WO2015117451A1 - 加密通信方法及通信终端和计算机存储介质 - Google Patents

加密通信方法及通信终端和计算机存储介质 Download PDF

Info

Publication number
WO2015117451A1
WO2015117451A1 PCT/CN2014/091274 CN2014091274W WO2015117451A1 WO 2015117451 A1 WO2015117451 A1 WO 2015117451A1 CN 2014091274 W CN2014091274 W CN 2014091274W WO 2015117451 A1 WO2015117451 A1 WO 2015117451A1
Authority
WO
WIPO (PCT)
Prior art keywords
data packet
encrypted
index
encrypted data
encryption
Prior art date
Application number
PCT/CN2014/091274
Other languages
English (en)
French (fr)
Inventor
黄镭
邹晓杰
张志亮
唐亮军
张薇
Original Assignee
深圳市中兴微电子技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市中兴微电子技术有限公司 filed Critical 深圳市中兴微电子技术有限公司
Priority to US15/505,316 priority Critical patent/US10341305B2/en
Priority to EP14881505.3A priority patent/EP3185466B1/en
Publication of WO2015117451A1 publication Critical patent/WO2015117451A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules

Definitions

  • the present invention relates to an encrypted communication technology in the field of communications, and in particular, to an encrypted communication method, a communication terminal, and a computer storage medium.
  • embodiments of the present invention are expected to provide an encrypted communication method and a communication terminal to improve communication security.
  • a first aspect of the embodiments of the present invention provides an encrypted communication method.
  • the method includes:
  • the index is used by the target communication terminal to acquire the encryption algorithm to decrypt the encrypted data packet.
  • the encrypted data packet includes an encrypted portion and an unencrypted portion; the index is carried in the unencrypted portion;
  • the sending the index is:
  • the index is carried in the encrypted data packet and transmitted with the data packet.
  • the method further includes:
  • the encryption tag is used to indicate that the data packet in which it is located is an encrypted data packet.
  • the data packet to be transmitted is a short message data packet; the short message data packet is used for short message interaction.
  • the sending the index is:
  • the negotiation data packet is a data packet used by the source communication terminal to send the index to the target communication terminal.
  • the negotiation data packet is transmitted to the target communication terminal through a short message communication link or a voice communication link.
  • the data packet to be transmitted is a voice data packet for voice communication
  • Encrypting the data packet to be transmitted by using the encryption algorithm to form an encrypted data packet is:
  • the voice data packet to be transmitted is encrypted by the encryption algorithm to form an encrypted data packet.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the body.
  • a second aspect of the embodiments of the present invention provides a method for encrypting communications, where the method includes:
  • the encrypted data packet includes an encrypted portion and an unencrypted portion
  • the index is carried in the encrypted data packet and received along with the encrypted data packet.
  • the unencrypted portion further includes an encryption tag
  • the method further includes:
  • the encrypted data packet includes the encrypted label, determining that the data packet is the encrypted data packet; and entering the step of querying a decryption algorithm from the second NFC security label card according to the index.
  • the encrypted data packet is a data packet formed for a short message data packet; the short message data packet is used for short message interaction.
  • the index of the receiving encryption algorithm is:
  • the negotiation data packet is used by the source communication terminal to send the cable to the target communication terminal. Quoted packets.
  • the receiving the negotiation data packet is: receiving the negotiation data packet from a short message communication link or a voice communication link.
  • the encrypted data packet is a data packet formed by encrypting a voice data packet; the voice data packet is used for voice communication.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the body.
  • a third aspect of the embodiments of the present invention provides a source communication terminal
  • the terminal includes:
  • a reading unit configured to read an encryption algorithm and an index of the encryption algorithm from the first NFC security tag card
  • An encryption unit configured to encrypt a data packet to be transmitted by using the encryption algorithm to form an encrypted data packet
  • a sending unit configured to send the encrypted data packet
  • a sending unit configured to send the index
  • the index is used by the target communication terminal to acquire the encryption algorithm to decrypt the encrypted data packet.
  • the encrypted data packet includes an encrypted portion and an unencrypted portion; the index is carried in the unencrypted portion;
  • the sending unit is configured to carry the index in the encrypted data packet and send the data packet together with the data packet.
  • the terminal further includes:
  • the encryption tag is used to indicate that the data packet in which it is located is an encrypted data packet.
  • the data packet to be transmitted is a short message data packet; the short message data packet is configured as a short message interaction;
  • the encryption unit is configured to encrypt the short message data packet to be transmitted by using the encryption algorithm to form an encrypted data packet.
  • the sending unit is configured to send the index by negotiating a data packet
  • the negotiation data packet is a data packet used by the source communication terminal to send the index to the target communication terminal.
  • the sending unit is configured to send the negotiation data packet to the target communication terminal through a short message communication link or a voice communication link when the source communication terminal performs voice communication with the target communication terminal.
  • the data packet to be transmitted is a voice data packet configured for voice communication
  • the encryption unit is specifically configured to encrypt a voice data packet to be transmitted by using the encryption algorithm to form an encrypted data packet.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the body.
  • a fourth aspect of the embodiments of the present invention provides a target communication terminal, where the terminal includes:
  • a receiving unit configured to receive an index of the encryption algorithm, where the receiving unit is further configured to receive the encrypted data packet;
  • the query unit is configured to query the decryption algorithm from the second NFC security tag card according to the index
  • the decryption unit is configured to decrypt the encrypted data packet according to the decryption algorithm to obtain a data packet before encryption.
  • the encrypted data packet includes an encrypted portion and an unencrypted portion
  • the receiving unit is configured to receive the index and the encrypted data packet carried in the encrypted data packet together.
  • the unencrypted portion further includes an encryption tag
  • the terminal further includes:
  • a parsing unit configured to parse the unencrypted portion of the received data packet to determine whether an encrypted tag is included in the encrypted data packet
  • a determining unit configured to determine that the data packet is the encrypted data packet when the encrypted data packet is included in the encrypted data packet
  • the querying unit is configured to query the decryption algorithm from the second NFC security tag card according to the index when determining that the received data packet is an encrypted data packet.
  • the encrypted data packet is a data packet formed for a short message data packet; the short message data packet is used for short message interaction;
  • the decrypting unit is configured to decrypt the encrypted data packet according to the decryption algorithm, and obtain a short message data packet before encryption.
  • the receiving unit is configured to receive a negotiation data packet
  • the negotiation data packet is a data packet used by the source communication terminal to send the index to the target communication terminal.
  • the receiving unit is configured to receive the negotiation data packet from a short message communication link or a voice communication link when the source communication terminal performs voice communication with the target communication terminal.
  • the encrypted data packet is a data packet formed by encrypting a voice data packet; the voice data packet is used for voice communication;
  • the decrypting unit is configured to decrypt the encrypted data packet according to the decryption algorithm to obtain a voice data packet before encryption.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the body.
  • a fifth aspect of the embodiments of the present invention provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are configured to perform the methods of the first to second aspects of the embodiments of the present invention. At least one of them.
  • the encrypted communication method and the communication terminal read the encryption algorithm and the index of the encryption algorithm from the NFC security tag card before transmitting the data packet, encrypt the data packet to be transmitted, and then transmit the encrypted data. Package, which improves information security.
  • FIG. 1 is a schematic flowchart of an encrypted communication method according to an embodiment of the present invention.
  • FIG. 2 is a second schematic flowchart of an encrypted communication method according to an embodiment of the present invention.
  • FIG. 3 is a third schematic flowchart of an encrypted communication method according to an embodiment of the present invention.
  • FIG. 4 is a fourth schematic flowchart of an encrypted communication method according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a source communication terminal according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a target communication terminal according to an embodiment of the present invention.
  • FIG. 7 is a second schematic structural diagram of a target communication terminal according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a communication system according to an example of the present invention.
  • FIG. 10 is one embodiment of an encrypted communication method according to an example of the present invention.
  • FIG. 11 is a second embodiment of an encrypted communication method according to an example of the present invention.
  • FIG. 12 is a third embodiment of an encrypted communication method according to an example of the present invention.
  • FIG. 13 is a fourth embodiment of the encrypted communication method according to an example of the present invention.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • this embodiment provides an encryption communication method, where the method includes:
  • Step S110 reading an encryption algorithm and an index of the encryption algorithm from the first NFC security tag card
  • Step S120 Encrypt the data packet to be transmitted by using the encryption algorithm to form an encrypted data packet
  • Step S130 Send the encrypted data packet.
  • Step S111 Send the index
  • the index is used by the target communication terminal to acquire the encryption algorithm to decrypt the encrypted data packet.
  • step S110 to the step S130 are sequentially performed, and the step S111 is performed after the step S110.
  • the NFC is an abbreviation of Near Field Communication, which refers to short-range wireless communication. technology.
  • the encryption algorithm and the index of the encryption algorithm are read from the first NFC security tag card.
  • the first NFC security tag card stores one or more encryption algorithms and an index of each encryption algorithm.
  • the index may be an identifier, such as a sequence number and a name of the encryption algorithm, and may be used to query the encryption algorithm.
  • the encryption algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, a digest encryption algorithm, or the like.
  • the at least one encryption algorithm and the encryption are selected from the plurality of encryption algorithms by reading the encryption algorithm and the index of the encryption algorithm in step S110.
  • the index of the algorithm is the index of the algorithm.
  • the encryption level of the encryption algorithm in the first NFC security label card may be different.
  • the asymmetric encryption algorithm is generally used to decrypt the encrypted data, and the encrypted data is encrypted by using a symmetric encryption algorithm.
  • the difficulty is high.
  • the encryption level of the asymmetric encryption algorithm can be set to be higher than the encryption level of the symmetric encryption algorithm.
  • the method further includes: receiving a user indication, selecting an encryption algorithm based on the user indication; if the user indication includes an encryption level, according to the encryption level, the first NFC security label card Reading the encryption algorithm of the corresponding level and its index; for example, the user indication includes communication importance flag information, according to the mapping relationship between the flag information and the encryption level, from the first NFC security tag card Select the corresponding encryption algorithm.
  • the user indication includes an encryption number n, and at least one encryption algorithm is used for one encryption, so that n encryption algorithms and the n encryption algorithms are read from the first NFC security tag card according to the encryption number. Index; wherein n is an integer that is not less than one.
  • the source communication terminal is required to support the near field communication technology, and the first NFC security may be directly separated or integrated from the source communication terminal.
  • the encryption algorithm is read in the tag card.
  • the first NFC security tag card is separately disposed from the source communication terminal, so that the user conveniently saves the source communication terminal and the first NFC security separately.
  • the tag card is configured to reduce the probability that the source communication terminal and the first NFC security tag card are lost at the same time, thereby reducing the illegal user acquiring the source communication terminal and the first NFC security tag card at the same time, so that the illegal user can decrypt the encrypted information of the user. Probability; to improve information security.
  • step S110 how to read the encryption algorithm and the index of the encryption algorithm, in addition to the above methods, there are several kinds, which will not be elaborated here.
  • the encrypted data packet may be all encrypted data packets or partially encrypted data packets;
  • the third party intercepts the data packet to directly extract the communication content, so that the personal privacy, trade secret or technical secret stored in the data packet is stolen or Abuse, leading to information security incidents.
  • the step S111 of transmitting the index of the encryption algorithm is further included, so that the target terminal acquires the corresponding decryption algorithm according to the index, extracts the communication content, and implements normal communication.
  • the encrypted data packet includes an encrypted portion and an unencrypted portion; the index is carried in the unencrypted portion;
  • the sending the index is:
  • the index is carried in the encrypted data packet and transmitted with the data packet.
  • the step S130 and the step S111 are coupled in the same execution step, and the source communication terminal performs a single transmission operation, which can reduce the number of data packet transmissions of the source communication terminal, and can reduce the work of the communication terminal.
  • the consumption especially when the source communication terminal and the target communication terminal are mobile communication terminals, the effect of reducing power consumption is more obvious.
  • the encrypted data packet is a partially encrypted data packet, and partial encryption can reduce the amount of encrypted data.
  • the complete communication data packet content cannot be obtained, and the same encryption effect can be achieved. .
  • the partial encryption may be to encrypt the data content specified in the data packet, specifically, if an encryption policy is preset in the source communication terminal, specifically, the encryption policy stores a plurality of encrypted keywords, according to the keyword. Encrypt. If the currently transmitted information includes its keyword bank card; if the receiving source communication terminal finds that there is a corresponding typeface in the data packet to be transmitted, the specified number of characters before and after the typeface is encrypted, for example, the data packet to be transmitted is encrypted. 20 characters before and after the bank card type; the latter encrypts the numeric characters after the bank card type.
  • the data packet generally includes a packet header and a body part; the packet header stores attribute information of the packet, and the like; the body part is a stored communication content; generally, the packet header further includes a file format of the encrypted information. If the electronic device cannot know the file format, the file cannot be read; in this case, only the portion of the file header in the file format can be encrypted; of course, the encryption method is suitable for transmission. In the communication with attachments.
  • the method further includes:
  • Step S121 Add an encryption label to the unencrypted portion
  • the encryption tag is used to indicate that the data packet in which it is located is an encrypted data packet.
  • the tag by encrypting the tag, it is possible to facilitate the target communication terminal to confirm whether the data packet is an encrypted data packet, and whether to perform an operation of acquiring a decryption algorithm and decrypting the data packet.
  • the encryption tag may correspond to one or more bits of the unencrypted portion of the encrypted data packet, such as one byte; and generally the encrypted tag is located at a specified position in a data packet, so that the target communication terminal can receive each time.
  • the field is extracted from the corresponding location for verification, and it is confirmed whether the packet is an encrypted packet.
  • the data packet to be transmitted is a short message data packet; the short message data packet is used for short message interaction;
  • the step S120 is: encrypting the short message data packet to be transmitted by using the encryption algorithm to form an encrypted data packet.
  • the data packet to be transmitted is defined as a short message data packet; when the user communication terminal interacts with the target communication terminal to perform a short message (commonly referred to as a short message), the short message is exchanged.
  • the data packet to be transmitted may also be used for a voice data packet of a voice communication or a data packet of an instant communication.
  • the sending the index may be: sending the index by negotiating a data packet, in order to further improve the encryption effect, with respect to the unencrypted portion that carries the index in the encrypted data packet;
  • the negotiation data packet is a data packet used by the source communication terminal to send the index to the target communication terminal.
  • the index and communication content are located in different data packets, and the third party cannot obtain the index and communication content of the encryption algorithm at the same time by intercepting only one data packet; the encryption security is improved again.
  • the negotiation data packet may be sent before or after the sending of the encrypted data packet. In this embodiment, it is preferably sent before the encrypted data packet is sent, so that the target communication terminal is received.
  • the encrypted data packet is quickly decrypted before the data packet is encrypted or received simultaneously with the encrypted data packet.
  • the negotiation data packet is transmitted to the target communication terminal through a short message communication link or a voice communication link.
  • the short message communication link is a communication link for transmitting a short message;
  • the voice pain communication link is a communication link for performing voice communication.
  • the source communication terminal and the target communication terminal perform communication negotiation, such as three-way handshake.
  • the information exchanged in these negotiations may also include a negotiated data packet carrying an index; thus, the negotiation is not sent over the short message link. Packets, which simplify the interaction between electronic devices and reduce communication costs.
  • the data packet to be transmitted is a voice data packet for voice communication
  • the step S130 may specifically: encrypt the voice data packet to be transmitted by using the encryption algorithm to form an encrypted data packet.
  • the negotiation data packet is used to transmit the index of the encryption algorithm, because the voice communication usually lasts for a period of time, and multiple voice data packets are continuously formed. And preferably, one voice communication is used for encryption in one encryption mode, and all voice data packets formed by the voice communication are encrypted in the same manner, so the index of the encryption algorithm only needs to be transmitted once, and there is not every An index is carried in a data packet, which can improve security here.
  • short message interaction can also adopt this method.
  • the encrypted data packet may also be a partially encrypted data packet, and the unencrypted portion may also carry the encrypted label to facilitate the determination of whether the target terminal needs to perform decryption.
  • the target communication terminal A sends the negotiation data packet to the target communication terminal before the target communication terminal performs the information interaction, that is, the target terminal indicates that the data packet received by the target terminal is an encrypted data packet, the target communication is performed.
  • the terminal can judge the data packet to the word source communication terminal A according to the transmission address of the data packet, encrypt the communication during the communication, and directly access the relevant steps of decryption after receiving the data packet; without judgment.
  • the source communication terminal will again send the negotiation data packet to the target communication terminal, and encrypt the voice data packet to be transmitted in different manners. , thereby increasing the encryption effect again.
  • the user A of the current source communication terminal and the user B of the target communication terminal perform a telephone meeting, and the content of the communication is important, and the talk time is up to 1 hour; in this hour, if the third party adopts the information decryption technology , intercept each packet and decrypt it if successful Decrypt a packet, and all packets in the communication process are decrypted for up to 1 hour. If the encryption mode is changed once every 10 minutes and the negotiation data packet is sent once, the data packets sent within one hour are in six encryption modes, which obviously improves the security of the information.
  • the negotiation data packet may include, in addition to the index, a first data packet that is decrypted according to the index.
  • Identification information may be information such as a radio frame number or a data packet number during wireless communication.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the text.
  • the text is the content of the interaction between the two parties. At least the part of the text is one of the encrypted objects; the data stored by the packet header is more attribute information of the data packet, and the information obtained by the packet header does not directly affect the leakage of the communication content, so
  • the packet header may be a non-encrypted portion; the target communication terminal is directly parsed by the target communication terminal, and corresponding processing is performed to simplify the operation of the target communication terminal.
  • the embodiment provides an encryption communication method, which can effectively improve communication security.
  • this embodiment provides an encryption communication method, where the method includes:
  • Step S210 Receive an index of the encryption algorithm.
  • Step S211 receiving an encrypted data packet
  • Step S220 Query a decryption algorithm from the second NFC security tag card according to the index;
  • Step S230 Decrypt the encrypted data packet according to the decryption algorithm to obtain a data packet before encryption.
  • the encryption algorithm and the decryption algorithm are relatively corresponding; usually, if the encryption is symmetric, the key of the encryption algorithm and the key of the decryption algorithm are the same, and the index of the encryption algorithm is usually the decryption algorithm.
  • Key if it is an asymmetric encryption algorithm, encrypt the secret The key is different from the key used for decryption, but this is pre-paired. Knowing the index of the encryption algorithm, you can know the index of the corresponding decryption algorithm and find the key of the decryption algorithm.
  • the execution subject is the source communication terminal, and in the present embodiment, the execution subject is the target communication terminal; the source communication terminal and the target communication terminal together constitute the two sides of the communication.
  • the first NFC security label card and the second NFC security label card need to meet the condition that: according to the index provided by the first NFC security label card, the corresponding decryption algorithm can be found in the second NFC security label card;
  • the first NFC security tag card may be identical to the content stored in the second NFC security tag card, and at the same time, support decryption and encryption; or the first NFC security tag card and the second NFC security tag card may be stored in the second NFC security tag card.
  • the content is partially the same, but the same part can support mutual decryption and encryption.
  • the first NFC security tag card stores 10 encryption algorithms and corresponding indexes
  • the second NFC security tag stores 20 encryption algorithms and corresponding indexes, but is stored in the second NFC security tag card.
  • the first NFC security tag card stores a plurality of encryption algorithms and indexes
  • the second NFC security tag card stores a decryption algorithm and an index of the encryption algorithm stored by the first NFC security tag card.
  • the first NFC security tag card may only store the encryption algorithm and index
  • the second NFC security tag card may only store the decryption algorithm and index; use the encryption algorithm in the first NFC security tag card After the encryption is performed, the decryption algorithm must be queried from the second NFC security tag card before decryption can be performed.
  • an encrypted communication algorithm corresponding to the first embodiment is provided from the target communication terminal side, and communication security is improved.
  • the encrypted data packet includes an encrypted portion and an unencrypted portion
  • the index is carried in the encrypted data packet and received along with the encrypted data packet.
  • step S211 and step S210 described in FIG. 3 are performed simultaneously, and the encrypted data packet is received, that is, the receiving of the index of the encryption algorithm is completed at the same time.
  • the unencrypted portion further includes an encryption tag
  • the encrypted data packet received in the embodiment further includes an encryption tag; and the target communication terminal determines whether the received data packet is encrypted data by extracting and parsing whether the received data packet includes the encrypted tag.
  • the package which in turn determines if the packet needs to be decrypted.
  • the step of extracting and parsing the index of the encryption algorithm may be entered in the index according to the index. Query the decryption algorithm; then decrypt the encrypted data packet.
  • the encrypted data packet is a data packet formed by the short message data packet; the short message data packet is used for short message interaction; and the step S230 is specifically: decrypting the encrypted data packet according to the decryption algorithm. , get the short message packet before encryption.
  • the encrypted data packet described in this embodiment is not limited to the data packet formed by the short message data packet, and obviously includes an encrypted data packet formed by encrypting the voice data packet; and may further include an encrypted data packet formed by encrypting the instant communication; For details, refer to the corresponding part in the first embodiment.
  • the embodiment in addition to receiving the encrypted data packet in the index-carrying encrypted data packet, the index of the encryption algorithm is received.
  • the embodiment further provides another method for receiving the index of the encryption algorithm, as follows:
  • the index of the receiving encryption algorithm is: receiving a negotiation data packet
  • the negotiation data packet is a data packet used by the source communication terminal to send the index to the target communication terminal.
  • the security of the communication can be improved again.
  • the receiving the negotiation data packet is: receiving the negotiation data packet from a short message communication link or a voice communication link.
  • the negotiation data packet may be carried in a voice communication link; after the voice communication link is established, a negotiation process is usually performed before the user performs voice communication, and the negotiation data packet may be transmitted in the negotiation process. .
  • the encrypted data packet is a data packet formed by encrypting a voice data packet; the voice data packet is used for voice communication; and the step S230 may be specifically: decrypting the encrypted data packet according to the decryption algorithm, Obtain the voice packet before encryption.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the body.
  • This embodiment is an encrypted communication method that is written from the target communication terminal side corresponding to the first embodiment.
  • the corresponding beneficial effects can be seen in the corresponding part in the first embodiment; obviously, the security of the communication is improved.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • this embodiment provides an encryption communication method, where the method includes:
  • Step S310 The source communication terminal reads the encryption algorithm from the first NFC security tag card and the adding The index of the secret algorithm
  • Step S320 The source communication terminal encrypts the data packet to be transmitted by using the encryption algorithm to form an encrypted data packet.
  • Step S330 The source communication terminal sends the encrypted data packet.
  • Step S340 The source communication terminal sends the index.
  • Step S350 The target communication terminal receives an index of the encryption algorithm.
  • Step S360 the target communication terminal receives the encrypted data packet
  • Step S370 The target communication terminal queries the decryption algorithm from the second NFC security tag card according to the index.
  • Step S380 The target communication terminal decrypts the encrypted data packet according to the decryption algorithm, and acquires a data packet before encryption.
  • the operation performed by the source communication terminal in this embodiment can be referred to the first embodiment.
  • the operation performed by the target communication terminal can be referred to the second embodiment.
  • This embodiment is how the source communication terminal and the target communication terminal perform information interaction.
  • the index of the encryption algorithm may be carried in an encrypted data packet, or may be separately sent in a negotiation data packet.
  • the communication method described in this embodiment is the same as the method described in Embodiment 1 and/or Embodiment 2, and has the same advantages of high communication security.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • this embodiment provides a source communication terminal, where the terminal includes:
  • the reading unit 110 is configured to read an encryption algorithm and an index of the encryption algorithm from the first NFC security tag card;
  • the encryption unit 120 is configured to encrypt the data packet to be transmitted by using the encryption algorithm to form an encrypted data packet;
  • the sending unit 130 is configured to send the encrypted data packet.
  • the sending unit 130 is further configured to send the index
  • the index is used by the target communication terminal to acquire the encryption algorithm to decrypt the encrypted data packet.
  • the specific structure of the reading module 110 in this embodiment may include an NFC communication interface, and the encryption algorithm and index in the first NFC security tag card are read by the reading module.
  • the specific structure of the encryption unit 120 may include a processor and a storage medium; the storage medium is connected to the processor through a bus (the bus includes a data bus and an address bus), and the like; the storage medium stores a computer Executable code; the processor encrypts data to be transmitted by reading and executing the executable code and the encryption algorithm.
  • the processor can be a processing component such as a central processing unit, a microprocessor, a digital signal processor, or a programmable logic array.
  • the specific structure of the transmitting unit may include a communication interface such as a transmitting antenna or a transmission cable.
  • the encrypted data packet includes an encrypted portion and an unencrypted portion; the index is carried in the unencrypted portion;
  • the sending unit 130 is configured to carry the index in the encrypted data packet and send the data packet together with the data packet.
  • the transmitting unit 130 transmits the communication content and the index of the encryption algorithm at one time, reducing the number of data transmissions.
  • the terminal further includes: an adding unit, configured to add an encryption label to the unencrypted portion;
  • the encryption tag is used to indicate that the data packet in which it is located is an encrypted data packet.
  • the terminal further includes an adding unit for adding an encryption label to the unencrypted portion of the encrypted data packet, and by adding the encrypted label, notifying the target communication terminal whether the data packet received by the target communication terminal is an encrypted data packet.
  • the specific structure of the adding unit may also include a processor and a storage medium connected to the processor.
  • the adding unit and the encryption unit 120 can be integrated in a specific implementation process. Corresponding to the same processor, respectively, corresponding to different processors; when the integration corresponds to the same processor, the processor processes the encryption unit 120 and the added unit by using time division multiplexing or concurrent threads. Corresponding function.
  • the encryption unit 120 is configured to encrypt the short message data packet to be transmitted by using the encryption algorithm to form an encrypted data packet.
  • the short message data packet is used for short message interaction.
  • the sending unit 130 is configured to send the index by negotiating a data packet, where the negotiation data packet is a data packet used by the source communication terminal to send the index to the target communication terminal.
  • the sending unit 130 is configured to: when the source communication terminal performs voice communication with the target communication terminal, send the negotiation data packet to the target communication terminal through a short message communication link or a voice communication link, so that It simplifies the interaction of data packets while saving communication costs.
  • the encryption unit 120 is configured to encrypt the voice data packet to be transmitted by using the encryption algorithm to form an encrypted data packet.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the body.
  • the source communication terminal according to the embodiment is used to provide hardware support for the method described in the first embodiment, and can be used to implement any technical solution described in the first embodiment of the method; the same has the advantage of high information security.
  • the source communication terminal described in this embodiment may specifically be a mobile phone and a tablet computer.
  • the first NFC security tag card may be a component integrated inside the source communication terminal or a component separately provided from the source communication terminal; the NFC security tag card includes at least a storage medium storing an encryption algorithm and an index.
  • Embodiment 5 is a diagrammatic representation of Embodiment 5:
  • the embodiment provides a target communication terminal, where the terminal includes:
  • the receiving unit 210 is configured to receive an index of the encryption algorithm, and the receiving unit is further configured to Receiving an encrypted data packet;
  • the querying unit 220 is configured to query the decryption algorithm from the second NFC security tag card according to the index
  • the decryption unit 230 is configured to decrypt the encrypted data packet according to the decryption algorithm to obtain a data packet before encryption.
  • the specific structure of the receiving unit 210 may be a receiving interface, such as a receiving antenna or a twisted pair interface or a fiber optic communication interface, that can receive information.
  • the specific structure of the query unit 220 and the decryption unit 230 may include a processor and a storage medium; the storage medium and the processor are connected by a bus (the bus includes a data bus and an address bus) and the like; Computer executable code is stored on the storage medium; the processor queries the decryption algorithm and decrypts the encrypted data packet by reading and executing the executable code.
  • the target communication terminal in this embodiment queries the decryption algorithm from the second NFC security tag card; and decrypts the encrypted data packet according to the decryption algorithm of the query to obtain the communication content.
  • the target communication terminal may specifically be an electronic device having a communication function such as a mobile phone or a tablet computer.
  • the second NFC security tag card may be integrated in the target communication terminal or may be separately configured from the target communication terminal. In this embodiment, preferably, the second NFC security tag card is separately disposed from the electronic device. If the encrypted data packet is encrypted by using the first encryption algorithm, the second NFC security tag card stores a decryption algorithm and an index corresponding to the first encryption algorithm.
  • the encrypted data packet includes an encrypted portion and an unencrypted portion
  • the receiving unit 210 is configured to receive the index and the encrypted data packet carried in the encrypted data packet together.
  • the unencrypted portion further includes an encryption tag
  • the terminal also includes:
  • the parsing unit 240 is configured to parse the unencrypted portion of the received data packet to determine whether the encrypted data packet is included in the encrypted data packet;
  • the determining unit 250 is configured to: when the encrypted data packet includes the encrypted label, determine that the data packet is the encrypted data packet;
  • the query unit 220 is configured to query the decryption algorithm from the NFC security tag card according to the index when determining that the received data packet is an encrypted data packet.
  • the terminal in the embodiment further includes a parsing unit 240 and a determining unit 250; the specific structure of the parsing unit may be that the decoder decodes the unencrypted portion of the encrypted data packet, and may further include a processor for analyzing the Decoding the output of the decoder to further determine whether the encrypted tag is included in the encrypted data packet.
  • the specific structure of the determining unit 250 is the same processor.
  • the decrypting unit 230 is configured to decrypt the encrypted data packet according to the decryption algorithm to obtain a short message data packet before encryption.
  • the short message data packet is used for short message interaction;
  • the receiving unit 210 is specifically configured to receive a negotiation data packet, where the negotiation data packet is a data packet used by the source communication terminal to send the index to the target communication terminal.
  • the receiving unit is configured to receive the negotiation data packet from a short message communication link or a voice communication link when the source communication terminal performs voice communication with the target communication terminal.
  • the voice communication link Since the voice communication link is opened for voice communication, the voice communication link is obviously used to receive the negotiation data packet, or the negotiation data packet is received through the short message communication link.
  • the voice communication link is selected to receive the negotiation data packet, the interaction between the two ends of the communication can be simplified and the communication cost can be reduced.
  • the decrypting unit 230 is configured to decrypt the encrypted data packet according to the decryption algorithm, and obtain a voice data packet before encryption;
  • the voice data packet is used for voice communication.
  • the encrypted data packet includes a header and a body; the unencrypted portion includes the header; and the encrypted portion includes the body.
  • the present embodiment provides a communication terminal, which provides hardware support for the encrypted communication method according to the second embodiment, and can be used to implement any technical solution described in the second embodiment of the method, and has the advantages of high communication security. .
  • this embodiment provides a communication system, the system includes a source communication terminal 310 and a target communication terminal 320;
  • the source communication terminal 310 is configured to read an encryption algorithm and an index of the encryption algorithm from the first NFC security tag card; encrypt the data packet to be transmitted by using the encryption algorithm to form an encrypted data packet; and send the encryption The data packet and the source communication terminal send the index;
  • the target communication terminal 320 is configured to receive an index of the encryption algorithm, receive an encrypted data packet, query a decryption algorithm from the second NFC security tag card according to the index, and decrypt the encrypted data packet according to the decryption algorithm, Get the packet before encryption.
  • the source communication terminal 310 and the target communication terminal 320 are connected through a network; the network may be a wired network or a wireless network or a hybrid network of wired and wireless networks, and provides the encrypted communication according to the third embodiment.
  • the hardware structure is similarly utilized by the communication system described in this embodiment for communication, and the communication security is high.
  • the present example provides a communication system including a mobile terminal A and a mobile terminal B; wherein one of the mobile terminal A and the mobile terminal B is a source communication terminal, and the other is a target communication. terminal.
  • the mobile terminal A and the mobile terminal B can perform short messages and voice calls through the network.
  • Each of the mobile communication terminals includes the following modules:
  • the near field communication module is configured to read an encryption algorithm, an index of the encryption algorithm, or an index query decryption algorithm according to the encryption algorithm from the NFC security tag card; generally, the encryption algorithm and the decryption algorithm are relative settings; and the encryption algorithm determines the decryption algorithm The algorithm is also determined; usually, the index also has a corresponding relationship.
  • the mobile communication terminal A and the mobile communication terminal B read the encryption algorithm, the index of the encryption algorithm, or the encryption according to the NFC security tag card storing the same content. Algorithmic index query decryption algorithm;
  • An encryption/decryption module configured to encrypt a packet to be transmitted and an encryption algorithm read from the NFC security tag card to form an encrypted packet; and to encrypt the packet according to a decryption algorithm queried from the NFC security tag card Decryption processing;
  • a communication module configured to communicate with other mobile terminals, including receiving and receiving text messages and performing voice communication; in this example, configured to send and receive encrypted data packets.
  • this embodiment provides an encryption communication method, where the method includes:
  • step 204 Determine whether the reading is successful? If yes, go to step 204; if no, go back to 203;
  • the data to be sent is encrypted according to the encryption algorithm; the data to be sent is the content of the short message to be sent; in the specific implementation process, if the number of repeated readings is greater than M times, the reading is no longer performed. Taking; wherein, M is an integer not less than 2;
  • the PDU is an abbreviation of Protocol Data Unit, and refers to a protocol data unit;
  • this embodiment provides an encryption communication method, where the method includes:
  • step 302 Determine whether it is an encrypted short message. If it is not an encrypted short message, parse the short message according to an existing method, if not, go to 303; if the short message received in step 302 is an encrypted short message.
  • step 305 Determine whether the reading is successful, if not, return to step 304; if it is transferred to 306;
  • this embodiment provides an encryption communication method, where the method includes:
  • this embodiment provides an encryption communication method, where the method includes:
  • Example 4 when the encryption algorithm and the decryption algorithm are negotiated, the index of the encryption algorithm can be determined.
  • the embodiment further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are configured as at least one of the embodiments or the examples, as shown in FIG. 1 to FIG. The method described in 4.
  • the computer storage medium can include a removable storage device, a read only memory (ROM, Read-Only Memory), random access memory (RAM), disk or optical disk, and other media that can store program code.
  • ROM read only memory
  • RAM random access memory
  • the storage medium can be a non-transitory storage medium.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

本发明公开了一种加密通信方法及通信终端,所述方法包括:从第一NFC安全标签卡读取加密算法及所述加密算法的索引;利用所述加密算法对待传输的数据包进行加密,形成加密数据包;发送所述加密数据包;及发送所述索引;其中,所述索引配置为目标通信终端获取所述加密算法,以对所述加密数据包进行解密。本发明还同时公开了一种计算机存储介质。

Description

加密通信方法及通信终端和计算机存储介质 技术领域
本发明涉及通信领域的加密通信技术,尤其涉及一种加密通信方法及通信终端和计算机存储介质。
背景技术
目前,随着通信技术的发展,不管是有线通信还是无线通信,人们利用各种通信设备进行信息交互,通信也越来越频繁,如何保证通信安全,防止通信内容被窃取,以避免个人隐私等秘密信息被第三方非法获取并使用,是现有技术中亟待解决的问题。
发明内容
有鉴于此,本发明实施例期望提供加密通信方法及通信终端,以提高通信的安全性。
为达到上述目的,本发明的技术方案是这样实现的:
本发明实施例第一方面提供一种加密通信方法,
所述方法包括:
从第一NFC安全标签卡读取加密算法及所述加密算法的索引;
利用所述加密算法对待传输的数据包进行加密,形成加密数据包;
发送所述加密数据包;
发送所述索引;
其中,所述索引用于目标通信终端获取所述加密算法,以对所述加密数据包进行解密。
基于上述方案,
所述加密数据包包括加密部分和不加密部分;所述索引承载在所述不加密部分;
所述发送所述索引为:
将所述索引承载在所述加密数据包中与所述数据包一起发送。
基于上述方案,
所述方法还包括:
向所述不加密部分添加加密标签;
其中,所述加密标签用于指示其所在的数据包为加密数据包。
基于上述方案,
所述待传输的数据包为短消息数据包;所述短消息数据包用于短消息交互。
基于上述方案,
所述发送所述索引为:
通过协商数据包发送所述索引;
所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
基于上述方案,
当所述源通信终端与所述目标通信终端进行语音通信时,通过短消息通信链路或语音通信链路向所述目标通信终端发送所述协商数据包。
基于上述方案,
所述待传输的数据包为用于语音通信的语音数据包;
所述利用所述加密算法对待传输的数据包进行加密,形成加密数据包为:
利用所述加密算法对待传输的语音数据包进行加密,形成加密数据包。
基于上述方案,
所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
本发明实施例第二方面提供一种加密通信方法,所述方法包括:
接收加密算法的索引;
接收加密数据包;
依据所述索引从第二NFC安全标签卡查询解密算法;
依据所述解密算法解密所述加密数据包,获取加密前的数据包。
基于上述方案,
所述加密数据包包括加密部分和不加密部分;
所述索引承载在所述加密数据包中与所述加密数据包一起接收。
基于上述方案,
所述不加密部分还包括加密标签;
所述方法还包括:
解析接收到的数据包的不加密部分,以确定所述加密数据包内是否包括加密标签;
当所述加密数据包内包括所述加密标签时,确定所述数据包为所述加密数据包;并进入所述依据所述索引从第二NFC安全标签卡查询解密算法的步骤。
基于上述方案,
所述加密数据包为对短消息数据包形成的数据包;所述短消息数据包用于短消息交互。
基于上述方案,
所述接收加密算法的索引为:
接收协商数据包;
其中,所述协商数据包为用于源通信终端向目标通信终端发送所述索 引的数据包。
基于上述方案,
当所述源通信终端与所述目标通信终端进行语音通信时,所述接收协商数据包为:从短消息通信链路或语音通信链路接收所述协商数据包。
基于上述方案,
所述加密数据包为对语音数据包进行加密形成的数据包;所述语音数据包用于语音通信。
基于上述方案,
所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
本发明实施例第三方面提供一种源通信终端,
所述终端包括:
读取单元,配置为从第一NFC安全标签卡读取加密算法及所述加密算法的索引;
加密单元,配置为利用所述加密算法对待传输的数据包进行加密,形成加密数据包;
发送单元,配置为发送所述加密数据包;
发送单元,还配置为发送所述索引;
其中,所述索引用于目标通信终端获取所述加密算法,以对所述加密数据包进行解密。
基于上述方案,
所述加密数据包包括加密部分和不加密部分;所述索引承载在所述不加密部分;
所述发送单元,配置为将所述索引承载在所述加密数据包中与所述数据包一起发送。
基于上述方案,
所述终端还包括:
添加单元,配置为向所述不加密部分添加加密标签;
其中,所述加密标签用于指示其所在的数据包为加密数据包。
基于上述方案,
所述待传输的数据包为短消息数据包;所述短消息数据包配置为短消息交互;
所述加密单元,配置为利用所述加密算法对待传输的短消息数据包进行加密,形成加密数据包。
基于上述方案,
所述发送单元,配置为通过协商数据包发送所述索引;
所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
基于上述方案,
所述发送单元,置为当所述源通信终端与所述目标通信终端进行语音通信时,通过短消息通信链路或语音通信链路向所述目标通信终端发送所述协商数据包。
基于上述方案,
所述待传输的数据包为配置为语音通信的语音数据包;
所述加密单元,具体用于利用所述加密算法对待传输的语音数据包进行加密,形成加密数据包。
基于上述方案,
所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
本发明实施例第四方面提供一种目标通信终端,所述终端包括:
接收单元,配置为接收加密算法的索引;所述接收单元,还配置为接收加密数据包;
查询单元,配置为依据所述索引从第二NFC安全标签卡查询解密算法;
解密单元,配置为依据所述解密算法解密所述加密数据包,获取加密前的数据包。
基于上述方案,
所述加密数据包包括加密部分和不加密部分;
所述接收单元,配置为一起接收承载在所述加密数据包中的所述索引与所述加密数据包。
基于上述方案,
所述不加密部分还包括加密标签;
所述终端还包括:
解析单元,配置为解析接收到的数据包的不加密部分,以确定所述加密数据包内是否包括加密标签;
确定单元,配置为当所述加密数据包内包括所述加密标签时,确定所述数据包为所述加密数据包;
所述查询单元,配置为在确定出接收到的所述数据包为加密数据包时,依据所述索引从第二NFC安全标签卡查询解密算法。
基于上述方案,
所述加密数据包为对短消息数据包形成的数据包;所述短消息数据包用于短消息交互;
所述解密单元,配置为依据所述解密算法解密所述加密数据包,获取加密前的短消息数据包。
基于上述方案,
所述接收单元,配置为接收协商数据包;
其中,所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
基于上述方案,
所述接收单元,配置为当所述源通信终端与所述目标通信终端进行语音通信时,从短消息通信链路或语音通信链路接收所述协商数据包。
基于上述方案,
所述加密数据包为对语音数据包进行加密形成的数据包;所述语音数据包用于语音通信;
所述解密单元,配置为依据所述解密算法解密所述加密数据包,获取加密前的语音数据包。
基于上述方案,
所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
本发明实施例第五方面提供一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令配置为执行本发明实施例第一至第二方面所述方法的至少其中之一。
本发明实施例所述的加密通信方法及通信终端,在发送数据包之前,从NFC安全标签卡中读取加密算法及加密算法的索引,对待传输的数据包进行加密,再传输加密后的数据包,这样提高了信息安全。
附图说明
图1为本发明实施例所述的加密通信方法的流程示意图之一;
图2为本发明实施例所述的加密通信方法的流程示意图之二;
图3为本发明实施例所述的加密通信方法的流程示意图之三;
图4为本发明实施例所述的加密通信方法的流程示意图之四;
图5为本发明实施例所述的源通信终端的结构示意图;
图6为本发明实施例所述的目标通信终端的结构示意图之一;
图7为本发明实施例所述的目标通信终端的结构示意图之二;
图8为本发明实施例所述的通信系统的结构示意图;
图9为本发明示例所述的通信系统的结构示意图;
图10为本发明示例所述的加密通信方法之一;
图11为本发明示例所述的加密通信方法之二;
图12为本发明示例所述的加密通信方法之三;
图13为本发明示例所述的加密通信方法之四。
具体实施方式
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述。
实施例一:
如图1所示,本实施例提供一种加密通信方法,所述方法包括:
步骤S110:从第一NFC安全标签卡读取加密算法及所述加密算法的索引;
步骤S120:利用所述加密算法对待传输的数据包进行加密,形成加密数据包;
步骤S130:发送所述加密数据包;
步骤S111:发送所述索引;
其中,所述索引用于目标通信终端获取所述加密算法,以对所述加密数据包进行解密。
在本实施例中所述步骤S110至步骤S130依次执行,所述步骤S111放在所述步骤S110之后执行即可。
所述NFC为Near Field Communication的缩写,指的是近距离无线通信 技术。在本实施例中,从第一NFC安全标签卡中读取加密算法及所述加密算法的索引。所述第一NFC安全标签卡中存储有一个或多个加密算法及每一个加密算法的索引。所述索引可以是加密算法的序号、名称等具有标识作用的信息,可用于查询所述加密算法。所述加密算法可以是对称加密算法、非对称加密算法、摘要加密算法等。
当所述第一NFC安全标签卡中存储有多个加密算法时,在步骤S110中的读取加密算法和所述加密算法的索引,从多个加密算法中选择至少一个加密算法及所述加密算法的索引。
在所述第一NFC安全标签卡中的加密算法的加密等级可能不一样,具体如,通常采用所述非对称加密算法进行加密后的数据的破解难度,较采用对称加密算法进行加密后的数据难度高,此时,可将非对称加密算法的加密等级设置为高于对称加密算法的加密等级。
在具体的实现过程中,所述方法还包括接收用户指示,基于所述用户指示选择加密算法;如所述用户指示中包括加密等级,则依据所述加密等级从所述第一NFC安全标签卡中读取对应等级的加密算法及其索引;再比如,所述用户指示中包括通信重要性标志信息,依据该标志信息与所述加密等级的映射关系,从所述第一NFC安全标签卡中选择对应的加密算法。再比如,所述用户指示中包括加密次数n,一次加密至少对应一个加密算法,故依据所述加密次数从所述第一NFC安全标签卡中读取n个加密算法及所述n个加密算法的索引;其中,所述n为不小1的整数。
具体的如何从第一NFC安全标签卡中读取加密算法及其对应的索引,要求所述源通信终端支持近场通信技术,可以直接从与所述源通信终端分离或集成的第一NFC安全标签卡中读取所述加密算法。
在本实施例中,优选为所述第一NFC安全标签卡为与所述源通信终端分离设置的,这样方便用户分别保存所述源通信终端和所述第一NFC安全 标签卡,这样降低源通信终端和第一NFC安全标签卡同时丢失的几率,进而降低非法用户同时获取了所述源通信终端和第一NFC安全标签卡,导致非法用户能解密用户的加密信息的几率;以提高信息安全性。
所述步骤S110中具体如何读取加密算法及所述加密算法的索引,除以上方法还有若干种,在此就不再一一进行阐述。
在步骤S120中依据步骤S110中读取的加密算法对待传输的数据包进行加密形成加密数据包;所述加密数据包可以是全部加密的数据包或部分加密的数据包;
若通信过程中不加密所述待传输的数据包,则可能发生第三方截获数据包直接提取通信内容,导致存储在所述数据包中的个人隐私、商业秘密或技术秘密等被人窃取或被滥用,导致信息安全事故。
而在本实施例中,通过对所述数据包的加密,即便第三方截获了加密数据包,若无法解密也无法获取通信内容,提高了第三方获取通信内容的难度,提高了通信的信息安全性。
在本实施例中,为了方便目标通信终端进行解密,还包括发送加密算法的索引的步骤S111,以便目标终端根据所述索引获取对应的解密算法,提取通信内容,实现正常通信。
所述加密数据包包括加密部分和不加密部分;所述索引承载在所述不加密部分;
所述发送所述索引为:
将所述索引承载在所述加密数据包中与所述数据包一起发送。
即所述步骤S130和所述步骤S111是耦合在同一个执行步骤中,由所述源通信终端执行一次发送操作即可,这样能减少源通信终端的数据包发送次数,能降低通信终端的功耗,尤其是当所述源通信终端和目标通信终端为移动通信终端时,降低功耗的效果更加明显。
在本实施例中所述加密数据包为部分加密数据包,部分加密可以减少加密的数据量,同时非法用户截获了数据包后,无法获得完整的通信数据包内容,同样的能达到加密的效果。
所述部分加密可以是对数据包中指定的数据内容进行加密,具体如在所述源通信终端内预先设置加密策略,具体如所述加密策略存储有若干加密的关键字,根据所述关键字进行加密。如当前传输的信息中包括其关键字银行卡;则接收源通信终端发现待传输的数据包中有对应的字样,则对该字样前后指定字符数进行加密,如加密待传输的数据包中包括银行卡字样的前后20个字符;后者加密出现银行卡字样后的数字字符等。
再比如,所述数据包通常包括包头和正文两部分;所述包头存储了这个包的属性信息等;所述正文部分为存储的通信内容;通常所述包头内还包括被加密信息的文件格式,如是文本格式、语音格式或视频格式;若电子设备无法获知文件格式,则无法读取文件;此时可以仅对所述包头中记录文件格式的部分进行加密;当然这种加密方法适用于传输有附件的通信中。
基于上述方案,
如图2所示,所述方法还包括:
步骤S121:向所述不加密部分添加加密标签;
其中,所述加密标签用于指示其所在的数据包为加密数据包。
在本实施例中通过加密标签,可以便于目标通信终端确认该数据包是否为加密数据包,是否要执行获取解密算法及解密数据包的动作。所述加密标签可以对应所述加密数据包中不加密部分的1位或多位,具体如一个字节;且通常所述加密标签位于一个数据包中的指定位置,便于目标通信终端每次接收到一个数据包时,均从对应的位置提取该字段进行核对,确认该数据包是否为加密数据包。
所述待传输的数据包为短消息数据包;所述短消息数据包用于短消息交互;
所述步骤S120为:利用所述加密算法对待传输的短消息数据包进行加密,形成加密数据包。
在本实施例中,限定了所述待传输的数据包为短消息数据包;是用户通信终端与目标通信终端进行短消息(俗称短信)交互的时候,对所述短消息进行交互。在具体的实现过程中,所述待传输的数据包还可以用于语音通信的语音数据包或即时通信的数据包等。
在本实施例中,相对于将索引承载在加密数据包中的不加密部分,为了进一步提高加密效果,所述发送所述索引还可为:通过协商数据包发送所述索引;
所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。这样索引和通信内容位于不同的数据包中,第三方无法通过仅截获一个数据包就能同时获取加密算法的索引和通信内容;再次提高了加密安全性。
在具体的实现过程中,所述协商数据包可在发送所述加密数据包之前或之后发送,在本实施例中优选为在发送所述加密数据包之前就发送,便于目标通信终端在接收到加密数据包之前或与加密数据包同时接收到所述索引,快速对所述加密数据包进行解密。
当所述源通信终端与所述目标通信终端进行语音通信时,通过短消息通信链路或语音通信链路向所述目标通信终端发送所述协商数据包。
其中,所述短消息通信链路是用于传输短消息的通信链路;所述语音痛通信链路为进行语音通信的通信链路。在进行语音通信时,源通信终端和目标通信终端会进行通信协商,如三次握手。在这些协商中交互的信息还可包括承载有索引的协商数据包;这样不用通过短消息链路来发送协商 数据包,这样能简化电子设备之间的交互,并能降低通信费用。
所述待传输的数据包为用于语音通信的语音数据包;
所述步骤S130具体可为:利用所述加密算法对待传输的语音数据包进行加密,形成加密数据包。
在本实施例中强调在源通信终端和目标通信终端在进行语音通信时,采用协商数据包来发送加密算法的索引,这是由于语音通信通常都会持续一段时间,会连续形成多个语音数据包,且优选为一次语音通信用于一种加密方式进行加密,则该次语音通信形成的所有语音数据包都采用相同的方式加密,故加密算法的索引仅需传输一次即可,且并没有每一个数据包中都承载索引,能在此提高安全性。
在具体的实现过程中,当然短消息交互也可以采用这种方法。
此外,针对语音数据包加密形成的加密数据包,所述加密数据包同样可以是部分加密数据包,所述不加密部分中同样可以承载加密标签便于目标终端进行是否需要进行解密的判断。
但是,若源通信终端A在于目标通信终端进行信息交互之前,先向目标通信终端发送协商数据包,即向目标终端表示了接下来其接收到的数据包都是加密的数据包,则目标通信终端根据数据包的发送地址可判断出该数据包来字源通信终端A,此次通信时加密通信,在接收到数据包后,直接接入解密的相关步骤;而无需进行判断。
在具体的实现过程中,若源通信终端和目标通信终端的语音通信时长大于一个指定时长后,源通信终端将再次向目标通信终端发送协商数据包,用不同的方式加密待传输的语音数据包,从而再次提高加密效果。
具体如当前源通信终端的用户A与目标通信终端的用户B,进行电话会晤,交流的内容都很重要,且通话时间长达1个小时;在这一个小时内,若第三方采用信息解密技术,截获每一个数据包并对其进行解密,若成功 解密一个数据包,则长达1个小时通信过程中的所有数据包都被解密了。若此时10分钟变更一次加密方式且发送一次协商数据包,则1个小时内发送的数据包采用6种加密方式,显然提高了信息的安全性。
对于一次通信过程中形成的多个数据包,采用至少两种加密方式,进行加密时,所述协商数据包中除了包括所述索引外,还可包括依据该索引进行解密的首个数据包的标识信息;所述标识信息,在无线通信过程中,可以无线帧号或数据包编号等信息。
进一步地,在本实施例中再次限定,所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。正文是通信双方交互的内容,至少正文的部分是加密的对象之一;包头存储的数据更多的是该数据包的一些属性信息,获取了包头信息也不会直接影响通信内容的泄密,故所述包头可为不加密部分;方便目标通信终端直接解析所述包头,进行相应处理,简化目标通信终端的操作。
综合上述,本实施例提供了一种加密通信方法,能有效的提升通信安全性。
实施例二
如图3所示,本实施例提供一种加密通信方法,所述方法包括:
步骤S210:接收加密算法的索引;
步骤S211:接收加密数据包;
步骤S220:依据所述索引从第二NFC安全标签卡查询解密算法;
步骤S230:依据所述解密算法解密所述加密数据包,获取加密前的数据包。
在具体的实现过程中所述加密算法和解密算法是相对对应的;通常若是对称加密,则加密算法的密钥和解密算法的密钥是一样的,则加密算法的索引通常也就是解密算法的密钥;若是非对称加密算法,进行加密的密 钥和进行解密的密钥是不同的,但是这是都预先配对好的,知道了加密算法的索引,就可以知道对应的解密算法的索引,并找到解密算法的密钥。
发明实施例一执行主体为源通信终端,而在本实施中执行主体为目标通信终端;源通信终端和目标通信终端共同构成了通信的双方。所述第一NFC安全标签卡和所述第二NFC安全标签卡需要满足条件是:依据第一NFC安全标签卡提供的索引,能在第二NFC安全标签卡中查到对应解密算法;具体的可以是第一NFC安全标签卡与所述第二NFC安全标签卡内存储的内容完全相同,且同时能支持解密和加密;或者第一NFC安全标签卡与所述第二NFC安全标签卡内存储的内容部分相同,但是相同部分能支持相互解密和加密。具体如,第一NFC安全标签卡中存储有10种加密算法及对应的索引;第二NFC的安全标签中存储有20种加密算法及对应的索引,但是存储在所述第二NFC安全标签卡中的20中加密算法及对应的索引,包括存储在第一NFC安全标签卡中的加密算法及索引;故随机采用第一NFC安全标签卡中的一种加密算法对待传输的数据包进行加密,形成加密数据包;第二NFC安全标签卡对所述加密数据包可进行解密。
在具体的实现过程中,所述第一NFC安全标签卡中存储有若干个加密算法及索引,第二NFC安全标签卡中存储有第一NFC安全标签卡存储的加密算法的解密算法及索引。如在非对称加密过程中,第一NFC安全标签卡可仅存储的加密算法及索引,第二NFC安全标签卡中可仅存储的解密算法及索引;用第一NFC安全标签卡中的加密算法进行加密后,必须从第二NFC安全标签卡中查询解密算法之后,才可以进行解密。
本实施例从目标通信终端侧,提供了对应于实施例一的加密通信算法,提高了通信安全性。
基于上述方案,所述加密数据包包括加密部分和不加密部分;
所述索引承载在所述加密数据包中与所述加密数据包一起接收。
即图3中所述的步骤S211和步骤S210是同时执行的,接收了所述加密数据包,即同时完成了加密算法的索引的接收。
如何实现对数据进行部分加密,可以采用现有技术中的任意一种加密方法,对待加密的部分进行加密即可;具体对哪些数据进行加密,可以参见实施例一中的对应部分。
所述不加密部分还包括加密标签;
本实施例所述方法还包括:
解析接收到的数据包的不加密部分,以确定所述加密数据包内是否包括加密标签;
当所述加密数据包内包括所述加密标签时,确定所述数据包为所述加密数据包;
若是,则进入所述依据所述索引从NFC安全标签卡查询解密算法的步骤。
在本实施例中所接收的加密数据包中还包括了加密标签;目标通信终端通过对提取并解析接收到数据包中是否包括所述加密标签,可确定其接收到的数据包是否为加密数据包,进而确定是否需要对数据包进行解密。在具体的实现过程中,若索引承载在所述加密数据包中,在依据加密标签确定出该数据包为加密数据包后,可在进入提取并解析加密算法的索引的步骤,在进入依据索引查询解密算法;再对加密数据包进行解密。
进一步地,所述加密数据包为对短消息数据包形成的数据包;所述短消息数据包用于短消息交互;所述步骤S230具体可为:依据所述解密算法解密所述加密数据包,获取加密前的短消息数据包。显然本实施例所述的加密数据包不仅限于对短消息数据包形成的数据包,显然包括对语音数据包进行加密形成的加密数据包;还可包括对即时通信进行加密形成的加密数据包;详细可参见实施例一中的对应部分。
本实施例相对于将索引承载加密数据包中在接收加密数据包的同时,一起接收加密算法的索引外,本实施例还提供了另一中接收加密算法索引的方法,具体如下:
所述接收加密算法的索引为:接收协商数据包;
其中,所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
通过协商数据包单独接收加密算法的索引,能再次提高通信的安全性。
当所述源通信终端与所述目标通信终端进行语音通信时,所述接收协商数据包为:从短消息通信链路或语音通信链路接收所述协商数据包。
当所述协商数据包时通过短消息链路发送的则从短消息通信链路上发送,当源通信终端和目标通信终端进行的语音通信时,开辟了专门的语音通信链路;此时还可以将所述协商数据包承载在语音通信链路中发送;语音通信链路建立后通常在用户进行语音通信之前,还将进行协商处理,所述协商数据包即可在所述协商处理中传输。
进一步地,所述加密数据包为对语音数据包进行加密形成的数据包;所述语音数据包用于语音通信;所述步骤S230具体可为:依据所述解密算法解密所述加密数据包,获取加密前的语音数据包。
基于上述方案,所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
本实施例为对应于实施例一从目标通信终端侧撰写的加密通信方法,其对应的有益效果可以参见实施例一中相应的部分;显然是提升了通信的安全性的。
实施例三:
如图4所示,本实施例提供一种加密通信方法,所述方法包括:
步骤S310:源通信终端从第一NFC安全标签卡读取加密算法及所述加 密算法的索引;
步骤S320:源通信终端利用所述加密算法对待传输的数据包进行加密,形成加密数据包;
步骤S330:源通信终端发送所述加密数据包;
步骤S340:源通信终端发送所述索引;
步骤S350:目标通信终端接收所述加密算法的索引;
步骤S360:目标通信终端接收加密数据包;
步骤S370:目标通信终端依据所述索引从第二NFC安全标签卡查询解密算法;
步骤S380:目标通信终端依据所述解密算法解密所述加密数据包,获取加密前的数据包。
本实施例所述源通信终端执行的操作可参见实施例一;所述目标通信终端所执行的操作可参见实施例二;本实施例为源通信终端和目标通信终端具体如何进行信息交互,在具体的实现过程中,所述加密算法的索引可以承载在加密数据包中发送,也可以承载在协商数据包中单独发送。
本实施例所述的通信方法如实施例一和/或实施例二所述的方法一样,同样的具有通信安全性高的优点。
实施例四:
如图5所示,本实施例提供一种源通信终端,所述终端包括:
读取单元110,配置为从第一NFC安全标签卡读取加密算法及所述加密算法的索引;
加密单元120,配置为利用所述加密算法对待传输的数据包进行加密,形成加密数据包;
发送单元130,配置为发送所述加密数据包;
发送单元130,还配置为发送所述索引;
其中,所述索引用于目标通信终端获取所述加密算法,以对所述加密数据包进行解密。
本实施例所述的读取模块110的具体结构可包括NFC的通信接口,通过所述读取模块读取第一NFC安全标签卡内的加密算法及索引。
所述加密单元120的具体结构可包括处理器及存储介质;所述存储介质与所述处理器通过总线(所述总线包括数据总线和地址总线)等结构相连;所述存储介质上存储有计算机可执行代码;所述处理器通过读取并执行所述可执行代码以及所述加密算法对待传输的数据进行加密。
所述处理器可为中央处理器、微处理器、数字信号处理器或可编程逻辑阵列等具有处理功能的电子元器件。
所述发送单元的具体结构可包括通信接口,例如发送天线或传输电缆等等结构。
基于上述方案,
所述加密数据包包括加密部分和不加密部分;所述索引承载在所述不加密部分;
所述发送单元130,配置为将所述索引承载在所述加密数据包中与所述数据包一起发送。这样发送单元130一次性将通信内容和加密算法的索引都发送了,减少了数据发送次数。
所述终端还包括:添加单元,配置为向所述不加密部分添加加密标签;
其中,所述加密标签用于指示其所在的数据包为加密数据包。
本实施例中所述终端还包括用于向加密数据包中不加密部分添加加密标签的添加单元,通过加密标签的添加,告知目标通信终端其接收的数据包是否为加密数据包。
所述添加单元的具体结构同样的可包括处理器及与所述处理器连接的存储介质。在具体实现过程中,所述添加单元与所述加密单元120可集成 对应于同一个处理器,也可分别对应不同的处理器;当集成对应于同一处理器时,所述处理器采用时分复用或并发线程的来处理所述加密单元120和所述添加单元度对应的功能。
基于上述方案,当所述待传输的数据包为短消息数据包时,所述加密单元120,配置为利用所述加密算法对待传输的短消息数据包进行加密,形成加密数据包。所述短消息数据包用于短消息交互。
所述发送单元130,配置为通过协商数据包发送所述索引;所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
所述发送单元130,配置为当所述源通信终端与所述目标通信终端进行语音通信时,通过短消息通信链路或语音通信链路向所述目标通信终端发送所述协商数据包,这样能简化数据包的交互同时能节省通信费用。
当所述待传输的数据包为用于语音通信的语音数据包时,所述加密单元120,配置为利用所述加密算法对待传输的语音数据包进行加密,形成加密数据包。
所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
本实施例所述的源通信终端用于为实施例一中所述的方法提供硬件支撑,可以用于实现方法实施例一中任意所述的技术方案;同样的具有信息安全度高的优点。本实施例所述的源通信终端具体的可以是手机和平板电脑。所述第一NFC安全标签卡可为集成在所述源通信终端内部的部件,或与所述源通信终端分离设置的部件;所述NFC安全标签卡至少包括存储加密算法及索引的存储介质。
实施例五:
如图6所示,本实施例提供一种目标通信终端,所述终端包括:
接收单元210,配置为接收加密算法的索引;所述接收单元,还配置为 接收加密数据包;
查询单元220,配置为依据所述索引从第二NFC安全标签卡查询解密算法;
解密单元230,配置为依据所述解密算法解密所述加密数据包,获取加密前的数据包。
所述接收单元210的具体结构可为接收天线或双绞线接口或光纤通信接口等可接收信息的通信接口。所述查询单元220及所述解密单元230的具体结构均可包括处理器及存储介质;所述存储介质与所述处理器通过总线(所述总线包括数据总线和地址总线)等结构相连;所述存储介质上存储有计算机可执行代码;所述处理器通过读取并执行所述可执行代码查询所述解密算法及对加密数据包进行解密。
本实施例所述的目标通信终端接收到加密数据包之后,从第二NFC安全标签卡中查询解密算法;依据查询的解密算法对所述加密数据包进行解密,以获取通信内容。
所述目标通信终端具体可以是手机或平板电脑等具有通信功能的电子设备。所述第二NFC安全标签卡可以是集成设置在所述目标通信终端内的,也可以是与所述目标通信终端分离设置的。在本实施例中,优选所述第二NFC安全标签卡与所述电子设备分离设置。若加密数据包是采用第一加密算法进行的加密的;则所述第二NFC安全标签卡内存储有与所述第一加密算法对应的解密算法及索引。
基于上述方案,所述加密数据包包括加密部分和不加密部分;
所述接收单元210,配置为一起接收承载在所述加密数据包中的所述索引与所述加密数据包。
所述不加密部分还包括加密标签;
如图所述终端还包括:
解析单元240,配置为解析接收到的数据包的不加密部分,以确定所述加密数据包内是否包括加密标签;
确定单元250,配置为当所述加密数据包内包括所述加密标签时,确定所述数据包为所述加密数据包;
所述查询单元220,具体配置为在确定出接收到的所述数据包为加密数据包时,依据所述索引从NFC安全标签卡查询解密算法。
本实施例中所述的终端还增设了解析单元240和确定单元250;所述解析单元的具体结构可为解码器对加密数据包的不加密部分进行解码,还可包括处理器用于分析所述解码器输出的解码结果,进一步确定所述加密数据包内是否包括所述加密标签。所述确定单元250的具体结构同样的处理器。
当所述加密数据包为对短消息数据包形成的数据包时,所述解密单元230,配置为依据所述解密算法解密所述加密数据包,获取加密前的短消息数据包。所述短消息数据包用于短消息交互;
进一步地,所述接收单元210,具体配置为接收协商数据包;其中,所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
所述接收单元,配置为当所述源通信终端与所述目标通信终端进行语音通信时,从短消息通信链路或语音通信链路接收所述协商数据包。
由于语音通信时,开辟了语音通信链路来进行语音数据包的发送,显然也可以用所述语音通信链路来接收所述协商数据包,或者通过短消息通信链路接收所述协商数据包;当选择语音通信链路接收所述协商数据包,能简化通信两端的交互并降低通信费用。
当所述加密数据包为对语音数据包进行加密形成的数据包时,所述解密单元230,配置为依据所述解密算法解密所述加密数据包,获取加密前的语音数据包;其中,所述语音数据包用于语音通信。
所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
综合上述,本实施例提供了一种通信终端,为实施例二所述的加密通信方法提供了硬件支撑,能用于实现方法实施例二任意所述的技术方案,具有通信安全性高的优点。
实施例六:
如图8所示,本实施例提供一种通信系统,所述系统包括源通信终端310和目标通信终端320;
所述源通信终端310,配置为从第一NFC安全标签卡读取加密算法及所述加密算法的索引;利用所述加密算法对待传输的数据包进行加密,形成加密数据包;发送所述加密数据包及源通信终端发送所述索引;
所述目标通信终端320,配置为接收所述加密算法的索引;接收加密数据包;依据所述索引从第二NFC安全标签卡查询解密算法;及依据所述解密算法解密所述加密数据包,获取加密前的数据包。
所述源通信终端310与所述目标通信终端320之间通过网络进行连接;所述网络可以是有线网络或无线网络或有线与无线网络的混合网络,为实施例三所述的加密通信提供了硬件结构,同样的利用本实施例所述的通信系统,进行通信,通信安全性高。
以下结合以上任一所述的实施例,提供几个具体示例:
示例一:
如图9所示,本示例提供一种通信系统,包括移动终端A和移动终端B;其中,所述移动终端A和所述移动终端B的其中之一为源通信终端,另一个为目标通信终端。所述移动终端A和所述移动终端B可通过所述网络进行短信和语音通话。
每一个所述移动通信终端中均包括以下模块:
近场通信模块,配置为从NFC安全标签卡中读取加密算法、加密算法的索引或依据所述加密算法的索引查询解密算法;通常加密算法和解密算法是相对设置;加密算法确定了则解密算法也就确定了;通常索引也有对应关系,在本实施例中移动通信终端A和移动通信终端B从存储有同样内容的NFC安全标签卡中读取加密算法、加密算法的索引或依据所述加密算法的索引查询解密算法;
加密/解密模块,配置为对待传输数据包以及从NFC安全标签卡中读取的加密算法进行加密处理,以形成加密数据包;及依据从NFC安全标签卡中查询的解密算法对加密数据包进行解密处理;
通信模块;配置为与其他移动终端进行通信,包括收发短信及进行语音通信;在本示例中配置为收发加密数据包。
示例二:
如图10所示,本实施例提供一种加密通信方法,所述方法包括:
201:预备发送短信;
202:判断待发送的短信是否为加密短信;如果是进入202;若果否进入常规短信发送流程;
203:从NFC安全标签卡中读取解密算法和索引;
204:判断是否读取成功?若是进入步骤204;若否返回203;
205:将待发送的数据根据所述加密算法进行加密;所述待发送的数据为要发送的短信内容;在具体的实现过程中,若反复读取的次数大于M次,则不再进行读取;其中,所述M为不小2的整数;
206:将加密后的数据打包成PDU数据包,且在PDU数据包添加索引;所述PDU为Protocol Data Unit的缩写,指的是协议数据单元;
207:将PDU数据包发送给短消息中心;所述短消息中心将所述PDU数据包转发给目标通信终端。
示例三:
如图11所示,本实施例提供一种加密通信方法,所述方法包括:
301:接收到短信;
302:判定是否为加密短信,若不是加密短信则根据现有的方法解析短信,若否则转入303;步骤302中判断的时接收到的短信是否为加密短信。
303:解析加密算法的索引;
304:根据索引从NFC安全标签卡中查询解密算法;
305:判断是否读取成功,若否返回步骤304;若是转入306;
306:根据解密算法进行解码。
示例四:
如图12所示,本实施例提供一种加密通信方法,所述方法包括:
401:通过短信协商确认通话的加密算法;
402:对通话的语音数据根据加密算法进行加密;
403:传输加密后的语音数据。
示例五:
如图13所示,本实施例提供一种加密通信方法,所述方法包括:
501:通过短信协商确认通话的解密算法;
502:接收到解密的语音数据;
503:根据解密算法对加密的语音数据进行解密。
在示例四和示例五中,在协商加密算法和解密算法时,确定加密算法的索引即可。
本实施例还提供一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令配置为实施例或示例所述方法的至少其中之一,如图1至图4所述的方法。
所述计算机存储介质可包括移动存储设备、只读存储器(ROM, Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。在一些实施例中所述存储介质可为非瞬间存储介质。
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。

Claims (33)

  1. 一种加密通信方法,
    所述方法包括:
    从第一NFC安全标签卡读取加密算法及所述加密算法的索引;
    利用所述加密算法对待传输的数据包进行加密,形成加密数据包;
    发送所述加密数据包;
    发送所述索引;
    其中,所述索引配置为目标通信终端获取所述加密算法,以对所述加密数据包进行解密。
  2. 根据权利要求1所述的方法,其中,
    所述加密数据包包括加密部分和不加密部分;所述索引承载在所述不加密部分;
    所述发送所述索引为:
    将所述索引承载在所述加密数据包中与所述数据包一起发送。
  3. 根据权利要求2所述的方法,其中,
    所述方法还包括:
    向所述不加密部分添加加密标签;
    其中,所述加密标签配置为指示其所在的数据包为加密数据包。
  4. 根据权利要求1、2或3所述的方法,其中,
    所述待传输的数据包为短消息数据包;所述短消息数据包配置为短消息交互。
  5. 根据权利要求1所述的方法,其中,
    所述发送所述索引为:
    通过协商数据包发送所述索引;
    所述协商数据包为配置为源通信终端向目标通信终端发送所述索引的数据包。
  6. 根据权利要求5所述的方法,其中,
    当所述源通信终端与所述目标通信终端进行语音通信时,通过短消息通信链路或语音通信链路向所述目标通信终端发送所述协商数据包。
  7. 根据权利要求1、2、3、5或6所述的方法,其中,
    所述待传输的数据包为配置为语音通信的语音数据包;
    所述利用所述加密算法对待传输的数据包进行加密,形成加密数据包为:
    利用所述加密算法对待传输的语音数据包进行加密,形成加密数据包。
  8. 根据权利要求2所述的方法,其中,
    所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
  9. 一种加密通信方法,
    所述方法包括:
    接收加密算法的索引;
    接收加密数据包;
    依据所述索引从第二NFC安全标签卡查询解密算法;
    依据所述解密算法解密所述加密数据包,获取加密前的数据包。
  10. 根据权利要求9所述的方法,其中,
    所述加密数据包包括加密部分和不加密部分;
    所述索引承载在所述加密数据包中与所述加密数据包一起接收。
  11. 根据权利要求10所述的方法,其中,
    所述不加密部分还包括加密标签;
    所述方法还包括:
    解析接收到的数据包的不加密部分,以确定所述加密数据包内是否包括加密标签;
    当所述加密数据包内包括所述加密标签时,确定所述数据包为所述加密数据包;并进入所述依据所述索引从第二NFC安全标签卡查询解密算法的步骤。
  12. 根据权利要求9、10或11所述的方法,其中,
    所述加密数据包为对短消息数据包形成的数据包;所述短消息数据包配置为短消息交互。
  13. 根据权利要求9所述的方法,其中,
    所述接收加密算法的索引为:
    接收协商数据包;
    其中,所述协商数据包为配置为源通信终端向目标通信终端发送所述索引的数据包。
  14. 根据权利要求13所述的方法,其中,
    当所述源通信终端与所述目标通信终端进行语音通信时,所述接收协商数据包为:从短消息通信链路或语音通信链路接收所述协商数据包。
  15. 根据权利要求9、10、11、13或14所述的方法,其中,
    所述加密数据包为对语音数据包进行加密形成的数据包;所述语音数据包用于语音通信。
  16. 根据权利要求10所述的方法,其中,
    所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
  17. 一种源通信终端,所述终端包括:
    读取单元,配置为从第一NFC安全标签卡读取加密算法及所述加密算法的索引;
    加密单元,配置为利用所述加密算法对待传输的数据包进行加密,形成加密数据包;
    发送单元,配置为发送所述加密数据包;
    发送单元,还配置为发送所述索引;
    其中,所述索引用于目标通信终端获取所述加密算法,以对所述加密数据包进行解密。
  18. 根据权利要求17所述的终端,其中,
    所述加密数据包包括加密部分和不加密部分;所述索引承载在所述不加密部分;
    所述发送单元,配置为将所述索引承载在所述加密数据包中与所述数据包一起发送。
  19. 根据权利要求18所述的终端,其中,
    所述终端还包括:
    添加单元,配置为向所述不加密部分添加加密标签;
    其中,所述加密标签用于指示其所在的数据包为加密数据包。
  20. 根据权利要求17、18或19所述的终端,其中,
    所述待传输的数据包为短消息数据包;所述短消息数据包用于短消息交互;
    所述加密单元,配置为利用所述加密算法对待传输的短消息数据包进行加密,形成加密数据包。
  21. 根据权利要求17、18或19所述的终端,其中,
    所述发送单元,配置为通过协商数据包发送所述索引;
    所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
  22. 根据权利要求21所述的终端,其中,
    所述发送单元,配置为当所述源通信终端与所述目标通信终端进行语音通信时,通过短消息通信链路或语音通信链路向所述目标通信终端发送所述协商数据包。
  23. 根据权利要求17、18、19、21或22所述的终端,其中,
    所述待传输的数据包为用于语音通信的语音数据包;
    所述加密单元,配置为利用所述加密算法对待传输的语音数据包进行加密,形成加密数据包。
  24. 根据权利要求20所述的终端,其中,
    所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
  25. 一种目标通信终端,所述终端包括:
    接收单元,配置为接收加密算法的索引;所述接收单元,还配置为接收加密数据包;
    查询单元,配置为依据所述索引从第二NFC安全标签卡查询解密算法;
    解密单元,配置为依据所述解密算法解密所述加密数据包,获取加密前的数据包。
  26. 根据权利要求25所述的终端,其中,
    所述加密数据包包括加密部分和不加密部分;
    所述接收单元,配置为一起接收承载在所述加密数据包中的所述索引与所述加密数据包。
  27. 根据权利要求25所述的终端,其中,
    所述不加密部分还包括加密标签;
    所述终端还包括:
    解析单元,配置为解析接收到的数据包的不加密部分,以确定所述加密数据包内是否包括加密标签;
    确定单元,配置为当所述加密数据包内包括所述加密标签时,确定所述数据包为所述加密数据包;
    所述查询单元,配置为在确定出接收到的所述数据包为加密数据包时,依据所述索引从第二NFC安全标签卡查询解密算法。
  28. 根据权利要求25、26或27所述的终端,其中,
    所述加密数据包为对短消息数据包形成的数据包;所述短消息数据包配置为短消息交互;
    所述解密单元,配置为依据所述解密算法解密所述加密数据包,获取加密前的短消息数据包。
  29. 根据权利要求25、26或27所述的终端,其中,
    所述接收单元,配置为接收协商数据包;
    其中,所述协商数据包为用于源通信终端向目标通信终端发送所述索引的数据包。
  30. 根据权利要求29所述的终端,其中,
    所述接收单元,配置为当所述源通信终端与所述目标通信终端进行语音通信时,从短消息通信链路或语音通信链路接收所述协商数据包。
  31. 根据权利要求25、26、27、29或30所述的终端,其中,
    所述加密数据包为对语音数据包进行加密形成的数据包;所述语音数据包配置为语音通信;
    所述解密单元,配置为依据所述解密算法解密所述加密数据包,获取加密前的语音数据包。
  32. 根据权利要求26所述的终端,其中,
    所述加密数据包包括包头及正文;所述不加密部分包括所述包头;所述加密部分包括所述正文。
  33. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执 行指令,所述计算机可执行指令配置为执行权利要求1至16所述方法的至少其中之一。
PCT/CN2014/091274 2014-08-21 2014-11-17 加密通信方法及通信终端和计算机存储介质 WO2015117451A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US15/505,316 US10341305B2 (en) 2014-08-21 2014-11-17 Encrypted communications method and communications terminal, and computer storage medium
EP14881505.3A EP3185466B1 (en) 2014-08-21 2014-11-17 Encrypted communications method and communications terminal, and computer storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410416455.1A CN105357007B (zh) 2014-08-21 2014-08-21 加密通信方法及通信终端
CN201410416455.1 2014-08-21

Publications (1)

Publication Number Publication Date
WO2015117451A1 true WO2015117451A1 (zh) 2015-08-13

Family

ID=53777260

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/091274 WO2015117451A1 (zh) 2014-08-21 2014-11-17 加密通信方法及通信终端和计算机存储介质

Country Status (4)

Country Link
US (1) US10341305B2 (zh)
EP (1) EP3185466B1 (zh)
CN (1) CN105357007B (zh)
WO (1) WO2015117451A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106487514A (zh) * 2015-09-01 2017-03-08 北京三星通信技术研究有限公司 语音通信加密方法、解密方法及其装置
WO2018214108A1 (zh) * 2017-05-25 2018-11-29 深圳市伊特利网络科技有限公司 网络链路的安全实现方法及系统

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743912B (zh) * 2016-03-31 2020-04-07 宇龙计算机通信科技(深圳)有限公司 一种语音加密方法和语音发送终端
CN106209344A (zh) * 2016-06-30 2016-12-07 宇龙计算机通信科技(深圳)有限公司 一种语音加密的测试方法及测试设备
IL248306B (en) * 2016-10-10 2019-12-31 Verint Systems Ltd System and method for creating data sets for learning to recognize user actions
CN106973072A (zh) * 2017-05-24 2017-07-21 深圳市乃斯网络科技有限公司 基于终端的网络链路加密方法及系统
CN107968783B (zh) * 2017-11-30 2021-10-08 腾讯科技(深圳)有限公司 流量管理方法、装置、终端及计算机可读存储介质
CN108769037B (zh) * 2018-06-04 2020-11-10 厦门集微科技有限公司 一种数据处理的方法、装置、计算机存储介质及终端
CN109977692B (zh) * 2019-02-26 2022-02-08 北京三快在线科技有限公司 数据处理方法和装置、存储介质及电子设备
WO2020188524A1 (en) 2019-03-20 2020-09-24 Verint Systems Ltd. System and method for de-anonymizing actions and messages on networks

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1708405A1 (en) * 2005-03-29 2006-10-04 Samsung Electronics Co., Ltd. Apparatus and method for protecting transmission of communication content
US20120129450A1 (en) * 2010-11-24 2012-05-24 Aq Co., Ltd. Mobile terminal with nfc function
CN103237305A (zh) * 2013-03-27 2013-08-07 公安部第三研究所 面向移动终端上的智能卡密码保护方法

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6922785B1 (en) * 2000-05-11 2005-07-26 International Business Machines Corporation Apparatus and a method for secure communications for network computers
US8571218B2 (en) * 2010-06-01 2013-10-29 GreatCall, Inc. Short message service cipher
FR2962571B1 (fr) * 2010-07-08 2012-08-17 Inside Contactless Procede d'execution d'une application securisee dans un dispositif nfc
US10389692B2 (en) * 2011-11-05 2019-08-20 Jianping He Peer-to-peer device management, monitor and control
DK2624612T3 (en) * 2012-02-03 2018-12-17 Telia Co Ab Process for near field communication, device and system therefor
US9569633B2 (en) * 2012-06-29 2017-02-14 Intel Corporation Device, system, and method for processor-based data protection
EP2690839B1 (en) * 2012-07-23 2018-09-26 STMicroelectronics (Rousset) SAS NFC apparatus capable to perform a contactless tag reading function
US8977856B2 (en) * 2012-08-31 2015-03-10 Blackberry Limited Methods and apparatus for use in sharing credentials amongst a plurality of mobile communication devices
US9455839B2 (en) * 2014-07-30 2016-09-27 Master Lock Company Llc Wireless key management for authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1708405A1 (en) * 2005-03-29 2006-10-04 Samsung Electronics Co., Ltd. Apparatus and method for protecting transmission of communication content
US20120129450A1 (en) * 2010-11-24 2012-05-24 Aq Co., Ltd. Mobile terminal with nfc function
CN103237305A (zh) * 2013-03-27 2013-08-07 公安部第三研究所 面向移动终端上的智能卡密码保护方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3185466A4 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106487514A (zh) * 2015-09-01 2017-03-08 北京三星通信技术研究有限公司 语音通信加密方法、解密方法及其装置
US10650827B2 (en) 2015-09-01 2020-05-12 Samsung Electronics Co., Ltd. Communication method, and electronic device therefor
CN113206737A (zh) * 2015-09-01 2021-08-03 北京三星通信技术研究有限公司 语音通信加密方法、解密方法及其装置
WO2018214108A1 (zh) * 2017-05-25 2018-11-29 深圳市伊特利网络科技有限公司 网络链路的安全实现方法及系统

Also Published As

Publication number Publication date
CN105357007A (zh) 2016-02-24
US10341305B2 (en) 2019-07-02
EP3185466B1 (en) 2018-09-26
CN105357007B (zh) 2019-05-31
EP3185466A1 (en) 2017-06-28
US20170272407A1 (en) 2017-09-21
EP3185466A4 (en) 2017-08-09

Similar Documents

Publication Publication Date Title
WO2015117451A1 (zh) 加密通信方法及通信终端和计算机存储介质
US10771966B2 (en) Encryption method, decryption method, and related apparatus
US9485096B2 (en) Encryption / decryption of data with non-persistent, non-shared passkey
CN104244237B (zh) 数据发送、接收方法及接收、发送终端和数据收发装置
CN106778285B (zh) 用于对设备进行升级的方法、装置
TW201417546A (zh) 即時通信方法和系統
CN103581901A (zh) 一种Wi-Fi无线网络接入配置信息的处理方法和设备
CN110166489B (zh) 一种物联网中数据传输方法、系统、设备及计算机介质
CN108848413B (zh) 视频的防重放攻击系统、方法、装置及存储介质
WO2019085659A1 (zh) 一种信息交互方法及装置
TW201720093A (zh) 安全輸入之方法、裝置及系統
US20180083777A1 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
CN104602208B (zh) 一种基于移动网络的短信加密通信方法
CN107155184A (zh) 一种带有安全加密芯片的wifi模块及其通信方法
CN113569259A (zh) 一种数据共享方法、系统、设备及计算机可读存储介质
CN105262759A (zh) 一种加密通信的方法和系统
CN114386049A (zh) 加密方法、解密方法、装置及设备
CN109525612B (zh) 多端消息加密传输方法及系统
CN106487761B (zh) 一种消息传输方法和网络设备
CN104618355B (zh) 一种安全存储和传输数据的方法
CN105450597B (zh) 一种信息传输方法及装置
CN110311921A (zh) 一种配电终端加解密方法、系统、设备及计算机存储介质
US20220368522A1 (en) Bluetooth peripheral and central apparatuses and verification method
CN104243291A (zh) 一种可保障用户通讯内容安全的即时通讯方法及其系统
WO2018076242A1 (zh) 一种信息传输方法及设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14881505

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 15505316

Country of ref document: US

REEP Request for entry into the european phase

Ref document number: 2014881505

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2014881505

Country of ref document: EP