content of the authentication data, Protection, which can be done by double-layer key encryption.

請接著參考第6圖,其為本發明之一第六實施例之一通話認證方法之流程圖。此通話認證方法適用於一通話系統(例如前述實施例之通話系統2)。該通話系統包含具有一識別碼之一發話設備以及一受話設備。該通話認證方法之詳細步驟如下所述。 Please refer to FIG. 6, which is a flowchart of a call authentication method according to a sixth embodiment of the present invention. This call authentication method is applicable to a call system (for example, the call system 2 of the foregoing embodiment). The calling system includes a calling device having an identification code and a receiving device. The detailed steps of the call authentication method are as follows.

首先,執行步驟601,令該發話設備利用該識別碼與該受話設備建立一通訊頻道。接著,執行步驟602,令該發話設備與該受話設備建立一認證通道。執行步驟603,令該發話設備利用該發話設備私鑰將該認證資料加密成該加密認證資料。隨後執行步驟604,令該發話設備利用一受話設備公鑰,將該加密認證資料加密成一進階加密資料。 First, step 601 is executed to enable the calling device to establish a communication channel with the receiving device by using the identification code. Then, step 602 is executed to enable the calling device to establish an authentication channel with the called device. Step 603 is executed to enable the calling device to encrypt the authentication data into the encrypted authentication data by using the calling device private key. Then, step 604 is executed to enable the calling device to encrypt the encrypted authentication data into an advanced encrypted data by using a public key of the called device.

執行步驟605,令該發話設備透過該認證通道,將該進階加密資料傳送至該受話設備。執行步驟606,令該受話設備利用一受話設備私鑰,將該進階加密資料解密為該加密認證資料。執行步驟607,令該受話設備利用一發話設備公鑰,將該加密認證資料解密為該認證資料,以確認該發話設備係合法通化設備。最後,執行步驟608,令該發話設備透過該通訊頻道與該受話設備交換通訊資料。同樣地,在惡意設備不具有該受話設備私鑰之情況下,其亦無法得知該認證資料之內容。 Step 605 is executed to enable the calling device to transmit the advanced encrypted data to the receiving device through the authentication channel. Step 606 is executed to enable the receiving device to decrypt the advanced encrypted data into the encrypted authentication data by using a receiving device private key. Step 607 is executed to enable the receiving device to decrypt the encrypted authentication data into the authentication data by using a public device of the calling device to confirm that the calling device is a legalized device. Finally, step 608 is executed to enable the calling device to exchange communication materials with the called device through the communication channel. Similarly, if the malicious device does not have the private key of the called device, it cannot know the content of the authentication data.

本發明之一第七實施例係為一通話認證方法,其流程圖請參考第7圖。此通話認證方法適用於一通話系統(例如前述實施例之通話系統3)。該通話系統包含具有一識別碼之一發話設備以及一受話設備。該通話認證方法之詳細步驟如下所述。 A seventh embodiment of the present invention is a call authentication method, and a flowchart thereof is referred to FIG. This call authentication method is applicable to a call system (for example, the call system 3 of the foregoing embodiment). The calling system includes a calling device having an identification code and a receiving device. The detailed steps of the call authentication method are as follows.

首先,執行步驟701,令該發話設備利用該識別碼向一伺服器註冊,以獲得一發話設備密鑰。執行步驟702,令該發話設備利用該識別碼與該受話設備建立一通訊頻道。接著,執行步驟703,令該發話設備透過該伺服器與該受話設備建立一認證通道。接著,執行步驟704,令該發話設備利用該發話設備密鑰,將該認證資料加密成一第一加密認證資料。執行步驟705,令該發話設備透過該認證通道傳送該第一加密認證資料至該伺服器。 First, step 701 is executed to enable the calling device to register with a server by using the identification code to obtain a calling device key. Step 702 is executed to enable the calling device to establish a communication channel with the receiving device by using the identification code. Then, step 703 is executed to enable the calling device to establish an authentication channel with the receiving device through the server. Next, step 704 is executed to enable the calling device to encrypt the authentication data into a first encrypted authentication data by using the calling device key. Step 705 is executed to enable the calling device to transmit the first encrypted authentication data to the server through the authentication channel.

據此,該伺服器便可利用該發話設備密鑰將該第一加密認證資料解密為該認證資料,並利用一伺服器私鑰將該認證資料加密為一第二加密認證資料。執行步驟706,令該受話設備透過該認證通道自該伺服器接收該第二加密認證資料。執行步驟707,令該受話 設備利用一伺服器公鑰將該第二加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。執行步驟708,令該發話設備透過該通訊頻道與該受話設備交換通訊資料。 According to this, the server can decrypt the first encrypted authentication data into the authentication data by using the calling device key, and encrypt the authentication data into a second encrypted authentication data by using a server private key. Step 706 is executed to enable the receiving device to receive the second encrypted authentication data from the server through the authentication channel. Perform step 707 to make the call The device decrypts the second encrypted authentication data into the authentication data by using a server public key to confirm that the calling device is a legitimate calling device. Step 708 is executed to enable the calling device to exchange communication data with the called device through the communication channel.

類似地,實施例七之方式僅保證受話設備用以比對之認證資料之正確性,其並無法保證認證資料不被惡意設備擷取,據此,若使用者欲針對認證資料之內容作進一步之保護,其可透過雙層金鑰加密之方式完成。 Similarly, the method of the seventh embodiment only guarantees the correctness of the authentication data used by the receiving device, and the authentication data cannot be ensured that the authentication data is not captured by the malicious device. Therefore, if the user wants to further the content of the authentication data, Protection, which can be done by double-layer key encryption.

請接著參考第8圖,其為本發明之一第八實施例之一通話認證方法之流程圖。此通話認證方法適用於一通話系統(例如前述實施例之通話系統3)。該通話系統包含具有一識別碼之一發話設備以及一受話設備。該通話認證方法之詳細步驟如下所述。 Please refer to FIG. 8, which is a flowchart of a call authentication method according to an eighth embodiment of the present invention. This call authentication method is applicable to a call system (for example, the call system 3 of the foregoing embodiment). The calling system includes a calling device having an identification code and a receiving device. The detailed steps of the call authentication method are as follows.

首先,執行步驟801,令該發話設備利用該識別碼向一伺服器註冊,以獲得一發話設備密鑰。執行步驟802,令該發話設備利用該識別碼與該受話設備建立一通訊頻道。接著,執行步驟803,令該發話設備透過該伺服器與該受話設備建立一認證通道。接著,執行步驟804,令該發話設備利用該發話設備密鑰,將該認證資料加密成一第一加密認證資料。執行步驟805,令該發話設備透過該認證通道傳送該第一加密認證資料至該伺服器。 First, step 801 is executed to enable the calling device to register with a server by using the identification code to obtain a calling device key. Step 802 is executed to enable the calling device to establish a communication channel with the receiving device by using the identification code. Then, step 803 is executed to enable the calling device to establish an authentication channel with the receiving device through the server. Next, step 804 is executed to enable the calling device to encrypt the authentication data into a first encrypted authentication data by using the calling device key. Step 805 is executed to enable the calling device to transmit the first encrypted authentication data to the server through the authentication channel.

據此,該伺服器便可利用該發話設備密鑰將該第一加密認證資料解密為該認證資料,並於利用一伺服器私鑰將該認證資料加密為一第二加密認證資料後,再利用一受話設備公鑰將該第二加密認證資料加密為一進階加密資料。執行步驟806,令該受話設備透過該認證通道自該伺服器接收該進階加密資料。 According to this, the server can decrypt the first encrypted authentication data into the authentication data by using the calling device key, and encrypt the authentication data into a second encrypted authentication data by using a server private key, and then The second encrypted authentication data is encrypted into an advanced encrypted data by using a public device public key. Step 806 is executed to enable the receiving device to receive the advanced encrypted data from the server through the authentication channel.

執行步驟807,令該受話設備利用一受話設備私鑰將該進階加密資料解密為該第二加密認證資料。執行步驟808,令該受話設備利用一伺服器公鑰將該第二加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。執行步驟809,令該發話設備透過該通訊頻道與該受話設備交換通訊資料。同樣地,在惡意設備不具有發話設備密鑰以及受話設備私鑰之情況下,其亦無法得知認證資料之內容。 Step 807 is executed to enable the receiving device to decrypt the advanced encrypted data into the second encrypted authentication data by using a receiving device private key. Step 808 is executed to enable the receiving device to decrypt the second encrypted authentication data into the authentication data by using a server public key to confirm that the calling device is a legitimate calling device. Step 809 is executed to enable the calling device to exchange communication data with the called device through the communication channel. Similarly, in the case where the malicious device does not have the calling device key and the receiving device private key, it cannot know the contents of the authentication data.

綜上所述,本發明之通話系統及通話認證方法藉由發話設備與受話設備間認證通道的建立,並以透過認證通道傳送認證資料的方式,對發話設備的合法性進行認證,並進一步通知受話設備之使用者,如此一來,受話設備之使用者便可知道發話設備之合法性,進一步降低使用者遭受詐騙的機率。 In summary, the call system and the call authentication method of the present invention authenticate the legality of the calling device by means of establishing an authentication channel between the calling device and the receiving device, and transmitting the authentication data through the authentication channel, and further notifying As a user of the device, the user of the device can know the legitimacy of the device and further reduce the chance of the user being defrauded.

惟上述實施例僅為例示性說明本發明之實施態樣,以及闡釋本發明之技術特徵,並非用來限制本發明之保護範疇。任何熟悉此技藝之人士可輕易完成之改變或均等性之安排均屬於本發明所主張之範圍,本發明之權利保護範圍應以申請專利範圍為準。 The above-described embodiments are merely illustrative of the embodiments of the present invention and the technical features of the present invention are not intended to limit the scope of the present invention. It is intended that any changes or equivalents of the invention may be made by those skilled in the art. The scope of the invention should be determined by the scope of the claims.

1、2、3‧‧‧通話系統 1, 2, 3 ‧ ‧ call system

10‧‧‧通訊頻道 10‧‧‧Communication channel

11‧‧‧發話設備 11‧‧‧Speaking equipment

12‧‧‧認證通道 12‧‧‧ Certification Channel

13‧‧‧受話設備 13‧‧‧Receiving equipment

112‧‧‧認證資料 112‧‧‧Certificate information

114‧‧‧加密認證資料 114‧‧‧Encrypted authentication materials

116、122‧‧‧進階加密資料 116, 122‧‧‧ Advanced Encrypted Data

118‧‧‧第一加密認證資料 118‧‧‧First Encrypted Authentication Information

120‧‧‧第二加密認證資料 120‧‧‧Second Encrypted Authentication Materials

第1圖係本發明之第一實施例之通話系統之示意圖;第2圖係本發明之第二實施例之通話系統之示意圖;第3圖係本發明之第三實施例之通話系統之示意圖;第4圖係本發明之第四實施例之通話認證方法之流程圖;第5圖係本發明之第五實施例之通話認證方法之流程圖;第6圖係本發明之第六實施例之通話認證方法之流程圖; 第7圖係本發明之第七實施例之通話認證方法之流程圖;以及第8圖係本發明之第八實施例之通話認證方法之流程圖。 1 is a schematic diagram of a communication system according to a first embodiment of the present invention; FIG. 2 is a schematic diagram of a communication system according to a second embodiment of the present invention; and FIG. 3 is a schematic diagram of a communication system according to a third embodiment of the present invention; 4 is a flowchart of a call authentication method according to a fourth embodiment of the present invention; FIG. 5 is a flowchart of a call authentication method according to a fifth embodiment of the present invention; and FIG. 6 is a sixth embodiment of the present invention; Flow chart of the call authentication method; Fig. 7 is a flow chart showing a call authentication method of a seventh embodiment of the present invention; and Fig. 8 is a flow chart showing a call authentication method of the eighth embodiment of the present invention.

Claims (12)

一種用於一通話系統之通話認證方法,該通話系統包含一發話設備以及一受話設備,該發話設備具有一識別碼,該通話認證方法包含下列步驟:(a)令該發話設備利用該識別碼與該受話設備建立一通訊頻道,該通訊頻道係電信通訊頻道;(b)令該發話設備於步驟(a)後,與該受話設備建立一認證通道,該認證通道係網際網路通道;(c)令該發話設備透過該認證通道,傳送與該識別碼相對應之一認證資料至該受話設備;(d)令該受話設備透過該認證資料確認該發話設備係為合法通話設備;(e)令該發話設備於步驟(d)後,透過該通訊頻道與該受話設備交換一通訊資料,該通訊資料係電信語音資料。 A call authentication method for a call system, the call system comprising a calling device and a receiving device, the calling device having an identification code, the call authentication method comprising the following steps: (a) causing the calling device to use the identification code Establishing a communication channel with the receiving device, the communication channel is a telecommunication communication channel; (b) causing the calling device to establish an authentication channel with the receiving device after the step (a), the authentication channel is an internet channel; c) causing the calling device to transmit one of the authentication data corresponding to the identification code to the receiving device through the authentication channel; (d) having the receiving device confirm that the calling device is a legitimate calling device through the authentication data; After the step (d), the calling device exchanges a communication data with the receiving device through the communication channel, and the communication data is telecommunication voice data. 如請求1所述之通話認證方法,其中,步驟(c)更包含下列步驟:(c1)令該發話設備利用一發話設備私鑰,將該認證資料加密成一加密認證資料;(c2)令該發話設備透過該認證通道,將該加密認證資料傳送至該受話設備;其中,步驟(d)更包含:(d1)令該受話設備利用一發話設備公鑰,將該加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。 The call authentication method of claim 1, wherein the step (c) further comprises the steps of: (c1) causing the calling device to encrypt the authentication data into an encrypted authentication data by using a private device key; (c2) The calling device transmits the encrypted authentication data to the receiving device through the authentication channel. The step (d) further includes: (d1) causing the receiving device to decrypt the encrypted authentication data into the authentication by using a public device public key. Information to confirm that the calling device is a legitimate calling device. 如請求項1所述之通話認證方法,其中,步驟(c)更包含下列步驟:(c1)令該發話設備利用一發話設備私鑰,將該認證資料加密成一加密認證資料;(c2)令該發話設備利用一受話設備公鑰,將該加密認證資料加密成一進階加密資料;(c3)令該發話設備透過該認證通道,將該進階加密資料傳送至該受話設備;其中,步驟(d)更包含:(d1)令該受話設備利用一受話設備私鑰,將該進階加密資料解密為該加密認證資料;(d2)令該受話設備利用一發話設備公鑰,將該加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。 The call authentication method according to claim 1, wherein the step (c) further comprises the following steps: (c1) causing the calling device to encrypt the authentication data into an encrypted authentication data by using a private device key; (c2) The calling device encrypts the encrypted authentication data into an advanced encrypted data by using a public key of the called device; (c3) causing the calling device to transmit the advanced encrypted data to the receiving device through the authentication channel; wherein, the step ( d) further comprising: (d1) causing the called device to decrypt the advanced encrypted data into the encrypted authentication data by using a private key of the receiving device; (d2) causing the receiving device to authenticate the encrypted using a public key of the calling device The data is decrypted into the authentication material to confirm that the calling device is a legitimate calling device. 如請求項1所述之通話認證方法,其中,步驟(a)前更包含:(a1)令該發話設備利用該識別碼向一伺服器註冊,以獲得一發話設備密鑰;其中,該發話設備係透過該伺服器與該受話設備建立該認證通道。 The call authentication method of claim 1, wherein the step (a) further comprises: (a1) causing the calling device to register with a server by using the identification code to obtain a calling device key; wherein the calling message The device establishes the authentication channel with the called device through the server. 如請求項4所述之通話認證方法,其中,步驟(c)更包含下列步驟:(c1)令該發話設備利用該發話設備密鑰,將該認證資料加密成一第一加密認證資料;(c2)令該發話設備透過該認證通道傳送該第一加密認 證資料至該伺服器,俾該伺服器利用該發話設備密鑰將該第一加密認證資料解密為該認證資料,並利用一伺服器私鑰將該認證資料加密為一第二加密認證資料;其中,步驟(d)更包含下列步驟:(d1)令該受話設備透過該認證通道自該伺服器接收該第二加密認證資料;(d2)令該受話設備利用一伺服器公鑰將該第二加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。 The call authentication method of claim 4, wherein the step (c) further comprises the step of: (c1) causing the calling device to encrypt the authentication data into a first encrypted authentication data by using the calling device key; (c2) Causing the calling device to transmit the first encryption through the authentication channel Encrypting the data to the server, the server decrypting the first encrypted authentication data into the authentication data by using the calling device key, and encrypting the authentication data into a second encrypted authentication data by using a server private key; Wherein, step (d) further comprises the steps of: (d1) causing the called device to receive the second encrypted authentication data from the server through the authentication channel; (d2) causing the receiving device to utilize the server public key to The second encrypted authentication data is decrypted into the authentication data to confirm that the calling device is a legitimate calling device. 如請求項4所述之通話認證方法,其中,步驟(c)更包含下列步驟:(c1)令該發話設備利用該發話設備密鑰,將該認證資料加密成一第一加密認證資料;(c2)令該發話設備透過該認證通道傳送該第一加密認證資料至一伺服器,俾該伺服器利用該發話設備密鑰將該第一加密認證資料解密為該認證資料,並利用一伺服器私鑰將該認證資料加密為一第二加密認證資料,且利用一受話設備公鑰將該第二加密認證資料加密為一進階加密資料;其中,步驟(d)更包含:(d1)令該受話設備透過該認證通道自該伺服器接收該進階加密資料;(d2)令該受話設備利用一受話設備私鑰將該進階加密資料解密為該第二加密認證資料;(d3)令該受話設備利用一伺服器公鑰將該第二加密認 證資料解密為該認證資料,以確認該發話設備係為合法通話設備。 The call authentication method of claim 4, wherein the step (c) further comprises the step of: (c1) causing the calling device to encrypt the authentication data into a first encrypted authentication data by using the calling device key; (c2) Sending the first encrypted authentication data to the server through the authentication channel, the server decrypting the first encrypted authentication data into the authentication data by using the calling device key, and using a server private The key encrypts the authentication data into a second encrypted authentication data, and encrypts the second encrypted authentication data into an advanced encrypted data by using a public device public key; wherein, step (d) further comprises: (d1) Receiving, by the receiving device, the advanced encrypted data from the server through the authentication channel; (d2) causing the receiving device to decrypt the advanced encrypted data into the second encrypted authentication data by using a receiving device private key; (d3) The receiving device uses the server public key to identify the second encryption The certificate data is decrypted into the authentication material to confirm that the calling device is a legitimate calling device. 一種通話系統,包含:一發話設備,具有一識別碼;以及一受話設備;其中,該發話設備利用該識別碼與該受話設備建立一通訊頻道,該通訊頻道係電信通訊頻道,並同時建立一認證通道,該發話設備更透過該認證通道,該認證通道係網際網路通道,傳送與該識別碼相對應之一認證資料至該受話設備,該受話設備透過該認證資料確認該發話設備係為合法通話設備,並透過該通訊頻道與該受話設備交換一通訊資料,該通訊資料係電信語音資料。 A call system comprising: a calling device having an identification code; and a receiving device; wherein the calling device uses the identification code to establish a communication channel with the receiving device, the communication channel is a telecommunication communication channel, and simultaneously establishes a An authentication channel, wherein the calling device further passes the authentication channel, and the authentication channel is an internet channel, and transmits one authentication data corresponding to the identification code to the receiving device, and the receiving device confirms, by using the authentication data, the calling device is A legitimate telephone device, and exchanges a communication data with the called device through the communication channel, the communication data is a telecommunication voice data. 如請求項7之通話系統,其中,該發話設備更利用一發話設備私鑰,將該認證資料加密成一加密認證資料,並透過該認證通道,將該加密認證資料傳送至該受話設備,該受話設備更利用一發話設備公鑰,將該加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。 The call system of claim 7, wherein the calling device further encrypts the authentication data into an encrypted authentication data by using a private device key, and transmits the encrypted authentication data to the receiving device through the authentication channel, and the receiving device transmits the encrypted authentication data to the receiving device. The device further decrypts the encrypted authentication data into the authentication data by using a public key of the calling device to confirm that the calling device is a legitimate calling device. 如請求項7之通話系統,其中,該發話設備更利用一發話設備私鑰,將該認證資料加密成一加密認證資料,並利用一受話設備公鑰,將該加密認證資料加密成一進階加密資料,該發話設備更透過該認證通道,將該進階加密資料傳送至該受話設備,該受話設備更利用一受話設備私鑰,將該進階加密資料解密為該加密認證資料,並利用一發話設備公鑰,將該加密認證資料解密為該認證資料,以確認該發話設備係為合 法通話設備。 The call system of claim 7, wherein the calling device further encrypts the authentication data into an encrypted authentication data by using a private key of the calling device, and encrypts the encrypted authentication data into an advanced encrypted data by using a public key of the receiving device. The calling device further transmits the advanced encrypted data to the receiving device through the authentication channel, and the receiving device further decrypts the advanced encrypted data into the encrypted authentication data by using a private key of the receiving device, and uses a voice message. The device public key decrypts the encrypted authentication data into the authentication data to confirm that the calling device is combined Legal call equipment. 如請求項7所述之通話系統,其中,該發話設備更利用該識別碼向一伺服器註冊,以獲得一發話設備密鑰。 The call system of claim 7, wherein the calling device further registers the server with the identification code to obtain a calling device key. 如請求項10所述之通話系統,其中,該發話設備更利用該發話設備密鑰,將該認證資料加密成一第一加密認證資料,並透過該認證通道傳送該第一加密認證資料至該伺服器,俾該伺服器利用該發話設備密鑰將該第一加密認證資料解密為該認證資料,並利用一伺服器私鑰將該認證資料加密為一第二加密認證資料,該受話設備更透過該認證通道自該伺服器接收該第二加密認證資料,並利用一伺服器公鑰將該第二加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。 The call system of claim 10, wherein the calling device further encrypts the authentication data into a first encrypted authentication data by using the calling device key, and transmits the first encrypted authentication data to the servo through the authentication channel. The server decrypts the first encrypted authentication data into the authentication data by using the calling device key, and encrypts the authentication data into a second encrypted authentication data by using a server private key, and the receiving device is more transparent. The authentication channel receives the second encrypted authentication data from the server, and decrypts the second encrypted authentication data into the authentication data by using a server public key to confirm that the calling device is a legitimate calling device. 如請求項10所述之通話系統,其中,該發話設備更利用該發話設備密鑰,將該認證資料加密成一第一加密認證資料,並透過該認證通道傳送該第一加密認證資料至一伺服器,俾該伺服器利用該發話設備密鑰將該第一加密認證資料解密為該認證資料,並利用一伺服器私鑰將該認證資料加密為一第二加密認證資料,且利用一受話設備公鑰將該第二加密認證資料加密為一進階加密資料,該受話設備更透過該認證通道自該伺服器接收該進階加密資料,該受話設備更利用一受話設備私鑰將該進階加密資料解密為該第二加密認證資料,並利用一伺服器公鑰將該第二加密認證資料解密為該認證資料,以確認該發話設備係為合法通話設備。 The call system of claim 10, wherein the calling device further encrypts the authentication data into a first encrypted authentication data by using the calling device key, and transmits the first encrypted authentication data to a servo through the authentication channel. The server decrypts the first encrypted authentication data into the authentication data by using the calling device key, and encrypts the authentication data into a second encrypted authentication data by using a server private key, and utilizes a receiving device The public key encrypts the second encrypted authentication data into an advanced encrypted data, and the receiving device further receives the advanced encrypted data from the server through the authentication channel, and the receiving device further utilizes a receiving device private key to advance the advanced The encrypted data is decrypted into the second encrypted authentication data, and the second encrypted authentication data is decrypted into the authentication data by using a server public key to confirm that the calling device is a legitimate calling device.
TW101134536A 2012-09-20 2012-09-20 Communication system and communication authentication method thereof TWI589146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW101134536A TWI589146B (en) 2012-09-20 2012-09-20 Communication system and communication authentication method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW101134536A TWI589146B (en) 2012-09-20 2012-09-20 Communication system and communication authentication method thereof

Publications (2)

Publication Number Publication Date
TW201414268A TW201414268A (en) 2014-04-01
TWI589146B true TWI589146B (en) 2017-06-21

Family

ID=55181878

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101134536A TWI589146B (en) 2012-09-20 2012-09-20 Communication system and communication authentication method thereof

Country Status (1)

Country Link
TW (1) TWI589146B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026636A (en) * 2006-02-22 2007-08-29 张弘 Dual-channel communication terminal and its system, communication method using said terminal and long distance control method
CN101304423A (en) * 2008-07-08 2008-11-12 北京邮电大学 Method and system for authenticating user identification
CN101442411A (en) * 2008-12-23 2009-05-27 中国科学院计算技术研究所 Identification authentication method between peer-to-peer user nodes in P2P network
CN102111416A (en) * 2011-02-28 2011-06-29 南京邮电大学 Real time data encryption transmission method for voice over internet protocol (VoIP)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026636A (en) * 2006-02-22 2007-08-29 张弘 Dual-channel communication terminal and its system, communication method using said terminal and long distance control method
CN101304423A (en) * 2008-07-08 2008-11-12 北京邮电大学 Method and system for authenticating user identification
CN101442411A (en) * 2008-12-23 2009-05-27 中国科学院计算技术研究所 Identification authentication method between peer-to-peer user nodes in P2P network
CN102111416A (en) * 2011-02-28 2011-06-29 南京邮电大学 Real time data encryption transmission method for voice over internet protocol (VoIP)

Also Published As

Publication number Publication date
TW201414268A (en) 2014-04-01

Similar Documents

Publication Publication Date Title
US8467512B2 (en) Method and system for authenticating telephone callers and avoiding unwanted calls
CN103812871B (en) Development method and system based on mobile terminal application program security application
CN103686713B (en) Method and apparatus for secure pairing of mobile devices with vehicles
AU2011309758B2 (en) Mobile handset identification and communication authentication
CA2956590C (en) Apparatus and method for sharing a hardware security module interface in a collaborative network
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
EP2827529B1 (en) Method, device, and system for identity authentication
TWI640189B (en) System for verifying a user's identity of telecommunication certification and method thereof
CN110278084B (en) eID establishing method, related device and system
KR20130007565A (en) Confidential communication method using vpn, a system and program for the same, and memory media for program therefor
CN105704711A (en) Method for ensuring call communication security, device and user terminal
WO2017020530A1 (en) Enhanced wlan certificate authentication method, device and system
CN106027560A (en) Intelligent terminal oriented security transmission method and system
WO2015109958A1 (en) Data processing method based on negotiation key, and mobile phone
US9716707B2 (en) Mutual authentication with anonymity
CN104901967A (en) Registration method for trusted device
US9876774B2 (en) Communication security system and method
TWI589146B (en) Communication system and communication authentication method thereof
CN109492359A (en) A kind of secure network middleware and its implementation and device for authentication
CN103986724A (en) Real-name authentication method and system for e-mail
CN110740129A (en) telephone network communication protection method based on end-to-end authentication
CN104935430A (en) Processing method and device for client business
CN102611813A (en) Telephone online bank device, telephone online bank system and telephone online trading method
CN113704742B (en) Method and system for preventing device verification from leaking user privacy
CN113472953B (en) E-commerce platform privacy number voice communication method and system