WO2012129928A1 - Method, system and apparatus for secure transmission of media message - Google Patents

Method, system and apparatus for secure transmission of media message Download PDF

Info

Publication number
WO2012129928A1
WO2012129928A1 PCT/CN2011/083611 CN2011083611W WO2012129928A1 WO 2012129928 A1 WO2012129928 A1 WO 2012129928A1 CN 2011083611 W CN2011083611 W CN 2011083611W WO 2012129928 A1 WO2012129928 A1 WO 2012129928A1
Authority
WO
WIPO (PCT)
Prior art keywords
encrypted information
message
key
server
media
Prior art date
Application number
PCT/CN2011/083611
Other languages
French (fr)
Chinese (zh)
Inventor
卢艳
丁欣
陈军
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012129928A1 publication Critical patent/WO2012129928A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, system and apparatus for secure transmission of media messages.
  • multimedia messaging services such as MMS, (mobile) email, and instant messaging services
  • MMS multimedia messaging services
  • voicemail instant messaging, etc.
  • the server before the server sends the media message to the receiver, the server usually sends a notification message of the multimedia message to the receiver through other communication channels, such as the PUSH route. After receiving the notification message, the media message is received by the server according to the communication situation.
  • Figure 1 illustrates the flow of the server sending media information to the recipient:
  • the server generates a media message M corresponding message S, such as a notification message, sends a message S through the service system 2 to the receiver;
  • the receiver accesses the server according to the message S and obtains the media content M.
  • the above solution brings a convenient and fast user experience to the user, and at the same time brings a series of security transmission problems.
  • the notification message and the media message may be read by an illegal recipient, thereby causing the sender's information to leak.
  • the technical problem to be solved by the present invention is to provide a method, system and device for secure transmission of media messages to solve the problem of sender information leakage in case of a false alarm.
  • the present invention provides a method for secure transmission of media messages, including:
  • the server generates a message corresponding to the media message, using the key pair to the media message and the The message corresponding to the media message is respectively encrypted to obtain the first encrypted information and the second encrypted information, and the key is encrypted to obtain the third encrypted information, and the second encrypted information and the third encrypted information are sent; Decrypting the third encrypted information with the recipient private key to obtain the key, and decrypting the second encrypted information by using the key to obtain the media and the second encrypted information The message corresponding to the message;
  • the receiving party accesses the server according to the message corresponding to the media message, acquires the first encrypted information, and decrypts the first encrypted information by using the key to obtain the media message.
  • the step of the server encrypting the key to obtain the third encrypted information comprises: the server encrypting the key with the recipient public key to obtain the third encrypted information.
  • the message corresponding to the media message is generated by the server based on the transport layer information and/or the media message content.
  • the symmetric encryption algorithm for encrypting or decrypting the media message, the first encrypted information, the message corresponding to the media message, or the second encrypted information by the server and the receiver is pre-negotiated by the server and the receiver, or The server or receiver temporarily notifies the other party;
  • the asymmetric encryption algorithm for encrypting or decrypting the key or the third encrypted information by the server and the recipient is pre-negotiated by the server and the recipient.
  • the invention also provides a system for secure transmission of media messages, comprising:
  • a message generating module of the server configured to: generate a message corresponding to the media message;
  • the encryption module of the server is configured to: encrypt the media message and the message corresponding to the media message by using a key respectively Encrypting the information and encrypting the key to obtain the third encrypted information;
  • a sending module of the server configured to: send the second encrypted information and the third encrypted information
  • a receiving module of the receiver configured to: receive the second encrypted information and the third encryption Information
  • a decryption module of the receiver configured to: decrypt the third encrypted information by using a recipient private key to obtain the key, and decrypt the second encrypted information by using the key to obtain the corresponding to the media message And decrypting the first encrypted information using the key to obtain the media message;
  • the access module of the receiver is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
  • the encryption module of the server is configured to encrypt the key with the recipient public key to obtain the third encrypted information.
  • a symmetric encryption algorithm for encrypting or decrypting the media message, the first encrypted information, the message corresponding to the media message, or the second encrypted information by the encryption module or the decryption module of the server and the receiver is the server and the receiver in advance Negotiated, or, temporarily notified to the other party by the server or receiver;
  • the asymmetric encryption algorithm for encrypting or decrypting the key or the third encrypted information by the encryption module or the decryption module of the server and the receiver is pre-negotiated by the server and the receiver.
  • the invention also provides a server comprising:
  • a message generating module configured to: generate a message corresponding to the media message
  • An encryption module configured to: encrypt the media message and the message corresponding to the media message by using a key to obtain first encrypted information and second encrypted information, and encrypt the key to obtain third encrypted information;
  • a sending module configured to: send the second encrypted information and the third encrypted information to a receiver
  • the message corresponding to the media message is used to indicate the manner in which the receiving end acquires the first encryption information.
  • the above server can also have the following characteristics:
  • the encryption module is configured to encrypt the key with a recipient public key to obtain the third encrypted information.
  • the invention also provides a media message receiver, comprising:
  • a receiving module configured to: receive second encrypted information and third encrypted information sent by the server; and a decrypting module, configured to: decrypt the third encrypted information by using a recipient private key to obtain a key, and use the key Decrypting the second encrypted information to obtain a message corresponding to the media message; and decrypting the first encrypted information by using the key to obtain a media message;
  • the access module is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
  • the third encrypted information is obtained by the server encrypting the key with a recipient public key.
  • the above solution encrypts the content to be transmitted (such as media messages, keys or messages), and finally transmits the message or media message securely to the legitimate recipient. If the message is sent by mistake or intercepted by a third party, the media message or the notification message will not be transmitted. Was leaked.
  • FIG. 1 is a schematic diagram of a sender sending media information to a receiver
  • FIG. 2 is a schematic diagram of an embodiment of a method for secure transmission of media messages according to the present invention
  • FIG. 3 is a schematic flowchart of a server execution according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a process performed by a receiver in an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a module of a system for secure transmission of media messages according to the present invention.
  • Embodiments of the present invention provide a method and system for secure transmission of media messages, by encrypting a content to be transmitted (such as a media message, a key, or a message), and finally transmitting the message or media message securely to a legitimate recipient. Sended or intercepted by a third party, media messages or notification messages will not be revealed.
  • a content to be transmitted such as a media message, a key, or a message
  • the method for secure transmission of media messages in the embodiment of the present invention includes:
  • Step 201 The server generates a message S corresponding to the media message, and encrypts the media message M and the message S by using the key K to obtain the first encrypted information C and the second encrypted information S, respectively, and uses the public key pair of the receiver.
  • the key K is encrypted to obtain the third encrypted information K, and the second encrypted information S, and the third encrypted information ⁇ are transmitted;
  • Step 202 The receiver receives the second and third encrypted information, decrypts the third encrypted information with its private key, obtains the key ⁇ , and decrypts the second encryption by using the key.
  • Information gets the message S;
  • Step 203 The receiver accesses the server according to the message, acquires the first encrypted information C, and decrypts the first encrypted information by using the key to obtain the media message.
  • the recipient has a pair of public and private keys
  • the server obtains the recipient's public key through a secure means (such as a third-party certificate authority). At some point, the server will send the media message to the terminal, and check that the network is not online. Then the server performs the following steps, as shown in Figure 3:
  • Step 301 Generate a message S related to the media content M (such as a short message notification); the message is a notification message generated by the server according to the transport layer information, for example, the notification message carries the sender information and the receiver information.
  • the message is a notification message generated by the server according to the transport layer information, for example, the notification message carries the sender information and the receiver information.
  • the message may also be a notification message generated by the server according to the media message, where the notification message may carry a partial keyword of the content of the media message, etc.; or, the notification message is generated according to the transport layer information and the media message, that is, the part of the notification message.
  • the content is the transport layer information, and some of the content is generated according to the media message.
  • Step 302 randomly generate a key K
  • Step 303 Encrypt C with M to obtain ciphertext C, and encrypt S to obtain S,;
  • the RC5 - CTS algorithm when encrypting S, the RC5 - CTS algorithm can be selected. To make s, and s equal length.
  • Step 304 Encrypt K with the public key of the receiver to obtain K,
  • step 303 and step 304 is in no particular order.
  • Step 305 Forward S, and ⁇ to the recipient through the service system (for example, a short message center).
  • the service system for example, a short message center
  • the server forwards S, and ⁇ to the receiver through the service system, it can be sent separately or twice in consideration of the content length.
  • FIG. 4 illustrates the steps performed by the recipient in an embodiment of the invention:
  • Step 401 The receiving party receives S' and ⁇ , ;
  • Step 402 Decrypt ⁇ with ⁇ 's private key to obtain ⁇ ;
  • Step 403 Decrypt S with ⁇ to obtain S;
  • Step 404 According to the information indication of S, establish a link (such as the Internet Data Access Protocol 4 (IMAP4) link) to access the server to obtain data C;
  • a link such as the Internet Data Access Protocol 4 (IMAP4) link
  • the receiver uses the ⁇ 4 protocol to extract multimedia messages.
  • Step 405 Use ⁇ decrypt C to get the media content ⁇ .
  • the symmetric encryption algorithm used by the server and the receiver to encrypt or decrypt the M, C, S or S' is pre-negotiated by the server and the receiver, or temporarily by the server or the receiver. Notify the other party;
  • the asymmetric encryption algorithm used by the server and the receiver to encrypt or decrypt K or K is pre-negotiated by the server and the recipient.
  • An embodiment of the present invention further provides a server for sending a media message, including:
  • a message generating module configured to: generate a message corresponding to the media message;
  • An encryption module configured to: encrypt the media message and the message corresponding to the media message by using a key to obtain first encrypted information and second encrypted information, and encrypt the key to obtain third encrypted information;
  • a sending module configured to: send the second encrypted information and the third encrypted information to a receiver
  • the message corresponding to the media message is used to indicate how the receiving end acquires the first encrypted information.
  • the encryption module is configured to encrypt the key with a recipient public key to obtain the third encrypted information.
  • An embodiment of the present invention further provides a media message receiver, including:
  • a receiving module configured to: receive second encrypted information and third encrypted information sent by the server; and a decrypting module, configured to: decrypt the third encrypted information by using a recipient private key to obtain the key, and use the Decrypting the second encrypted information to obtain the message corresponding to the media message; and decrypting the first encrypted information by using the key to obtain the media message;
  • the access module is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
  • the embodiment of the present invention further provides a system for secure transmission of media messages.
  • the system includes, but is not limited to:
  • a message generating module of the server configured to generate a message corresponding to the media message
  • the encryption module of the server is configured to separately encrypt the media message and the message by using a key to obtain first and second encrypted information, and encrypt the key to obtain third encrypted information;
  • the sending module of the server is configured to send the second and third encrypted information;
  • the receiving module of the receiving party is configured to receive the second and third encrypted information; and
  • the decrypting module of the receiving party is set Decrypting the third encrypted information with its private key to obtain the key, and decrypting the second encrypted information by using the key to obtain the message; Decrypting the first encrypted information with the key to obtain the media message;
  • the access module of the receiver is configured to access the server according to the message to obtain the first encrypted information.
  • the encryption module of the server encrypts the key with the recipient public key to obtain the third encrypted information.
  • the symmetric encryption algorithm used by the encryption module or the decryption module of the server and the receiver to encrypt or decrypt the media message, the first encrypted information, the message, or the second encrypted information is the server and the receiver.
  • Pre-negotiating, or temporarily notifying the other party by the server or the receiver; the asymmetric encryption algorithm used by the encryption module or the decryption module of the server and the receiver to encrypt or decrypt the key or the third encrypted information is The server and the receiver are pre-negotiated.
  • the present invention has generality, and is applicable to, for example, a multimedia message service system, a voice mail service system, an instant messaging service system, and the like.
  • the above method and system encrypts the content to be transmitted (such as a media message, a key or a message), and finally transmits the message or the media message securely to the legal recipient. If the error is transmitted or intercepted by a third party, the media message or the notification message is Will not be leaked.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

Disclosed in the present invention are a method, system and apparatus for secure transmission media message. The method comprises the steps: a server generates a message corresponding to the media message, uses secret keys to encrypt the media message and the message respectively and obtain first and second encrypted information, and encrypt the secret key to obtain third encrypted information, and transmits the second and the third encrypted information. The receiver receives the second and the third encrypted information, and decrypts the third encrypted information with a private key to obtain the secret key, and then decrypts the second encrypted information with the secret key to obtain the message. The receiver accesses the server according to the message, and obtains the first encrypted information, then decrypts the first encrypted information with the secret key to obtain the media information. The method and the system of this invention can ensure the transmission of the media information in security.

Description

媒体消息安全传输的方法、 系统和装置  Method, system and device for secure transmission of media messages
技术领域 Technical field
本发明涉及通信领域, 尤其涉及一种媒体消息安全传输的方法、 系统和 装置。  The present invention relates to the field of communications, and in particular, to a method, system and apparatus for secure transmission of media messages.
背景技术 Background technique
现如今, 多媒体消息业务, 如彩信、 (移动) 电子邮件、 即时消息业务 得到了原来越广泛的应用。 有些业务系统, 比如彩信、 语音信箱、 即时消息 等, 服务器在下发媒体消息至接收方之前, 通常会先通过其他通信途径, 如 PUSH途径, 发送一条该多媒体消息的通知消息给接收方, 接收方接收到通 知消息后, 再根据自身通信情况到服务器将该媒体消息接收下来。  Nowadays, multimedia messaging services, such as MMS, (mobile) email, and instant messaging services, have become more widely used. Some service systems, such as MMS, voicemail, instant messaging, etc., before the server sends the media message to the receiver, the server usually sends a notification message of the multimedia message to the receiver through other communication channels, such as the PUSH route. After receiving the notification message, the media message is received by the server according to the communication situation.
图 1图示了服务器向接收方发送媒体信息的流程:  Figure 1 illustrates the flow of the server sending media information to the recipient:
1)发送方发送媒体消息 M到服务器;  1) The sender sends a media message M to the server;
2)服务器产生媒体消息 M相应的消息 S, 如通知消息, 通过业务系统 2 发送消息 S给接收方;  2) The server generates a media message M corresponding message S, such as a notification message, sends a message S through the service system 2 to the receiver;
2)接收方根据消息 S访问服务器并获取媒体内容 M。 以上方案给用户带来方便快捷的用户体验的同时, 随之带来了一系列安 全传输的问题。 在上述通信过程中, 若发生误发情形, 通知消息和媒体消息 可能会被不合法的接收方所阅读, 从而导致发送方的信息泄露。  2) The receiver accesses the server according to the message S and obtains the media content M. The above solution brings a convenient and fast user experience to the user, and at the same time brings a series of security transmission problems. In the above communication process, if a false alarm occurs, the notification message and the media message may be read by an illegal recipient, thereby causing the sender's information to leak.
发明内容 Summary of the invention
本发明要解决的技术问题是提供一种媒体消息安全传输的方法、 系统和 装置, 以解决误发情形下发送方信息泄露的问题。  The technical problem to be solved by the present invention is to provide a method, system and device for secure transmission of media messages to solve the problem of sender information leakage in case of a false alarm.
为解决以上技术问题, 本发明提供了一种媒体消息安全传输的方法, 其 包括:  To solve the above technical problem, the present invention provides a method for secure transmission of media messages, including:
服务器产生与媒体消息对应的消息, 利用密钥对所述媒体消息和所述与 媒体消息对应的消息分别加密得到第一加密信息和第二加密信息, 对所述密 钥加密得到第三加密信息, 发送所述第二加密信息和所述第三加密信息; 所述接收方接收所述第二加密信息和所述第三加密信息, 用接收方私钥 解密所述第三加密信息得到所述密钥, 并利用所述密钥解密所述第二加密信 息得到所述与媒体消息对应的消息; The server generates a message corresponding to the media message, using the key pair to the media message and the The message corresponding to the media message is respectively encrypted to obtain the first encrypted information and the second encrypted information, and the key is encrypted to obtain the third encrypted information, and the second encrypted information and the third encrypted information are sent; Decrypting the third encrypted information with the recipient private key to obtain the key, and decrypting the second encrypted information by using the key to obtain the media and the second encrypted information The message corresponding to the message;
所述接收方根据所述与媒体消息对应的消息访问所述服务器, 获取所述 第一加密信息, 利用所述密钥解密所述第一加密信息得到所述媒体消息。  The receiving party accesses the server according to the message corresponding to the media message, acquires the first encrypted information, and decrypts the first encrypted information by using the key to obtain the media message.
上述方法还可具有以下特点:  The above method can also have the following characteristics:
所述服务器对所述密钥加密得到第三加密信息的步骤包括: 所述服务器 用所述接收方公钥对所述密钥加密得到所述第三加密信息。  The step of the server encrypting the key to obtain the third encrypted information comprises: the server encrypting the key with the recipient public key to obtain the third encrypted information.
上述方法还可具有以下特点:  The above method can also have the following characteristics:
所述与媒体消息对应的消息是所述服务器根据传输层信息和 /或媒体消 息内容产生的。  The message corresponding to the media message is generated by the server based on the transport layer information and/or the media message content.
上述方法还可具有以下特点:  The above method can also have the following characteristics:
所述服务器和接收方对所述媒体消息、 第一加密信息、 与媒体消息对应 的消息或第二加密信息进行加密或解密的对称加密算法是所述服务器和接收 方预先协商的, 或, 由服务器或接收器临时通知对方的;  The symmetric encryption algorithm for encrypting or decrypting the media message, the first encrypted information, the message corresponding to the media message, or the second encrypted information by the server and the receiver is pre-negotiated by the server and the receiver, or The server or receiver temporarily notifies the other party;
所述服务器和接收方对所述密钥或第三加密信息进行加密或解密的非对 称加密算法是所述服务器和接收方预先协商的。  The asymmetric encryption algorithm for encrypting or decrypting the key or the third encrypted information by the server and the recipient is pre-negotiated by the server and the recipient.
本发明还提供一种媒体消息安全传输的系统, 其包括:  The invention also provides a system for secure transmission of media messages, comprising:
服务器的消息产生模块, 其设置为: 产生与媒体消息对应的消息; 所述服务器的加密模块, 其设置为: 利用密钥对所述媒体消息和所述与 媒体消息对应的消息分别加密得到第一加密信息和第二加密信息, 对所述密 钥加密得到第三加密信息;  a message generating module of the server, configured to: generate a message corresponding to the media message; the encryption module of the server is configured to: encrypt the media message and the message corresponding to the media message by using a key respectively Encrypting the information and encrypting the key to obtain the third encrypted information;
所述服务器的发送模块, 其设置为: 发送所述第二加密信息和第三加密 信息;  a sending module of the server, configured to: send the second encrypted information and the third encrypted information;
所述接收方的接收模块, 其设置为: 接收所述第二加密信息和第三加密 信息; a receiving module of the receiver, configured to: receive the second encrypted information and the third encryption Information
所述接收方的解密模块, 其设置为: 用接收方私钥解密所述第三加密信 息得到所述密钥, 并利用所述密钥解密所述第二加密信息得到所述与媒体消 息对应的消息; 以及利用所述密钥解密所述第一加密信息得到所述媒体消息; 以及  a decryption module of the receiver, configured to: decrypt the third encrypted information by using a recipient private key to obtain the key, and decrypt the second encrypted information by using the key to obtain the corresponding to the media message And decrypting the first encrypted information using the key to obtain the media message;
所述接收方的访问模块, 其设置为: 根据所述与媒体消息对应的消息访 问所述服务器, 获取所述第一加密信息。  The access module of the receiver is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
上述系统还可具有以下特点:  The above system can also have the following characteristics:
所述服务器的加密模块是设置为用所述接收方公钥对所述密钥加密得到 所述第三加密信息。  The encryption module of the server is configured to encrypt the key with the recipient public key to obtain the third encrypted information.
上述系统还可具有以下特点:  The above system can also have the following characteristics:
所述服务器和接收方的加密模块或解密模块对所述媒体消息、 第一加密 信息、 与媒体消息对应的消息或第二加密信息进行加密或解密的对称加密算 法是所述服务器和接收方预先协商的, 或, 由服务器或接收器临时通知对方 的;  a symmetric encryption algorithm for encrypting or decrypting the media message, the first encrypted information, the message corresponding to the media message, or the second encrypted information by the encryption module or the decryption module of the server and the receiver is the server and the receiver in advance Negotiated, or, temporarily notified to the other party by the server or receiver;
所述服务器和接收方的加密模块或解密模块对所述密钥或第三加密信息 进行加密或解密的非对称加密算法是所述服务器和接收方预先协商的。  The asymmetric encryption algorithm for encrypting or decrypting the key or the third encrypted information by the encryption module or the decryption module of the server and the receiver is pre-negotiated by the server and the receiver.
本发明还提供一种服务器, 其包括:  The invention also provides a server comprising:
消息产生模块, 其设置为: 产生与媒体消息对应的消息;  a message generating module, configured to: generate a message corresponding to the media message;
加密模块, 其设置为: 利用密钥对所述媒体消息和所述与媒体消息对应 的消息分别加密得到第一加密信息和第二加密信息, 对所述密钥加密得到第 三加密信息;  An encryption module, configured to: encrypt the media message and the message corresponding to the media message by using a key to obtain first encrypted information and second encrypted information, and encrypt the key to obtain third encrypted information;
发送模块, 其设置为: 将所述第二加密信息和第三加密信息发送至接收 方;  a sending module, configured to: send the second encrypted information and the third encrypted information to a receiver;
其中, 所述与媒体消息对应的消息用于指示所述接收端获取所述第一加 密信息的方式。  The message corresponding to the media message is used to indicate the manner in which the receiving end acquires the first encryption information.
上述服务器还可具有以下特点: 所述加密模块是设置为用接收方公钥对所述密钥加密得到所述第三加密 信息。 The above server can also have the following characteristics: The encryption module is configured to encrypt the key with a recipient public key to obtain the third encrypted information.
本发明还提供一种媒体消息接收方, 其包括:  The invention also provides a media message receiver, comprising:
接收模块, 其设置为: 接收服务器发送的第二加密信息和第三加密信息; 解密模块, 其设置为: 用接收方私钥解密所述第三加密信息得到密钥, 并利用所述密钥解密所述第二加密信息得到与媒体消息对应的消息; 以及利 用所述密钥解密第一加密信息得到媒体消息; 以及  a receiving module, configured to: receive second encrypted information and third encrypted information sent by the server; and a decrypting module, configured to: decrypt the third encrypted information by using a recipient private key to obtain a key, and use the key Decrypting the second encrypted information to obtain a message corresponding to the media message; and decrypting the first encrypted information by using the key to obtain a media message;
访问模块, 其设置为: 根据所述与媒体消息对应的消息访问所述服务器, 获取所述第一加密信息。  The access module is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
上述接收方还可具有以下特点:  The above receivers can also have the following characteristics:
所述第三加密信息是所述服务器用接收方公钥对所述密钥加密得到的。 上述方案通过对待传输内容(如媒体消息、 密钥或消息)进行加密, 最 终将消息或媒体消息安全地传送给合法接收方,如果误发或者被第三方截获, 媒体消息或通知消息都不会被泄露。  The third encrypted information is obtained by the server encrypting the key with a recipient public key. The above solution encrypts the content to be transmitted (such as media messages, keys or messages), and finally transmits the message or media message securely to the legitimate recipient. If the message is sent by mistake or intercepted by a third party, the media message or the notification message will not be transmitted. Was leaked.
附图概述 BRIEF abstract
图 1为发送方发送媒体信息给接收方的示意图;  FIG. 1 is a schematic diagram of a sender sending media information to a receiver;
图 2为本发明媒体消息安全传输的方法实施例的示意图;  2 is a schematic diagram of an embodiment of a method for secure transmission of media messages according to the present invention;
图 3为本发明实施例中服务器执行的流程示意图;  3 is a schematic flowchart of a server execution according to an embodiment of the present invention;
图 4为本发明实施例中接收方执行的流程示意图;  4 is a schematic flowchart of a process performed by a receiver in an embodiment of the present invention;
图 5为本发明媒体消息安全传输的系统实施例的模块结构示意图。  FIG. 5 is a schematic structural diagram of a module of a system for secure transmission of media messages according to the present invention.
本发明的较佳实施方式 Preferred embodiment of the invention
本发明的实施方式提出了一种媒体消息安全传输方法和系统, 通过对待 传输内容(如媒体消息、 密钥或消息)进行加密, 最终将消息或媒体消息安 全地传送给合法接收方, 如果误发或者被第三方截获, 媒体消息或通知消息 都不会被泄露。  Embodiments of the present invention provide a method and system for secure transmission of media messages, by encrypting a content to be transmitted (such as a media message, a key, or a message), and finally transmitting the message or media message securely to a legitimate recipient. Sended or intercepted by a third party, media messages or notification messages will not be revealed.
下文中将结合附图对本发明的实施例进行详细说明。 需要说明的是, 在 不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互任意组合。 如图 2所示, 本发明实施例媒体消息安全传输的方法包括: Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that In the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other. As shown in FIG. 2, the method for secure transmission of media messages in the embodiment of the present invention includes:
步骤 201 : 服务器产生与媒体消息对应的消息 S, 利用密钥 K对所述媒 体消息 M和消息 S分别加密得到第一加密信息 C、 第二加密信息 S,, 利用接 收方的公钥对所述密钥 K加密得到第三加密信息 K,,并发送所述第二加密信 息 S,和第三加密信息 κ,;  Step 201: The server generates a message S corresponding to the media message, and encrypts the media message M and the message S by using the key K to obtain the first encrypted information C and the second encrypted information S, respectively, and uses the public key pair of the receiver. The key K is encrypted to obtain the third encrypted information K, and the second encrypted information S, and the third encrypted information κ are transmitted;
步骤 202: 所述接收方接收所述第二、 第三加密信息, 用其私钥解密所 述第三加密信息 Κ,得到所述密钥 Κ, 并利用所述密钥解密所述第二加密信息 得到所述消息 S;  Step 202: The receiver receives the second and third encrypted information, decrypts the third encrypted information with its private key, obtains the key Κ, and decrypts the second encryption by using the key. Information gets the message S;
步骤 203 : 所述接收方根据所述消息访问所述服务器, 获取所述第一加 密信息 C, 利用所述密钥 Κ解密所述第一加密信息得到所述媒体消息 Μ。  Step 203: The receiver accesses the server according to the message, acquires the first encrypted information C, and decrypts the first encrypted information by using the key to obtain the media message.
应用上述方法的前提是:  The premise of applying the above method is:
1)服务器和接收方之间已经得到过认证;  1) The server and the receiver have been certified;
2)接收者拥有一对公私钥;  2) The recipient has a pair of public and private keys;
3)服务器通过安全途径 (比如第三方证书管理机构)获得接收方的公钥。 某个时候,服务器将要将媒体消息 Μ发送给终端 Α,检查发现 Α不在线, 那么服务器执行如下步骤, 如图 3所示:  3) The server obtains the recipient's public key through a secure means (such as a third-party certificate authority). At some point, the server will send the media message to the terminal, and check that the network is not online. Then the server performs the following steps, as shown in Figure 3:
步骤 301 : 产生与媒体内容 M有关的消息 S (比如短信通知) ; 所述消息是所述服务器根据传输层信息产生的通知消息, 比如该通知消 息携带发送方信息和接收方信息。  Step 301: Generate a message S related to the media content M (such as a short message notification); the message is a notification message generated by the server according to the transport layer information, for example, the notification message carries the sender information and the receiver information.
可替代的, 该消息还可以是服务器根据媒体消息产生的通知消息, 该通 知消息可携带媒体消息内容的部分关键字等; 或者, 通知消息根据传输层信 息和媒体消息产生, 即通知消息的部分内容为传输层信息, 部分内容为才艮据 媒体消息产生。  Alternatively, the message may also be a notification message generated by the server according to the media message, where the notification message may carry a partial keyword of the content of the media message, etc.; or, the notification message is generated according to the transport layer information and the media message, that is, the part of the notification message. The content is the transport layer information, and some of the content is generated according to the media message.
步骤 302: 随机产生密钥 K;  Step 302: randomly generate a key K;
步骤 303: 用 K加密 M得到密文 C, 加密 S得到 S,;  Step 303: Encrypt C with M to obtain ciphertext C, and encrypt S to obtain S,;
考虑到 S,的内容长度, 在对 S加密时, 可选择 RC5 - CTS算法, 这样可 以使得 s,与 s等长度。 Considering the content length of S, when encrypting S, the RC5 - CTS algorithm can be selected. To make s, and s equal length.
步骤 304: 用接收方的公钥加密 K得到 K, ;  Step 304: Encrypt K with the public key of the receiver to obtain K,;
可理解地, 步骤 303和步骤 304中的加密过程不分先后。  Understandably, the encryption process in step 303 and step 304 is in no particular order.
步骤 305: 将 S,和 Κ, 通过业务系统(比如, 短消息中心)转发给接收 方。  Step 305: Forward S, and Κ to the recipient through the service system (for example, a short message center).
服务器将 S,和 Κ, 通过业务系统转发给接收者时,考虑到内容长度问题, 可以分两次或多次分别发送。  When the server forwards S, and Κ to the receiver through the service system, it can be sent separately or twice in consideration of the content length.
图 4图示了本发明实施例中接收方执行的步骤:  Figure 4 illustrates the steps performed by the recipient in an embodiment of the invention:
步骤 401 : 接收方接收到 S'和 Κ, ;  Step 401: The receiving party receives S' and Κ, ;
步骤 402: 用 Α的私有密钥解密 Κ, 获得 Κ;  Step 402: Decrypt 用 with Α's private key to obtain Κ;
步骤 403: 用 Κ解密 S,获得 S;  Step 403: Decrypt S with Κ to obtain S;
步骤 404: 根据 S的信息指示, 建立链接(如交互式数据消息访问协议 第四版本( Internet Message Access Protocol 4 , IMAP4 )链路)访问服务器, 获取数据 C;  Step 404: According to the information indication of S, establish a link (such as the Internet Data Access Protocol 4 (IMAP4) link) to access the server to obtain data C;
假定接收方与服务器之间的通信协议 ΙΜΑΡ4, 接收方使用 ΙΜΑΡ4协议 进行多媒体消息的提取。  Assuming a communication protocol between the receiver and the server ΙΜΑΡ4, the receiver uses the ΙΜΑΡ4 protocol to extract multimedia messages.
步骤 405: 用 Κ解密 C获得媒体内容 Μ。  Step 405: Use Κ decrypt C to get the media content Μ.
基于以上方案, 当出现误发或被第三者截获时, 由于其不知道接收方的 私有密钥, 无法获知 Κ, 当然也无法获知 S和 Μ的内容。  Based on the above scheme, when a false transmission occurs or is intercepted by a third party, since it does not know the private key of the recipient, it is impossible to know the flaw, and of course, the contents of S and Μ cannot be known.
本发明实施例中, 所述服务器和接收方用于对 M、 C、 S或 S'进行加密 或解密的对称加密算法是所述服务器和接收方预先协商的, 或, 由服务器或 接收器临时通知对方; In the embodiment of the present invention, the symmetric encryption algorithm used by the server and the receiver to encrypt or decrypt the M, C, S or S' is pre-negotiated by the server and the receiver, or temporarily by the server or the receiver. Notify the other party;
所述服务器和接收方用于对 K或 K,进行加密或解密的非对称加密算法是 所述服务器和接收方预先协商的。  The asymmetric encryption algorithm used by the server and the receiver to encrypt or decrypt K or K is pre-negotiated by the server and the recipient.
本发明实施例还提供一种发送媒体消息的服务器, 其包括:  An embodiment of the present invention further provides a server for sending a media message, including:
消息产生模块, 其设置为: 产生与媒体消息对应的消息; 加密模块, 其设置为: 利用密钥对所述媒体消息和所述与媒体消息对应 的消息分别加密得到第一加密信息和第二加密信息, 对所述密钥加密得到第 三加密信息; a message generating module, configured to: generate a message corresponding to the media message; An encryption module, configured to: encrypt the media message and the message corresponding to the media message by using a key to obtain first encrypted information and second encrypted information, and encrypt the key to obtain third encrypted information;
发送模块, 其设置为: 将所述第二加密信息和第三加密信息发送至接收 方;  a sending module, configured to: send the second encrypted information and the third encrypted information to a receiver;
其中, 所述与媒体消息对应的消息用于指示所述接收端如何获取所述第 一加密信息。 其中: 所述加密模块可设置为用接收方公钥对所述密钥加密得到所述第 三加密信息。 本发明实施例还提供一种媒体消息接收方, 其包括:  The message corresponding to the media message is used to indicate how the receiving end acquires the first encrypted information. Wherein: the encryption module is configured to encrypt the key with a recipient public key to obtain the third encrypted information. An embodiment of the present invention further provides a media message receiver, including:
接收模块, 其设置为: 接收服务器发送的第二加密信息和第三加密信息; 解密模块, 其设置为: 用接收方私钥解密所述第三加密信息得到所述密 钥,并利用所述密钥解密所述第二加密信息得到所述与媒体消息对应的消息; 以及利用所述密钥解密第一加密信息得到所述媒体消息; 以及  a receiving module, configured to: receive second encrypted information and third encrypted information sent by the server; and a decrypting module, configured to: decrypt the third encrypted information by using a recipient private key to obtain the key, and use the Decrypting the second encrypted information to obtain the message corresponding to the media message; and decrypting the first encrypted information by using the key to obtain the media message;
访问模块, 其设置为: 根据所述与媒体消息对应的消息访问所述服务器, 获取所述第一加密信息。  The access module is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
本发明实施例还提供了一种媒体消息安全传输的系统, 与本发明特别相 关地, 如图 5所示, 所述系统包括但不限于: The embodiment of the present invention further provides a system for secure transmission of media messages. Specifically, as shown in FIG. 5, the system includes, but is not limited to:
服务器的消息产生模块, 设置为产生与媒体消息对应的消息;  a message generating module of the server, configured to generate a message corresponding to the media message;
所述服务器的加密模块, 设置为利用密钥对所述媒体消息和消息分别加 密得到第一、 第二加密信息, 对所述密钥加密得到第三加密信息;  The encryption module of the server is configured to separately encrypt the media message and the message by using a key to obtain first and second encrypted information, and encrypt the key to obtain third encrypted information;
所述服务器的发送模块, 设置为发送所述第二和第三加密信息; 所述接收方的接收模块, 设置为接收所述第二和第三加密信息; 所述接收方的解密模块, 设置为用其私钥解密所述第三加密信息得到所 述密钥, 并利用所述密钥解密所述第二加密信息得到所述消息; 还设置为利 用所述密钥解密所述第一加密信息得到所述媒体消息; The sending module of the server is configured to send the second and third encrypted information; the receiving module of the receiving party is configured to receive the second and third encrypted information; and the decrypting module of the receiving party is set Decrypting the third encrypted information with its private key to obtain the key, and decrypting the second encrypted information by using the key to obtain the message; Decrypting the first encrypted information with the key to obtain the media message;
所述接收方的访问模块, 设置为根据所述消息访问所述服务器, 获取所 述第一加密信息。  The access module of the receiver is configured to access the server according to the message to obtain the first encrypted information.
可选的, 所述服务器的加密模块用所述接收方公钥对所述密钥加密得到 所述第三加密信息。  Optionally, the encryption module of the server encrypts the key with the recipient public key to obtain the third encrypted information.
可选的, 所述服务器和接收方的加密模块或解密模块用于对所述媒体消 息、 第一加密信息、 消息或第二加密信息进行加密或解密的对称加密算法是 所述服务器和接收方预先协商的, 或, 由服务器或接收器临时通知对方; 所述服务器和接收方的加密模块或解密模块用于对所述密钥或第三加密 信息进行加密或解密的非对称加密算法是所述服务器和接收方预先协商的。  Optionally, the symmetric encryption algorithm used by the encryption module or the decryption module of the server and the receiver to encrypt or decrypt the media message, the first encrypted information, the message, or the second encrypted information is the server and the receiver. Pre-negotiating, or temporarily notifying the other party by the server or the receiver; the asymmetric encryption algorithm used by the encryption module or the decryption module of the server and the receiver to encrypt or decrypt the key or the third encrypted information is The server and the receiver are pre-negotiated.
本发明具有一般性, 比如适用于彩信业务系统、 语音信箱业务系统、 即 时消息业务系统等。  The present invention has generality, and is applicable to, for example, a multimedia message service system, a voice mail service system, an instant messaging service system, and the like.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序 来指令相关硬件完成, 上述程序可以存储于计算机可读存储介质中, 如只读 存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可以使用 一个或多个集成电路来实现。 相应地, 上述实施例中的各模块 /单元可以釆用 硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明不限制于任 何特定形式的硬件和软件的结合。 One of ordinary skill in the art will appreciate that all or a portion of the above steps may be accomplished by a program that instructs the associated hardware to be stored in a computer readable storage medium, such as a read only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.
以上实施例仅用以说明本发明的技术方案而非限制, 仅仅参照较佳实施 例对本发明进行了详细说明。 本领域的普通技术人员应当理解, 可以对本发 明的技术方案进行修改或者等同替换, 而不脱离本发明技术方案的精神和范 围, 均应涵盖在本发明的权利要求范围当中。  The above embodiments are only intended to illustrate the technical solutions of the present invention and are not to be construed as limiting the invention. It should be understood by those skilled in the art that the present invention may be modified or equivalently substituted without departing from the spirit and scope of the invention.
工业实用性 Industrial applicability
上述方法和系统通过对待传输内容(如媒体消息、 密钥或消息)进行加 密, 最终将消息或媒体消息安全地传送给合法接收方, 如果误发或者被第三 方截获, 媒体消息或通知消息都不会被泄露。  The above method and system encrypts the content to be transmitted (such as a media message, a key or a message), and finally transmits the message or the media message securely to the legal recipient. If the error is transmitted or intercepted by a third party, the media message or the notification message is Will not be leaked.

Claims

权 利 要 求 书 Claim
1、 一种媒体消息安全传输的方法, 其包括: A method for secure transmission of media messages, comprising:
服务器产生与媒体消息对应的消息, 利用密钥对所述媒体消息和所述与 媒体消息对应的消息分别加密得到第一加密信息和第二加密信息, 对所述密 钥加密得到第三加密信息, 发送所述第二加密信息和所述第三加密信息; 所述接收方接收所述第二加密信息和所述第三加密信息, 用接收方私钥 解密所述第三加密信息得到所述密钥, 并利用所述密钥解密所述第二加密信 息得到所述与媒体消息对应的消息;  The server generates a message corresponding to the media message, and encrypts the media message and the message corresponding to the media message by using a key to obtain the first encrypted information and the second encrypted information, and encrypts the key to obtain the third encrypted information. Transmitting the second encrypted information and the third encrypted information; the receiving party receives the second encrypted information and the third encrypted information, and decrypting the third encrypted information by using a receiver private key to obtain the a key, and decrypting the second encrypted information by using the key to obtain the message corresponding to the media message;
所述接收方根据所述与媒体消息对应的消息访问所述服务器, 获取所述 第一加密信息, 利用所述密钥解密所述第一加密信息得到所述媒体消息。  The receiving party accesses the server according to the message corresponding to the media message, acquires the first encrypted information, and decrypts the first encrypted information by using the key to obtain the media message.
2、 如权利要求 1所述的方法, 其中: 2. The method of claim 1 wherein:
所述服务器对所述密钥加密得到第三加密信息的步骤包括: 所述服务器 用所述接收方公钥对所述密钥加密得到所述第三加密信息。  The step of the server encrypting the key to obtain the third encrypted information comprises: the server encrypting the key with the recipient public key to obtain the third encrypted information.
3、 如权利要求 1所述的方法, 其中: 所述与媒体消息对应的消息是所述 服务器根据传输层信息和 /或媒体消息内容产生的。 3. The method of claim 1, wherein: the message corresponding to the media message is generated by the server based on transport layer information and/or media message content.
4、 如权利要求 1所述的方法, 其中: 4. The method of claim 1 wherein:
所述服务器和接收方对所述媒体消息、 第一加密信息、 与媒体消息对应 的消息或第二加密信息进行加密或解密的对称加密算法是所述服务器和接收 方预先协商的, 或, 由服务器或接收器临时通知对方的;  The symmetric encryption algorithm for encrypting or decrypting the media message, the first encrypted information, the message corresponding to the media message, or the second encrypted information by the server and the receiver is pre-negotiated by the server and the receiver, or The server or receiver temporarily notifies the other party;
所述服务器和接收方对所述密钥或第三加密信息进行加密或解密的非对 称加密算法是所述服务器和接收方预先协商的。  The asymmetric encryption algorithm for encrypting or decrypting the key or the third encrypted information by the server and the recipient is pre-negotiated by the server and the recipient.
5、 一种媒体消息安全传输的系统, 其包括: 5. A system for secure transmission of media messages, comprising:
服务器的消息产生模块, 其设置为: 产生与媒体消息对应的消息; 所述服务器的加密模块, 其设置为: 利用密钥对所述媒体消息和所述与 媒体消息对应的消息分别加密得到第一加密信息和第二加密信息, 对所述密 钥加密得到第三加密信息; a message generating module of the server, configured to: generate a message corresponding to the media message; the encryption module of the server is configured to: encrypt the media message and the message corresponding to the media message by using a key respectively An encrypted information and a second encrypted information, the secret Key encryption to obtain third encrypted information;
所述服务器的发送模块, 其设置为: 发送所述第二加密信息和第三加密 信息;  a sending module of the server, configured to: send the second encrypted information and the third encrypted information;
所述接收方的接收模块, 其设置为: 接收所述第二加密信息和第三加密 信息;  The receiving module of the receiving end is configured to: receive the second encrypted information and the third encrypted information;
所述接收方的解密模块, 其设置为: 用接收方私钥解密所述第三加密信 息得到所述密钥, 并利用所述密钥解密所述第二加密信息得到所述与媒体消 息对应的消息; 以及利用所述密钥解密所述第一加密信息得到所述媒体消息; 以及  a decryption module of the receiver, configured to: decrypt the third encrypted information by using a recipient private key to obtain the key, and decrypt the second encrypted information by using the key to obtain the corresponding to the media message And decrypting the first encrypted information using the key to obtain the media message;
所述接收方的访问模块, 其设置为: 根据所述与媒体消息对应的消息访 问所述服务器, 获取所述第一加密信息。  The access module of the receiver is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
6、 如权利要求 5所述的系统, 其中: 6. The system of claim 5 wherein:
所述服务器的加密模块是设置为用所述接收方公钥对所述密钥加密得到 所述第三加密信息。  The encryption module of the server is configured to encrypt the key with the recipient public key to obtain the third encrypted information.
7、 如权利要求 5所述的方法, 其中: 7. The method of claim 5, wherein:
所述服务器和接收方的加密模块或解密模块对所述媒体消息、 第一加密 信息、 与媒体消息对应的消息或第二加密信息进行加密或解密的对称加密算 法是所述服务器和接收方预先协商的, 或, 由服务器或接收器临时通知对方 的;  a symmetric encryption algorithm for encrypting or decrypting the media message, the first encrypted information, the message corresponding to the media message, or the second encrypted information by the encryption module or the decryption module of the server and the receiver is the server and the receiver in advance Negotiated, or, temporarily notified to the other party by the server or receiver;
所述服务器和接收方的加密模块或解密模块对所述密钥或第三加密信息 进行加密或解密的非对称加密算法是所述服务器和接收方预先协商的。  The asymmetric encryption algorithm for encrypting or decrypting the key or the third encrypted information by the encryption module or the decryption module of the server and the receiver is pre-negotiated by the server and the receiver.
8、 一种服务器, 其包括: 8. A server comprising:
消息产生模块, 其设置为: 产生与媒体消息对应的消息;  a message generating module, configured to: generate a message corresponding to the media message;
加密模块, 其设置为: 利用密钥对所述媒体消息和所述与媒体消息对应 的消息分别加密得到第一加密信息和第二加密信息, 对所述密钥加密得到第 三加密信息; 以及 发送模块, 其设置为: 将所述第二加密信息和第三加密信息发送至接收 方; An encryption module, configured to: encrypt the media message and the message corresponding to the media message by using a key to obtain first encrypted information and second encrypted information, and encrypt the key to obtain third encrypted information; a sending module, configured to: send the second encrypted information and the third encrypted information to a receiver;
其中, 所述与媒体消息对应的消息用于指示所述接收端获取所述第一加 密信息的方式。  The message corresponding to the media message is used to indicate the manner in which the receiving end acquires the first encryption information.
9、 如权利要求 8所述的服务器, 其中: 9. The server of claim 8 wherein:
所述加密模块是设置为用接收方公钥对所述密钥加密得到所述第三加密 信息。  The encryption module is configured to encrypt the key with a recipient public key to obtain the third encrypted information.
10、 一种媒体消息接收方, 其包括: 10. A media message receiver, comprising:
接收模块, 其设置为: 接收服务器发送的第二加密信息和第三加密信息; 解密模块, 其设置为: 用接收方私钥解密所述第三加密信息得到密钥, 并利用所述密钥解密所述第二加密信息得到与媒体消息对应的消息; 以及利 用所述密钥解密第一加密信息得到媒体消息; 以及  a receiving module, configured to: receive second encrypted information and third encrypted information sent by the server; and a decrypting module, configured to: decrypt the third encrypted information by using a recipient private key to obtain a key, and use the key Decrypting the second encrypted information to obtain a message corresponding to the media message; and decrypting the first encrypted information by using the key to obtain a media message;
访问模块, 其设置为: 根据所述与媒体消息对应的消息访问所述服务器, 获取所述第一加密信息。  The access module is configured to: access the server according to the message corresponding to the media message, and acquire the first encrypted information.
11、 如权利要求 10所述的接收方, 其中: 11. The receiver of claim 10, wherein:
所述第三加密信息是所述服务器用接收方公钥对所述密钥加密得到的。  The third encrypted information is obtained by the server encrypting the key with a recipient public key.
PCT/CN2011/083611 2011-03-31 2011-12-07 Method, system and apparatus for secure transmission of media message WO2012129928A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110081207.2 2011-03-31
CN201110081207.2A CN102739604B (en) 2011-03-31 2011-03-31 The method and system of secure transmission of media information

Publications (1)

Publication Number Publication Date
WO2012129928A1 true WO2012129928A1 (en) 2012-10-04

Family

ID=46929388

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/083611 WO2012129928A1 (en) 2011-03-31 2011-12-07 Method, system and apparatus for secure transmission of media message

Country Status (2)

Country Link
CN (1) CN102739604B (en)
WO (1) WO2012129928A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973713A (en) * 2014-05-29 2014-08-06 华翔腾数码科技有限公司 Transfer method, extraction method and processing system for electronic mail information
JP6302851B2 (en) * 2015-01-27 2018-03-28 株式会社日立製作所 Re-encryption method, re-encryption system, and re-encryption device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1505029A (en) * 2002-11-29 2004-06-16 ��ʽ���綫֥ Content management method, recording and/or reproducing apparatus, and recording medium
CN1909551A (en) * 2005-08-03 2007-02-07 北京航空航天大学 Data exchanging method based on Web service
CN101123503A (en) * 2007-06-12 2008-02-13 深圳市融合视讯科技有限公司 An encryption and decryption method for electronic file transmission in communication network
CN101414910A (en) * 2008-11-28 2009-04-22 北京飞天诚信科技有限公司 Method and apparatus for improving information input safety
CN101645909A (en) * 2009-09-11 2010-02-10 中山大学 Multi-media information security guarantee method combining encryption and watermark
CN101729532A (en) * 2009-06-26 2010-06-09 中兴通讯股份有限公司 Method and system for transmitting delay media information of IP multimedia subsystem

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100362873C (en) * 2004-05-12 2008-01-16 华为技术有限公司 Method for sending multimedia message
CN101163276B (en) * 2007-11-26 2011-02-02 华为技术有限公司 Method and system of distributing multimedia message, and multimedia message center
CN101765107A (en) * 2008-12-26 2010-06-30 中兴通讯股份有限公司 Method, system and device as well as terminal for implementation of multimedia information service
CN101466079A (en) * 2009-01-12 2009-06-24 中兴通讯股份有限公司 Method, system and WAPI terminal for transmitting e-mail

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1505029A (en) * 2002-11-29 2004-06-16 ��ʽ���綫֥ Content management method, recording and/or reproducing apparatus, and recording medium
CN1909551A (en) * 2005-08-03 2007-02-07 北京航空航天大学 Data exchanging method based on Web service
CN101123503A (en) * 2007-06-12 2008-02-13 深圳市融合视讯科技有限公司 An encryption and decryption method for electronic file transmission in communication network
CN101414910A (en) * 2008-11-28 2009-04-22 北京飞天诚信科技有限公司 Method and apparatus for improving information input safety
CN101729532A (en) * 2009-06-26 2010-06-09 中兴通讯股份有限公司 Method and system for transmitting delay media information of IP multimedia subsystem
CN101645909A (en) * 2009-09-11 2010-02-10 中山大学 Multi-media information security guarantee method combining encryption and watermark

Also Published As

Publication number Publication date
CN102739604A (en) 2012-10-17
CN102739604B (en) 2016-09-28

Similar Documents

Publication Publication Date Title
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
WO2012129929A1 (en) Method, system and appararus for secure transmission of media message
TWI642288B (en) Instant communication method and system
KR101777698B1 (en) User terminal, method and computer for receiving and sending messages
WO2010078755A1 (en) Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof
WO2014175830A1 (en) Method performed by at least one server for processing a data packet from a first computing device to a second computing device to permit end-to-end encryption communication
CN103166958A (en) Protection method and protection system of file
CN111914291A (en) Message processing method, device, equipment and storage medium
WO2010025638A1 (en) Method, equipment and system of peer to peer live broadcast stream transfer
US20180083947A1 (en) Stateless Server-Based Encryption Associated With A Distribution List
CN104200154A (en) Identity based installation package signing method and identity based installation package signing device
WO2013185680A1 (en) Short message enciphering/deciphering method and apparatus
KR20160050766A (en) Apparatus and method for message communication
WO2012139427A1 (en) Media message processing method, system and device
JP2007266674A (en) Method of transferring file
WO2012075761A1 (en) Method and system for encrypting multimedia message service
WO2012129928A1 (en) Method, system and apparatus for secure transmission of media message
JP4781896B2 (en) Encrypted message transmission / reception method, sender apparatus, receiver apparatus, key server, and encrypted message transmission / reception system
WO2012129945A1 (en) Method and system for secure transmission of media messages
CN113709158A (en) Safety e-mail authentication method based on PKI
JP2006229279A (en) Method and system for transmitting/receiving secret data
JP5643251B2 (en) Confidential information notification system, confidential information notification method, program
AU2012311701B2 (en) System and method for the safe spontaneous transmission of confidential data over unsecure connections and switching computers
WO2010069102A1 (en) Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11862679

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11862679

Country of ref document: EP

Kind code of ref document: A1