WO2014194856A1 - 一种基于Android智能移动终端的通信密钥分配方法 - Google Patents
一种基于Android智能移动终端的通信密钥分配方法 Download PDFInfo
- Publication number
- WO2014194856A1 WO2014194856A1 PCT/CN2014/079373 CN2014079373W WO2014194856A1 WO 2014194856 A1 WO2014194856 A1 WO 2014194856A1 CN 2014079373 W CN2014079373 W CN 2014079373W WO 2014194856 A1 WO2014194856 A1 WO 2014194856A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- mobile terminal
- service
- secure communication
- communication
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
Definitions
- the present invention relates to a secure communication technology of a mobile terminal, and a communication key distribution method based on an Android intelligent mobile terminal.
- BACKGROUND OF THE INVENTION At present, mobile communication technologies have been widely used in daily life, but most of the communication processes are not encrypted, and are easily eavesdropped by third parties. Although some operators perform encryption processing in the wireless transmission part, for some higher security requirements, the data stream needs to be encrypted during the entire transmission process, in case it is monitored in the middle process, which requires In the process of mobile communication, end-to-end encryption processing is required, that is, the encryption and decryption links are respectively located at the calling terminal and the called terminal, so that the user information can be effectively protected regardless of the network through which the intermediate link flows. Safety.
- Mobile terminals in the usual sense do not include the function of supporting end-to-end secure communication. Therefore, some existing transformation technologies generally start from the hardware of the mobile terminal, add an encryption and decryption module, a key storage module, etc., thereby forming a special mobile terminal supporting a certain secret communication mode.
- this method is expensive.
- In order to add a secret communication function it is necessary to design and launch a new model.
- the technical threshold is high, which is not conducive to popularization.
- Second, from the user's point of view most people are not willing to just With a secure communication function, it is necessary to replace a new mobile terminal. What they hope is that they can have their own mobile terminal have a secure communication function.
- the object of the present invention is to solve the above problems and provide a communication key distribution method based on an Android smart mobile terminal.
- the smart mobile terminal can be supported by secure communication.
- the function of the network to interact, receive the two-level key, and decrypt the received service key, so as to protect the VoIP secret phone, secret SMS, secure video call, file encrypted transmission, secure mobile payment, and other security
- the supported communication services provide a common underlying support.
- the secure communication support network provides the modified mobile terminal with the service key required for various communication services, and the smart mobile terminal uses the service key to perform secure communication.
- a communication key distribution method based on an Android smart mobile terminal the steps of which are:
- the smart mobile terminal directly connects to the key terminal to which the secure communication support network belongs, downloads the shared key between the local device and the secure communication support network, and stores it in the smart mobile terminal; after the shared key is downloaded, The smart mobile terminal is disconnected from the key terminal;
- the intelligent mobile terminal After the communication service is initiated, the intelligent mobile terminal generates a service key acquisition thread by calling the general secret communication platform API of the system under the system, and applies for the service key required for the communication to the secure communication support network;
- the secure communication support network After receiving the service key application, the secure communication support network allocates the service key required for the current communication to the intelligent mobile terminal participating in the communication;
- the intelligent mobile terminal receives the service key required for the communication from the secure communication support network by calling the general secret communication platform API of the system under the system, and stores it in the memory space of the smart mobile terminal;
- the method for establishing the universal secure communication platform is: (1-1) Add a secure communication function library in the C/C++ framework layer of the Android operating system source code (C/C++ local framework layer), in which the basic functions related to secure communication are implemented, including instruction interaction with the secure communication support network, Key application, key download, key management, encryption and decryption operations, and provide a call to the Java framework layer of Android in the form of a JNI interface, and the secure communication function library will be compiled into a so library file at compile time;
- the method for the smart mobile terminal to apply for the service key is:
- the underlying universal secure communication platform API is invoked by the application layer communication software to generate a new service key acquisition thread, and the thread obtains a connection with the secure communication support network by wireless;
- the smart mobile terminal After the connection is established, the smart mobile terminal sends the related information of the current communication to the secure communication support network to apply for the service key required for the current communication, and the information includes the calling terminal and the called terminal. Identity, authentication information, for which business application business key, business key usage is encrypted or decrypted. Further, in the step (4), the method for the secret communication support network to allocate the service key to the smart mobile terminal is:
- (4-1) establishing a network server thread for waiting for the connection of the smart mobile terminal service key acquisition thread
- the secure communication support network uses the shared key with the smart mobile terminal to encrypt the service key to be delivered;
- the secure communication support network wirelessly transmits the encrypted service key to the smart mobile terminal.
- the secure communication supports a shared key between the network and the smart mobile terminal, and is characterized by:
- the header of the shared key stored in the secure communication support network stores the current use information of the shared key, and is downloaded to the shared key of the smart mobile terminal, and the header information thereof is filtered out;
- the smart mobile terminal After receiving the encrypted service key sent by the secure communication support network, the smart mobile terminal extracts the location information implied therein, and combines the shared key stored in the smart mobile terminal with the secure communication support network. The shared key at the location is decrypted for the received service key;
- the smart mobile terminal downloads a new shared key from the secure communication support network according to the method described in the step (2).
- the smart mobile terminal receives the service key by: after the service key download quantity of the smart mobile terminal reaches the lowest threshold of the current service type capable of performing the confidential communication, the corresponding application is notified. Inform the business key that it is ready to use; then continue to download while using it until the business key is downloaded.
- the memory space of the smart mobile terminal in the step (5) is characterized by:
- the intelligent mobile terminal opens a logically circular memory space for each service key acquisition thread for storing the service key received from the secure communication support network, and the size of the memory space depends on the service type. ;
- the smart mobile terminal has a read location pointer for each of the ring memory spaces in which the service key is stored.
- the corresponding number is read from the position indicated by the pointer.
- a service key and encrypting and decrypting the communication information by using the segment of the service key;
- the pointer continuously advances in the ring memory space, always pointing to the service address first address to be read next time, when the pointer crosses the end of the ring space , that is, reading the service key from the beginning of the ring space;
- the smart mobile terminal has a write location pointer for each of the ring memory spaces in which the service key is stored, and stores the received service key into the ring memory space from the position indicated by the pointer.
- the pointer continues to advance in the ring memory space, always pointing to the first address of the ring memory space where the service key is to be stored next time, and when the pointer crosses the end of the ring space, the service key is continuously written from the beginning of the ring space;
- the amount of the service key applied to the secure communication support network does not exceed the size of the ring memory space;
- the operating system has the ability to obtain keys by the secure communication support network through the Java framework layer of the Android system and the following changes. And this capability can be solidified in the operating system, does not change due to changes in the application layer software, and provides an API interface at the application layer, so that other application layer communication software developed by the third party can invoke the underlying secure communication support provided by the operating system. Add confidential communication capabilities to your software.
- the universal secure communication platform is independent of the specific service, and various business application software running at the application layer can implement various operations in the secure communication flow in the application software by calling the API of the universal secure communication platform.
- the confidential communication support network transmits the relevant information of the current communication through the intelligent mobile terminal, including the identity of the calling terminal and the called terminal, the authentication information, the service request for the service key, and the service key usage is encrypted or Decryption, etc., only determines what kind of service key is assigned to a thread.
- the service key for each communication is not applied by the smart mobile terminal until the communication starts, and is sent by the secure communication support network; and even if it is delivered to the smart mobile terminal, there is only temporary memory. In space, the communication is cleared.
- the key can be obtained by the secure communication support network.
- the service key can be obtained in real time, so it has the ability to support such a high-intensity encryption method.
- the logical ring space is used as the storage method of the service key.
- the new key is continuously downloaded to replace the old key.
- the beneficial effects of the present invention are: It enables the Android smart mobile terminal to download the key from the secure communication support network. ability. It can provide a variety of secure communication services for various mobile devices running Android systems, especially for the underlying software platform support for the one-time high-intensity security of large data traffic services. In this way, for the mobile terminal manufacturer, it is not necessary to produce a special special encrypted mobile terminal, but only need to modify the source code of the existing intelligent mobile terminal supporting the Android operating system of the enterprise, and then re-flash the machine.
- the manufacturer can also provide the complete ROM or upgrade firmware with the secret communication function to the customer in the form of a network or a CD, and the client can complete the upgrade of the mobile terminal by itself.
- the client can complete the upgrade of the mobile terminal by itself.
- smart mobile terminal users it is convenient to have their existing smart mobile terminal join the secure network and have high-intensity secure communication without any hardware changes.
- developers of various communication application software on the Android platform if you want to apply these secure communication functions in your own software, you only need to call the newly added confidentiality-related API at the bottom of the system to add the communication data of your own software. Decrypt it.
- the present invention provides a method for establishing a universal secure communication platform on the underlying layer of the Android operating system, and realizing the allocation of the communication service key through the universal secure communication platform and the secure communication support network. It is not specific to specific communication services and terminals, so the scope of application is not limited to smart mobile terminals. It can also be applied directly to smart TVs, set-top boxes, etc. running Android systems, so that these devices are also available in the local soft. The ability to conduct secure communications on the premise of hardware conditions.
- the modification of the Android operating system is in the Java framework layer and the local C/C++ framework layer, not in the application software layer, so the security capability is solidified in the operating system, and not like some security.
- FIG. 1 is a schematic diagram of a software hierarchical structure of an Android operating system
- FIG. 2 is a schematic diagram of a shared key process between a mobile terminal downloading and a secure communication supporting network
- FIG. 3 is a shared secret stored at a secure communication supporting network and a mobile terminal;
- Figure 4 is a schematic diagram of a service key distribution process;
- Figure 5 is a schematic diagram of service key cross-distribution in a two-way real-time communication service;
- Figure 6 is a logic diagram of a storage structure of a service key at a mobile terminal.
- the specific implementation manner of the general secret communication platform of the Android operating system is to add a secret communication basic function library in the C/C++ framework layer of the Android source code, and the library can be added in the bionic (can also be added in other places, bionic Is the preferred solution).
- a secure communication support network is a network topology entity responsible for generating a key and distributing a key for an intelligent mobile terminal, independent of the smart mobile terminal, capable of receiving the smart mobile terminal
- the key application in conjunction with the relevant functions of the universal secure communication platform of the intelligent mobile terminal, provides the intelligent mobile terminal with various levels of keys required for the communication service, and the key may use a quantum key or other traditional keys.
- Basic functions related to secure communication such as command interaction, key application, key download, key management, encryption and decryption operations.
- bionic is the Android C/C++ framework layer (the software hierarchy of the Android operating system is shown in Figure 1, the APP written by the third-party developers is located in the application software layer, relatively speaking, the Java framework layer under it, C/ C++ local framework layer and Android runtime environment, and Linux kernel layer are collectively referred to as the bottom layer of Android system in this article.
- the bottom layer of the system is the basic part of the operating system, which is solidified in the intelligent mobile terminal and cannot be used like the software of the application software layer.
- the basic C language library used in any installation and uninstallation, so the newly added functions here are also used as part of the Android system's basic function library, which can be called arbitrarily within the Android C/C++ framework layer.
- the Android C / C + + framework layer to add a secret communication high-level function library, it calls bionic key download, key management and other basic function functions, and based on this package and extension, in the form of JNI
- the calling interface is provided to the Java framework layer of Android, and the secure communication function library in the C/C++ framework will be compiled into a so library file.
- a secure communication class is added, which applies the JNI interface to call the secure communication advanced function library provided in the C/C++ framework layer, and further encapsulates and expands the ava framework layer, and finally
- the upper-level application layer provides system APIs for secure communication (these new APIs do not have any essential difference in the use of the official system APIs of the Android system), that is, the universal secure communication platform API for various application layer communication software. transfer.
- system APIs for secure communication (these new APIs do not have any essential difference in the use of the official system APIs of the Android system), that is, the universal secure communication platform API for various application layer communication software. transfer.
- various Android system-based application communication programs written by others can call these newly added system APIs to implement various operations such as connecting a secure communication support network, downloading a key, encrypting and decrypting, and the like.
- the API provided by the underlying layer is unified, and it is only necessary to modify the calling parameters for different services when calling.
- the trigger key downloading part is taken as an example: in the Android system application layer VoIP call software source code specific location (generally in the business process code between the originating/receiving call request and the actual call establishment), join the Android
- the calling code of the "key application” Java API of the general secret communication platform at the bottom of the system, coupled with the corresponding parameters, can trigger the function of requesting the required service key at an appropriate time.
- the basic function library of the Android C/C++ framework layer and the advanced function library are merged together, or simply
- the function of the secure communication function library defined in the C/C++ framework layer is moved to the Java framework layer to implement and so on.
- it is easy to be decompiled in the Java framework layer Therefore, the safer method is to implement the core functions of the universal secure communication platform in the Android C/C++ framework layer, so that the compiled so library files are difficult to be Effective decompilation, to the greatest extent protect the key acquisition and use details and implementation details of the encryption and decryption algorithm.
- the various function interfaces of the C/C++ framework layer and the Java framework layer can also be called by other source code located on the same layer of the operating system. For example, if you do not use the new system API call in the application layer, you can also directly call the C/C++ function library of the universal secure communication platform in the C/C++ framework layer of Android native VoIP, or in Android native VoIP.
- the Java framework layer is called directly to the Java API of the universal secure communication platform.
- this method involves modifying the underlying Android code, it is not suitable for developers of third-party application layer software. After the modification of the Android source code is completed, the source code is recompiled, a new Android operating system image file containing the universal secure communication platform is generated, and the image file is programmed into the smart mobile terminal.
- the smart mobile terminal directly connects to the key terminal to which the secure communication support network belongs, downloads the shared key between the local device and the secure communication support network, and stores it in the smart mobile terminal; after the shared key is downloaded, The smart mobile terminal is disconnected from the key terminal.
- the mobile terminals A and B respectively connect the key terminals T1 and T2 by wire.
- the mobile terminal can connect to any one of the key terminals of the T1-Tn. In actual use, the user often chooses to compare himself.
- the near key terminal the two key terminals are all part of the secure communication support network S, and the mobile terminal and B respectively download the shared key key (SA) and key between the local machine and the secure communication support network S ( SB), saved in the memory card of this unit. After the shared key is downloaded, the mobile terminal disconnects the wired connection from the key terminal.
- Key(S-A) and key(S-B) can be securely communicated.
- Support network S is generated in a variety of ways, such as:
- a secure communication support network can use an internal quantum key transceiver, which can be dense Generating a quantum key directly at the key terminal;
- the secure communication support network can use various classical random number generating devices and algorithms to generate a key separately and then transmit it to the key terminal through the classical network.
- the header of the shared key stored in the secure communication support network stores the current usage information of the shared key, for example, what is the shared key key (SA) between the secure communication support network S and the mobile terminal A. Location; When downloading, the header information is filtered and not downloaded to the mobile terminal. This part is only kept on the secure communication support network (as shown in Figure 3) to reduce the shared key stored in the mobile terminal. The loss of the attacker after malicious stealing.
- SA shared key key
- the intelligent mobile terminal After the communication service is initiated, the intelligent mobile terminal generates a service key acquisition thread by calling the general secret communication platform API of the system under the system, and applies for the service key required for the communication to the secure communication support network.
- This section contains the following:
- the corresponding application layer communication software will call the system's underlying universal secure communication platform API, create a new service key acquisition thread, and connect to the confidentiality.
- the communication support network requests to download the service key required for this call.
- Different communication services can apply for service keys according to their own needs. For example, VoIP phone software can choose to apply for a few MB of service keys, while SMS short message software can choose to apply for hundreds of bytes of service keys. These differences are reflected in the calling system.
- the parameters of the underlying universal secure communication platform API are different. Each intelligent mobile terminal needs to create two threads for downloading the encrypted call service key and decrypting the call service key, the former for encrypting its own voice and the latter for decrypting the encrypted voice of the other party.
- the smart mobile terminal After the service key acquisition thread establishes a connection with the secure communication support network by wireless, the smart mobile terminal transmits relevant information of the current communication to the secure communication support network, including the identity and verification of the calling terminal and the called terminal. Information, for which service to apply for a service key (VoIP service), whether the service key is encrypted or decrypted, so that the secure communication support network provides a service key for it.
- VoIP service Voice over IP service
- the secure communication support network After receiving the service key application, the secure communication support network allocates the service key required for the current communication to the smart mobile terminal participating in the communication.
- This section contains the following: ⁇ 1> Establish a network server thread to wait for the connection of the smart mobile terminal service key acquisition thread.
- the service key is a string of symmetric keys composed of random numbers, which are generated by a secure communication support network, and can be generated by using a quantum method, a software algorithm, a physical random number generation method, and the like.
- the encryption and decryption service key assigned to the calling and called mobile terminal should be a cross relationship, that is, the encrypted service key of the assigned calling mobile terminal corresponds to the decrypted service key of the called mobile terminal.
- the decrypted service key of the assigned calling mobile terminal corresponds to the encrypted service key of the called mobile terminal. As shown in FIG.
- the mobile terminal A communicates with B, and the secure communication support network S transmits the service key K1 to the mobile terminal A as its encrypted service key, and simultaneously transmits the service key K1 to the mobile terminal B as its The service key is decrypted.
- the secure communication support network S transmits the service key K2 to the mobile terminal B as its encrypted service key, and simultaneously transmits the service key K2 to the mobile terminal A as its decryption service key.
- the secure communication support network uses the shared key with the smart mobile terminal to encrypt the service key to be delivered.
- the secure communication support network encrypts the service key
- the current use position of the block shared key is extracted from the shared key header information of the secure communication support network and the smart mobile terminal, and the shared secret from the position is used.
- the key is the service key to be delivered, and the location information is implicitly mixed in some idle reserved bits of the encrypted service key to inform the intelligent mobile terminal when decrypting the received service key.
- the secret communication support network consumes a part of the shared key with a smart mobile terminal, the header information of the shared key is updated to accurately reflect the latest shared key usage.
- the secure communication support network wirelessly transmits the encrypted service key to the smart mobile terminal.
- the intelligent mobile terminal receives the service key required for the communication from the secure communication support network by calling the general secret communication platform API of the system under the system, and stores it in the memory space of the smart mobile terminal.
- the smart mobile terminal After receiving the encrypted service key sent by the secure communication support network, the smart mobile terminal extracts the location information implied therein, where the location information indicates the shared key between the smart mobile terminal and the secure communication support network. Using the location; combined with the shared key stored in the smart mobile terminal and the secure communication support network, you can know From which location the shared key should be used to decrypt the received service key.
- a preferred method is that the service key required for each call or the shared key between the smart mobile terminal and the secure communication support network is one secret, and the used key is not repeated. Use to ensure high security.
- the smart mobile terminal downloads a new shared key from the secure communication support network according to the method described in the step (2). Since the VoIP call has a time span and real-time requirements, the amount of service keys required is large. For example, all downloads may take a long time to complete, so the call cannot be started after the service key is downloaded. Since the service key download speed is much higher than the service key usage speed, once the service key download amount of the smart mobile terminal reaches the minimum threshold capable of performing the VoIP secret call, the VoIP application can be notified to inform the service key. It is already available, and then continue to download while using it until the service key is downloaded.
- the intelligent mobile terminal opens a logically ring-shaped memory space for each service key acquisition thread (as shown in FIG. 6 ), and its size depends on the service type of the communication, and the ring memory space is used for storing the confidential communication. Support the service key received by the network.
- the advantage of this is that the service key actually used for the call is not actually stored in the permanent medium of the mobile terminal, but is cleared from the memory after the call is completed, thereby preventing the person from being exported afterwards and ensuring each call.
- the business key is not used repeatedly.
- the smart mobile terminal has a read location pointer for each of the ring memory spaces storing the service key, pointing to a certain position of the ring memory space, and encrypting (decrypting) a piece of communication plaintext (ciphertext).
- the smart mobile terminal further has a write location pointer for each of the ring memory spaces storing the service key, and the received service key is stored into the ring memory space from the position indicated by the pointer;
- the pointer continues to advance in the ring memory space, always pointing to the first address of the ring memory space where the service key is to be stored next time.
- the pointer crosses the end of the ring space, the service key is continuously written from the beginning of the ring space;
- the amount of service keys applied by the communication support network does not exceed the size of the ring memory space.
- Network application to download the service key again For example, after the first service key is downloaded, the first 50% of the ring memory space in which the service key is stored is filled; when the service key is used to the 25% scale of the ring memory space, the smart mobile terminal transmits the message to the secure communication. Support the network application to download the service key again, and then download 50% of the key amount from the secure communication support network, and fill in the last 50% of the ring memory space; similarly, when the usage of the service key reaches the ring memory space At 75% scale, the intelligent mobile terminal refills 50% of the key amount from the secure communication support network and fills in the first 50% of the ring memory space; the new service key that is continuously downloaded will be the old business at the same location. The key is replaced.
- the service key downloaded into the memory of the smart mobile terminal may not be sufficient, and the smart mobile terminal is at this time.
- the secure communication support network is notified and the service key continues to be downloaded for use. Since the service key is stored in the memory of the smart mobile terminal, not on the permanent storage device; as the communication service ends, the memory space of the stored service key is recovered by the operating system, and the data therein is also destroyed and cannot be reused. read out.
- the smart mobile terminal uses the service key for secure communication. Both parties of the communication encrypt the plaintext with their respective encrypted service keys and send them to the other party. After receiving the ciphertext of the other party, they decrypt the plaintext with the corresponding decryption service key.
- the present embodiment mainly implements a universal secure communication platform based on the Android intelligent operating system, and a communication key distribution method based on the platform. The specific technical details when the communication key is used are not within the scope of the present invention.
- the communication information is preferably encrypted and decrypted once using the symmetric service key downloaded from the secure communication support network, but the asymmetric key is not used to be distributed by using the platform and the distribution method.
- the smart mobile terminal opens a memory space for the service key, it does not need to be set to a logical ring. Because the SMS information is short and the required service key is small, it can be downloaded at one time without downloading.
- the secure communication support network needs to prepare two service keys for each call (as shown in Figure 5).
- the secure communication support network only needs To prepare a service key, the sender is used for encryption and the receiver is used for decryption.
- the intelligent mobile terminal only needs to create a thread and apply for the required service key to the secure communication support network.
- the SMS sender sends an encrypted service key to the secure communication support network before sending the ciphertext.
- the receiver needs to wait until the short message is received before applying for the decryption service key to the secure communication support network. Due to the carrier network, the time interval may be slightly longer. Therefore, on the secure communication support network, the service key application information of the sender needs to be temporarily stored for a period of time, waiting for the service key of the receiver to apply. , then compare to match.
- SMS information is short, it is not necessary to download a part of the service key as VoIP, and then notify the service program to start using it; and all the service keys required for the SMS message can be downloaded after the download is completed. use.
- the above modifications, or other conceivable modifications or alterations, for non-real-time, non-bidirectional interactive communication services such as SMS short messages are within the scope of the present invention without departing from the technical solution proposed by the present invention. within.
- the embodiment of the present invention mainly discusses the creation and application of a universal secure communication platform based on Android intelligent mobile terminal, and a communication key distribution method based on the platform.
- the application scope of the technical solution proposed by the present invention is not limited to the mentioned VoIP, short message, video call, etc., and other communication service types can also implement secure communication through the universal secure communication platform provided by the present invention;
- changes to the call details of the universal secure communication platform should be regarded as the technology proposed by the present invention.
- the specific application variants of the solution are within the scope of the invention.
- the present invention can be used not only for the modification of the Android smart mobile terminal, but also directly or slightly modified, and applied to other terminal devices capable of running the Android operating system, such as smart TVs, set-top boxes, etc., for providing these smart devices.
- the function corresponds to the confidential information service.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016517150A JP6074544B2 (ja) | 2013-06-08 | 2014-06-06 | アンドロイド携帯情報処理端末に基づく通信キーの配布方法 |
US14/896,231 US9668127B2 (en) | 2013-06-08 | 2014-06-06 | Method for allocating communication key based on android intelligent mobile terminal |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310228443.1 | 2013-06-08 | ||
CN201310228443.1A CN104243144B (zh) | 2013-06-08 | 2013-06-08 | 一种基于Android智能移动终端的通信密钥分配方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014194856A1 true WO2014194856A1 (zh) | 2014-12-11 |
Family
ID=52007584
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/079373 WO2014194856A1 (zh) | 2013-06-08 | 2014-06-06 | 一种基于Android智能移动终端的通信密钥分配方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US9668127B2 (zh) |
JP (1) | JP6074544B2 (zh) |
CN (2) | CN104243144B (zh) |
WO (1) | WO2014194856A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3247080A4 (en) * | 2015-02-09 | 2018-01-31 | Huawei Technologies Co., Ltd. | Certificate management method, device and system |
CN113904849A (zh) * | 2021-10-09 | 2022-01-07 | 深圳技德智能科技研究院有限公司 | 访问网络方法、装置、计算机设备和存储介质 |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104780040A (zh) * | 2015-04-06 | 2015-07-15 | 安徽问天量子科技股份有限公司 | 基于量子密码的手持设备加密方法及系统 |
CN105337726A (zh) * | 2015-04-06 | 2016-02-17 | 安徽问天量子科技股份有限公司 | 基于量子密码的端对端手持设备加密方法及系统 |
CN104915602B (zh) * | 2015-04-22 | 2017-08-11 | 飞天诚信科技股份有限公司 | 一种Android平台下的PIN码保护方法 |
CN106301769B (zh) * | 2015-06-08 | 2020-04-10 | 阿里巴巴集团控股有限公司 | 量子密钥输出方法、存储一致性验证方法、装置及系统 |
CN104918243B (zh) * | 2015-06-15 | 2018-04-10 | 上海交通大学 | 基于量子真随机数的移动终端保密系统及方法 |
CN105025475B (zh) * | 2015-07-28 | 2019-02-26 | 东南大学常州研究院 | 面向Android系统的移动保密终端实现方法 |
CN105049193B (zh) * | 2015-09-16 | 2019-01-01 | 浙江神州量子网络科技有限公司 | 一种基于量子保密网络的应用集成系统和控制方法 |
CN107769912A (zh) * | 2016-08-16 | 2018-03-06 | 广东国盾量子科技有限公司 | 一种量子密钥芯片及基于量子密钥芯片的加解密方法 |
CN107820240A (zh) * | 2016-09-12 | 2018-03-20 | 山东量子科学技术研究院有限公司 | 基于安卓操作系统的短消息加、解密方法及安卓操作系统 |
CN107819725B (zh) * | 2016-09-12 | 2020-11-27 | 山东量子科学技术研究院有限公司 | 基于VoIP通话的方法及移动终端 |
CN108123795B (zh) | 2016-11-28 | 2020-01-10 | 广东国盾量子科技有限公司 | 量子密钥芯片的发行方法、应用方法、发行平台及系统 |
CN108132816B (zh) * | 2016-12-01 | 2020-12-18 | 腾讯科技(深圳)有限公司 | 应用中实现本地框架层调用的方法和装置 |
CN107920171A (zh) * | 2017-12-21 | 2018-04-17 | 赛意(上海)信息科技有限公司 | 一种基于智能手机下的App擦肩连接方法及系统 |
CN108307332A (zh) * | 2018-01-23 | 2018-07-20 | 武汉虹旭信息技术有限责任公司 | 基于Android平台的安全短信通信系统及其方法 |
CN109802830B (zh) * | 2019-02-21 | 2022-11-15 | 深圳优仕康通信有限公司 | 一种加密传输方法和量子加密方法 |
CN112468287B (zh) * | 2019-09-09 | 2022-02-22 | 科大国盾量子技术股份有限公司 | 一种密钥分配方法、系统、移动终端和可穿戴设备 |
US11669889B2 (en) * | 2020-08-26 | 2023-06-06 | Aleksandr Iurev | System and method for automated generation of mobile applications for electronic shopping |
US11669890B2 (en) * | 2020-10-20 | 2023-06-06 | Aleksandr Iurev | System and method for automated generation of mobile applications for electronic shopping |
JP7395455B2 (ja) * | 2020-11-06 | 2023-12-11 | 株式会社東芝 | 転送装置、鍵管理サーバ装置、通信システム、転送方法及びプログラム |
CN114840855A (zh) * | 2022-04-22 | 2022-08-02 | 联动优势电子商务有限公司 | 密钥存储、调用方法以及装置、存储介质、电子装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101110671A (zh) * | 2007-08-22 | 2008-01-23 | 中兴通讯股份有限公司 | 基于移动终端的多媒体业务保护和密钥管理方法 |
CN101483808A (zh) * | 2008-01-07 | 2009-07-15 | 中兴通讯股份有限公司 | 保障多媒体广播业务安全的方法 |
CN102867142A (zh) * | 2012-08-22 | 2013-01-09 | 四川长虹电器股份有限公司 | 一种基于Android系统的安全防护方法 |
CN102958021A (zh) * | 2012-11-07 | 2013-03-06 | 华东师范大学 | 一种手机短信加解密通信系统及其通信方法 |
Family Cites Families (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0416768B1 (en) * | 1989-09-08 | 1998-06-17 | Digital Equipment Corporation | Thread private memory storage for multi-thread digital data processors |
US20040107344A1 (en) * | 2001-05-14 | 2004-06-03 | Atsushi Minemura | Electronic device control apparatus |
US8726294B2 (en) * | 2010-10-01 | 2014-05-13 | Z124 | Cross-environment communication using application space API |
KR100965437B1 (ko) * | 2003-06-05 | 2010-06-24 | 인터트러스트 테크놀로지즈 코포레이션 | P2p 서비스 편성을 위한 상호운용 시스템 및 방법 |
JP4638135B2 (ja) * | 2003-10-14 | 2011-02-23 | ソニー株式会社 | 情報記憶媒体 |
US9124650B2 (en) * | 2006-12-13 | 2015-09-01 | Quickplay Media Inc. | Digital rights management in a mobile environment |
US8615581B2 (en) * | 2008-12-19 | 2013-12-24 | Openpeak Inc. | System for managing devices and method of operation of same |
WO2011094734A2 (en) * | 2010-02-01 | 2011-08-04 | Jumptap, Inc. | Integrated advertising system |
CN102014385A (zh) * | 2010-11-22 | 2011-04-13 | 中兴通讯股份有限公司 | 移动终端的认证方法及移动终端 |
US8817984B2 (en) * | 2011-02-03 | 2014-08-26 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US20130205028A1 (en) * | 2012-02-07 | 2013-08-08 | Rackspace Us, Inc. | Elastic, Massively Parallel Processing Data Warehouse |
US9141410B2 (en) * | 2011-03-08 | 2015-09-22 | Rackspace Us, Inc. | Pluggable allocation in a cloud computing system |
US9471384B2 (en) * | 2012-03-16 | 2016-10-18 | Rackspace Us, Inc. | Method and system for utilizing spare cloud resources |
CN102130769A (zh) * | 2011-03-10 | 2011-07-20 | 北京邮电大学 | 一种用于量子密钥分配请求控制与自动实现的模型和方法 |
CN102752230B (zh) * | 2011-04-22 | 2017-04-12 | 腾讯科技(深圳)有限公司 | 一种用户关系链共享的方法和系统 |
CN102196425B (zh) * | 2011-07-01 | 2013-04-03 | 安徽量子通信技术有限公司 | 基于量子密钥分配网络的移动加密系统及其通信方法 |
US9378359B2 (en) * | 2011-10-11 | 2016-06-28 | Citrix Systems, Inc. | Gateway for controlling mobile device access to enterprise resources |
US20130238785A1 (en) * | 2012-03-06 | 2013-09-12 | Rackspace Us, Inc. | System and Method for Metadata Discovery and Metadata-Aware Scheduling |
US9027024B2 (en) * | 2012-05-09 | 2015-05-05 | Rackspace Us, Inc. | Market-based virtual machine allocation |
US9027108B2 (en) * | 2012-05-23 | 2015-05-05 | Box, Inc. | Systems and methods for secure file portability between mobile applications on a mobile device |
US9563480B2 (en) * | 2012-08-21 | 2017-02-07 | Rackspace Us, Inc. | Multi-level cloud computing system |
US9171092B2 (en) * | 2012-12-07 | 2015-10-27 | Empire Technology Development Llc | Personal assistant context building |
CN103077018B (zh) * | 2012-12-27 | 2016-04-27 | 广州英码信息科技有限公司 | 一种基于安卓系统的设备接口的控制方法及系统 |
CN103106372B (zh) * | 2013-01-17 | 2015-10-28 | 上海交通大学 | 用于Android系统的轻量级隐私数据加密方法及系统 |
CN103095461B (zh) * | 2013-01-23 | 2015-12-09 | 山东量子科学技术研究院有限公司 | 一种量子安全网络设备间网络信令的认证方法 |
US20140245368A1 (en) * | 2013-02-28 | 2014-08-28 | Jiwu Media Co., Ltd. | Smart receiver for mashup service based on convergence and receiving method thereof |
US9027087B2 (en) * | 2013-03-14 | 2015-05-05 | Rackspace Us, Inc. | Method and system for identity-based authentication of virtual machines |
-
2013
- 2013-06-08 CN CN201310228443.1A patent/CN104243144B/zh active Active
- 2013-06-08 CN CN201810095836.2A patent/CN108156180B/zh active Active
-
2014
- 2014-06-06 WO PCT/CN2014/079373 patent/WO2014194856A1/zh active Application Filing
- 2014-06-06 US US14/896,231 patent/US9668127B2/en active Active
- 2014-06-06 JP JP2016517150A patent/JP6074544B2/ja active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101110671A (zh) * | 2007-08-22 | 2008-01-23 | 中兴通讯股份有限公司 | 基于移动终端的多媒体业务保护和密钥管理方法 |
CN101483808A (zh) * | 2008-01-07 | 2009-07-15 | 中兴通讯股份有限公司 | 保障多媒体广播业务安全的方法 |
CN102867142A (zh) * | 2012-08-22 | 2013-01-09 | 四川长虹电器股份有限公司 | 一种基于Android系统的安全防护方法 |
CN102958021A (zh) * | 2012-11-07 | 2013-03-06 | 华东师范大学 | 一种手机短信加解密通信系统及其通信方法 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3247080A4 (en) * | 2015-02-09 | 2018-01-31 | Huawei Technologies Co., Ltd. | Certificate management method, device and system |
US10581619B2 (en) | 2015-02-09 | 2020-03-03 | Huawei Technologies Co., Ltd. | Certificate management method, device, and system |
CN113904849A (zh) * | 2021-10-09 | 2022-01-07 | 深圳技德智能科技研究院有限公司 | 访问网络方法、装置、计算机设备和存储介质 |
CN113904849B (zh) * | 2021-10-09 | 2024-01-09 | 深圳技德智能科技研究院有限公司 | 访问网络方法、装置、计算机设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN104243144A (zh) | 2014-12-24 |
CN108156180A (zh) | 2018-06-12 |
JP2016528756A (ja) | 2016-09-15 |
US20160119783A1 (en) | 2016-04-28 |
CN108156180B (zh) | 2021-04-09 |
US9668127B2 (en) | 2017-05-30 |
JP6074544B2 (ja) | 2017-02-01 |
CN104243144B (zh) | 2018-03-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014194856A1 (zh) | 一种基于Android智能移动终端的通信密钥分配方法 | |
WO2021184961A1 (zh) | 部署合约的方法及装置 | |
CN106063183B (zh) | 用于云辅助密码学的方法和装置 | |
AU2012355943B2 (en) | System and method for key management for issuer security domain using global platform specifications | |
US9864874B1 (en) | Management of encrypted data storage | |
US20240054239A1 (en) | Cryptographically secure post-secrets-provisioning services | |
CN101939746A (zh) | 用于管理移动计算设备上的软件应用程序的方法和系统 | |
US10785023B2 (en) | Apparatus and method for managing metering information | |
CN105991569A (zh) | 一种tls通讯数据安全传输方法 | |
CN109672519A (zh) | 一种密码装置及其数据加解密方法 | |
CN114692174B (zh) | 一种电子证照服务系统、方法、装置、介质和设备 | |
CN111190700B (zh) | 针对虚拟化设备的跨域安全访问与资源控制方法 | |
CN103026683A (zh) | 通信系统、通信设备、通信方法和计算机程序 | |
CN116582261A (zh) | 一种区块链隐私合约密钥系统及密钥生成方法、使用方法 | |
CN111901335A (zh) | 基于中台的区块链数据传输管理方法及系统 | |
CN105528216A (zh) | 一种利用安卓系统随机生成蓝牙地址的方法 | |
KR20240002666A (ko) | 메신저 서비스를 제공하기 위한 방법, 시스템 및 비일시성의 컴퓨터 판독 가능한 기록 매체 | |
CN112906032B (zh) | 基于cp-abe与区块链的文件安全传输方法、系统及介质 | |
CN114679287B (zh) | 数据处理方法、系统、电子设备及存储介质 | |
CN112131597A (zh) | 一种生成加密信息的方法、装置和智能设备 | |
CN206865469U (zh) | 基于量子密钥的保密移动通信系统 | |
US20200228503A1 (en) | Network encryption methods for realizing encryption of local area networks at the bottom layer driver of network cards of embedded devices | |
KR20210044581A (ko) | 블록체인 기반 암호화폐 상속 방법 및 장치 | |
CN109155913B (zh) | 网络连接方法、安全节点的确定方法及装置 | |
CN109120631B (zh) | 功能调用系统、方法、装置及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14807064 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14896231 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2016517150 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14807064 Country of ref document: EP Kind code of ref document: A1 |