WO2016015643A1 - 一种通话加密的方法、通信终端、基站及计算机存储介质 - Google Patents

一种通话加密的方法、通信终端、基站及计算机存储介质 Download PDF

Info

Publication number
WO2016015643A1
WO2016015643A1 PCT/CN2015/085413 CN2015085413W WO2016015643A1 WO 2016015643 A1 WO2016015643 A1 WO 2016015643A1 CN 2015085413 W CN2015085413 W CN 2015085413W WO 2016015643 A1 WO2016015643 A1 WO 2016015643A1
Authority
WO
WIPO (PCT)
Prior art keywords
call
key
call key
content
unit
Prior art date
Application number
PCT/CN2015/085413
Other languages
English (en)
French (fr)
Inventor
张晓伟
刘英东
Original Assignee
努比亚技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 努比亚技术有限公司 filed Critical 努比亚技术有限公司
Publication of WO2016015643A1 publication Critical patent/WO2016015643A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic

Definitions

  • the present invention relates to the field of communications, and in particular, to a method for conversing a call, a communication terminal, a base station, and a computer storage medium.
  • the call encryption basically uses the public key to encrypt and protect the call content.
  • the important call content and trade secrets are often in the Inadvertently being secretly intercepted, it poses a great security risk to users' privacy and business secrets.
  • the main purpose of the embodiment of the present invention is to solve the problem that the existing call encryption method is easily cracked, which poses a great security risk to the user's privacy and business secrets.
  • a method for encrypting a call, applied to a calling end comprising:
  • the call content is encrypted according to the call key and sent to the called end through the network side;
  • the replacing the call key according to the preset frequency includes:
  • the content of the call is encrypted according to the preset frequency and the randomly generated call key and sent to the called end through the network side.
  • the object of the embodiment of the present invention is to provide a method for encrypting a call, which is applied to the network side, and the method includes:
  • the forwarding of the call key exchanged by the calling end according to the preset frequency and the content of the call encrypted according to the replaced session key include:
  • Another object of the present invention is to provide a communication terminal, where the communication terminal includes:
  • the key generation unit is configured to randomly generate a call key according to a preset algorithm
  • a first call unit configured to send a call request including the call key to the called end through the network side
  • a first determining unit configured to determine whether the called end receives the call request
  • An encryption unit configured to encrypt the content of the call according to the call key
  • a first sending unit configured to pass the content of the call encrypted according to the call key through the network The side is sent to the called end;
  • the replacement unit is configured to replace the call key according to a preset frequency.
  • the replacing unit is further configured to:
  • a further object of the embodiments of the present invention is to provide a communication base station, where the communication base station includes:
  • a receiving unit configured to receive a call request that includes a call key sent by the calling end, and a call content that is encrypted according to the call key
  • a second calling unit configured to send a call request including the call key to the called end
  • a second determining unit configured to determine whether the called end receives the call request
  • a second sending unit configured to send the encrypted call content to the called end
  • the forwarding unit is configured to forward the session key exchanged by the calling terminal according to the preset frequency and the content of the call encrypted according to the replaced session key.
  • the forwarding unit is further configured to:
  • an embodiment of the present invention further provides a computer storage medium.
  • the computer storage medium provided by the embodiment of the present invention stores a computer program for performing the above method of call encryption.
  • the calling end randomly generates a call key according to a preset algorithm, and sends the call key to the called end through the network side, because the call key is randomly generated,
  • the difficulty of being cracked is extremely great, so that the content of the call is difficult to be acquired, and the call key is generated according to the preset frequency, that is, it is replaced every preset time, even if a call key is cracked, it is difficult to crack all the
  • the call key that is, the entire call content cannot be obtained, and the call content of both parties of the call is strongly protected, thereby providing a more secure guarantee for the user's call.
  • FIG. 1 is a schematic structural diagram of hardware of a communication terminal that implements various embodiments of the present invention
  • FIG. 2 is a schematic diagram of a wireless communication system of the communication terminal shown in FIG. 1;
  • FIG. 3 is a flowchart of a call encryption method applied to a calling end according to an embodiment of the present invention
  • FIG. 4 is a flowchart of an implementation of a method for encrypting a call according to a first embodiment of the present invention
  • FIG. 5 is a flowchart of a method for applying call encryption according to an embodiment of the present invention applied to a network side;
  • FIG. 6 is a flowchart of an implementation of a method for encrypting a call according to a second embodiment of the present invention.
  • FIG. 7 is a structural diagram of a frame of a communication terminal according to an embodiment of the present invention.
  • FIG. 8 is a structural diagram of a frame of a communication base station according to an embodiment of the present invention.
  • the terminal can be implemented in various forms.
  • the terminal described in the embodiments of the present invention may include, for example, a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a personal digital assistant (PDA, Personal Digital Assistant), a tablet (PAD), a portable multimedia player (PMP).
  • PDA personal digital assistant
  • PAD tablet
  • PMP portable multimedia player
  • Terminals of Portable Media Player, navigation devices, and the like, and fixed terminals such as digital TVs, desktop computers, and the like.
  • the terminal is a communication terminal.
  • those skilled in the art will appreciate that configurations in accordance with embodiments of the present invention can be applied to fixed type terminals in addition to components that are specifically for mobile purposes.
  • FIG. 1 is a schematic diagram showing the hardware structure of a communication terminal that implements various embodiments of the present invention.
  • the communication terminal 100 may include a wireless communication unit 110, an audio/video (A/V) input unit 120, a user input unit 130, a sensing unit 140, an output unit 150, a memory 160, an interface unit 170, a controller 180, and a power supply unit 190. and many more.
  • Figure 1 shows a communication terminal having various components, but it should be understood that not all illustrated components are required to be implemented. More or fewer components can be implemented instead. The elements of the communication terminal will be described in detail below.
  • Wireless communication unit 110 typically includes one or more components that permit radio communication between communication terminal 100 and a wireless communication system or network.
  • the wireless communication unit may include at least one of a broadcast receiving module 111, a mobile communication module 112, a wireless internet module 113, a short-range communication module 114, and a location information module 115.
  • the broadcast receiving module 111 receives a broadcast signal and/or broadcast associated information from an external broadcast management server via a broadcast channel.
  • the broadcast channel can include a satellite channel and/or a terrestrial channel.
  • the broadcast management server may be a server that generates and transmits a broadcast signal and/or broadcast associated information or a server that receives a previously generated broadcast signal and/or broadcast associated information and transmits it to the terminal.
  • the broadcast signal may include a TV broadcast signal, a radio broadcast signal, a data broadcast signal, and the like.
  • the broadcast signal may further include a broadcast signal combined with a TV or radio broadcast signal. Broadcast phase
  • the off information can also be provided via the mobile communication network, and in this case, the broadcast associated information can be received by the mobile communication module 112.
  • the broadcast signal may exist in various forms, for example, it may be an Electronic Program Guide (EPG) of Digital Multimedia Broadcasting (DMB), a digital video broadcast handheld (DVB-H, Digital Video Broadcasting-Handheld). ) exists in the form of an ESG (Electronic Service Guide) and the like.
  • EPG Electronic Program Guide
  • DMB Digital Multimedia Broadcasting
  • DVD-H Digital Video Broadcasting-Handheld
  • ESG Electronic Service Guide
  • the broadcast receiving module 111 can receive a signal broadcast by using various types of broadcast systems.
  • the broadcast receiving module 111 can be used by using, for example, Multimedia Broadcast Broadcasting-Terrestrial (DMB-T), Digital Multimedia Broadcasting-Satellite (DMB-S, Digital Multimedia Broadcasting-Satellite), Digital Video Broadcasting (DVB) -H), a digital broadcast system such as a data broadcast system of Media Forward Link Only (MediaFLO, Media Forward Link Only), Integrated Broadcast Digital Broadcasting (ISDB-T), or the like receives digital broadcast.
  • the broadcast receiving module 111 can be constructed as various broadcast systems suitable for providing broadcast signals as well as the above-described digital broadcast system.
  • the broadcast signal and/or broadcast associated information received via the broadcast receiving module 111 may be stored in the memory 160 (or other type of storage medium).
  • the mobile communication module 112 transmits the radio signals to and/or receives radio signals from at least one of a base station (e.g., an access point, a Node B, etc.), an external terminal, and a server.
  • a base station e.g., an access point, a Node B, etc.
  • Such radio signals may include voice call signals, video call signals, or various types of data transmitted and/or received in accordance with text and/or multimedia messages.
  • the wireless internet module 113 supports wireless internet access of the communication terminal.
  • the module can be internally or externally coupled to the terminal.
  • the wireless Internet access technologies involved in the module may include Wireless Local Area Networks (WLAN), Wireless Broadband (Wibro), Worldwide Interoperability for Microwave Access (Wimax), and High Speed Downlink Packet Connection. In (HSDPA, High Speed Downlink Packet Access) and so on.
  • the short range communication module 114 is a module for supporting short range communication.
  • Some short-range communication technologies Examples include Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), Zigbee, and the like.
  • the location information module 115 is a module for checking or acquiring location information of the communication terminal.
  • a typical example of a location information module is the Global Positioning System (GPS).
  • GPS Global Positioning System
  • the GPS module 115 calculates distance information and accurate time information from three or more satellites and applies triangulation to the calculated information to accurately calculate three-dimensional current position information based on longitude, latitude, and altitude.
  • the method for calculating position and time information uses three satellites and corrects the calculated position and time information errors by using another satellite.
  • the GPS module 115 is capable of calculating speed information by continuously calculating current position information in real time.
  • the A/V input unit 120 is for receiving an audio or video signal.
  • the A/V input unit 120 may include a camera 121 and a microphone 1220 that processes image data of still pictures or video obtained by the image capturing device in a video capturing mode or an image capturing mode.
  • the processed image frame can be displayed on the display unit 151.
  • the image frames processed by the camera 121 may be stored in the memory 160 (or other storage medium) or transmitted via the wireless communication unit 110, and two or more cameras 1210 may be provided according to the configuration of the communication terminal.
  • the microphone 122 can receive sound (audio data) via a microphone in an operation mode of a telephone call mode, a recording mode, a voice recognition mode, and the like, and can process such sound as audio data.
  • the processed audio (voice) data can be converted to a format output that can be transmitted to the mobile communication base station via the mobile communication module 112 in the case of a telephone call mode.
  • the microphone 122 can implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated during the process of receiving and transmitting audio signals.
  • the user input unit 130 can generate key input data in accordance with a command input by the user to control various operations of the communication terminal.
  • the user input unit 130 allows the user to input various types of information, and And may include a keyboard, a pot, a touch pad (eg, a touch sensitive component that detects changes in resistance, pressure, capacitance, etc. due to contact), a scroll wheel, a rocker, and the like.
  • a touch screen can be formed.
  • the sensing unit 140 detects the current state of the communication terminal 100 (for example, an open or closed state of the communication terminal 100), the position of the communication terminal 100, the presence or absence of a user's contact with the communication terminal 100 (ie, touch input), and the communication terminal The orientation of 100, the acceleration or deceleration movement and direction of the communication terminal 100, and the like, and the generation of commands or signals for controlling the operation of the communication terminal 100.
  • the sensing unit 140 can sense whether the slide type phone is turned on or off.
  • the sensing unit 140 can detect whether the power supply unit 190 provides power or whether the interface unit 170 is coupled to an external device.
  • Sensing unit 140 may include proximity sensor 1410 which will be described below in connection with a touch screen.
  • the interface unit 170 serves as an interface through which at least one external device can communicate with the communication terminal 100.
  • the external device may include a wired or wireless headset port, an external power (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, and an audio input/output. (I/O) port, video I/O port, headphone port, and more.
  • the identification module may be stored to verify various information used by the user to use the communication terminal 100 and may include a User Identification Module (UIM), a Subscriber Identity Module (SIM), and a Universal Customer Identification Module (USIM, Universal). Subscriber Identity Module) and more.
  • UIM User Identification Module
  • SIM Subscriber Identity Module
  • USB Universal Customer Identification Module
  • the device having the identification module may take the form of a smart card, and thus the identification device may be connected to the communication terminal 100 via a port or other connection device.
  • the interface unit 170 can be configured to receive input from an external device (eg, data information, power, etc.) and transmit the received input to one or more components within the communication terminal 100 or can be used in the communication terminal and external device Transfer data between.
  • the interface unit 170 can be used as a A path through which power is supplied from the cradle to the communication terminal 100 or may be used as a path through which various command signals input from the cradle are transmitted to the communication terminal.
  • Various command signals or power input from the base can be used as signals for identifying whether the communication terminal is accurately mounted on the base.
  • Output unit 150 is configured to provide an output signal (eg, an audio signal, a video signal, an alarm signal, a vibration signal, etc.) in a visual, audio, and/or tactile manner.
  • the output unit 150 may include a display unit 151, an audio output module 152, an alarm unit 153, and the like.
  • the display unit 151 can display information processed in the communication terminal 100.
  • the display unit 151 can display a user interface (UI, User Interface) or a graphical user interface related to a call or other communication (eg, text messaging, multimedia file download, etc.) ( GUI, Graphical User Interface).
  • UI User Interface
  • GUI Graphical User Interface
  • the display unit 151 may display a captured image and/or a received image, a UI or GUI showing a video or image and related functions, and the like.
  • the display unit 151 can function as an input device and an output device.
  • the display unit 151 may include a Liquid Crystal Display (LCD), a Thin Film Transistor (LCD), an Organic Light-Emitting Diode (OLED) display, a flexible display, and a three-dimensional (3D) At least one of a display or the like.
  • LCD Liquid Crystal Display
  • LCD Thin Film Transistor
  • OLED Organic Light-Emitting Diode
  • 3D three-dimensional
  • Some of these displays may be configured to be transparent to allow a user to view from the outside, which may be referred to as a transparent display, and a typical transparent display may be, for example, a transparent organic light emitting diode (TOLED) display or the like.
  • TOLED transparent organic light emitting diode
  • the communication terminal 100 may include two or more display units (or other display devices), for example, the communication terminal may include an external display unit (not shown) and an internal display unit (not shown) .
  • the touch screen can be used to detect touch input pressure as well as touch input position and touch input area.
  • the audio output module 152 can set the wireless communication unit when the communication terminal is in a call signal receiving mode, a call mode, a recording mode, a voice recognition mode, a broadcast receiving mode, and the like.
  • the audio data received at 110 or stored in the memory 160 converts the audio signal and outputs it as sound.
  • the audio output module 152 can provide audio output (eg, call signal reception sound, message reception sound, etc.) associated with a particular function performed by the communication terminal 100.
  • the audio output module 152 can include a speaker, a buzzer, and the like.
  • the alarm unit 153 can provide an output to notify the communication terminal 100 of the occurrence of an event. Typical events may include call reception, message reception, key signal input, touch input, and the like. In addition to audio or video output, the alert unit 153 can provide an output in a different manner to notify of the occurrence of an event. For example, the alarm unit 153 can provide an output in the form of vibrations, and when a call, message, or some other incoming communication is received, the alarm unit 153 can provide a tactile output (ie, vibration) to notify the user of it. By providing such a tactile output, the user is able to recognize the occurrence of various events even when the user's mobile phone is in the user's pocket. The alarm unit 153 can also provide an output of the notification event occurrence via the display unit 151 or the audio output module 152.
  • the memory 160 may store a software program or the like for processing and control operations performed by the controller 180, or may temporarily store data (for example, a phone book, a message, a still image, a video, etc.) that has been output or is to be output. Moreover, the memory 160 can store data regarding vibrations and audio signals of various manners that are output when a touch is applied to the touch screen.
  • the memory 160 may include at least one type of storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, SD or DX memory, etc.), a random access memory (RAM), and a static memory.
  • Random Access Memory SRAM
  • Read Only Memory ROM
  • EEPROM Electrically Erasable Programmable Read Only Memory
  • PROM Programmable Read Only Memory
  • magnetic memory disk, optical disk, etc.
  • the communication terminal 100 can cooperate with a network storage device that performs a storage function of the memory 160 through a network connection.
  • the controller 180 typically controls the overall operation of the communication terminal. For example, the controller 180 performs the control and processing associated with voice calls, data communications, video calls, and the like. Additionally, the controller 180 can include a multimedia module 1810 for reproducing (or playing back) multimedia data, which can be constructed within the controller 180 or can be configured to be separate from the controller 180. The controller 180 may perform a pattern recognition process to recognize a handwriting input or a picture drawing input performed on the touch screen as a character or an image.
  • the power supply unit 190 receives external power or internal power under the control of the controller 180 and provides appropriate power required to operate the various components and components.
  • the various embodiments described herein can be implemented in a computer readable medium using, for example, computer software, hardware, or any combination thereof.
  • the embodiments described herein may use an Application Specific Integrated Circuit (ASIC), a Digital Signal Processing (DSP), a Digital Signal Processing Device (DSPD), Programmable Logic Device (PLD), Field Programmable Gate Array (FPGA), processor, controller, microcontroller, microprocessor, electronics designed to perform the functions described herein
  • ASIC Application Specific Integrated Circuit
  • DSP Digital Signal Processing
  • DSPD Digital Signal Processing Device
  • PLD Programmable Logic Device
  • FPGA Field Programmable Gate Array
  • the communication terminal has been described in terms of its function.
  • a slide type communication terminal among various types of communication terminals such as a folding type, a bar type, a swing type, a slide type communication terminal, and the like will be described as an example. Therefore, the present invention can be applied to any type of communication terminal, and is not limited to a slide type communication terminal.
  • the communication terminal 100 as shown in FIG. 1 may be configured to utilize the number of transmissions via a frame or a packet It operates according to, for example, wired and wireless communication systems as well as satellite-based communication systems.
  • Such communication systems may use different air interfaces and/or physical layers.
  • the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), and General Purpose Code Division Multiple Access (CDMA).
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • CDMA Code Division Multiple Access
  • CDMA General Purpose Code Division Multiple Access
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • GSM Global System for Mobile Communications
  • the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.
  • the CDMA wireless communication system may include a plurality of communication terminals 100, a plurality of base stations (BS) 270, a base station controller (BSC) 275, and a mobile switching center (MSC) 280.
  • the MSC 280 is configured to interface with a Public Switched Telephone Network (PSTN) 290.
  • PSTN Public Switched Telephone Network
  • the MSC 280 is also configured to interface with a BSC 275 that can be coupled to the base station 270 via a backhaul line.
  • the backhaul line can be constructed in accordance with any of a number of well known interfaces including, for example, E1/T1, ATM, IP, PPP, Frame Relay, HDSL, ADSL, or xDSL. It will be appreciated that the system as shown in FIG. 2 may include multiple BSC 2750s.
  • Each BS 270 can serve one or more partitions (or regions), each of which is covered by a multi-directional antenna or an antenna directed to a particular direction radially away from the BS 270. Alternatively, each partition may be covered by two or more antennas for diversity reception. Each BS 270 can be configured to support multiple frequency allocations, and each frequency allocation has a particular frequency spectrum (eg, 1.25 MHz, 5 MHz, etc.).
  • BS 270 may also be referred to as a Base Transceiver Subsystem (BTS) or other equivalent terminology.
  • BTS Base Transceiver Subsystem
  • the term "base station” can be used to generally mean a single BSC 275 and at least one BS 270.
  • a base station can also be referred to as a "cell station.”
  • each partition of a particular BS 270 may be referred to as a plurality of cellular stations.
  • a broadcast transmitter (BT, Broadcast Transmitter) 295 transmits a broadcast signal to the communication terminal 100 operating within the system.
  • a broadcast receiving module 111 as shown in FIG. 1 is provided at the communication terminal 100 to receive a broadcast signal transmitted by the BT 295.
  • GPS Global Positioning System
  • the satellite 300 helps locate at least one of the plurality of communication terminals 100.
  • a plurality of satellites 300 are depicted, but it is understood that useful positioning information can be obtained using any number of satellites.
  • the GPS module 115 as shown in Figure 1 is typically configured to cooperate with the satellite 300 to obtain desired positioning information. Instead of or in addition to GPS tracking techniques, other techniques that can track the location of the communication terminal can be used. Additionally, at least one GPS satellite 300 can selectively or additionally process satellite DMB transmissions.
  • the BS 270 receives reverse link signals from various communication terminals 100.
  • Communication terminal 100 typically participates in calls, messaging, and other types of communications.
  • Each reverse link signal received by a particular base station 270 is processed within a particular BS 270.
  • the obtained data is forwarded to the relevant BSC 275.
  • the BSC provides call resource allocation and coordinated mobility management functions including a soft handoff procedure between the BSs 270.
  • the BSC 275 also routes the received data to the MSC 280, which provides additional routing services for interfacing with the PSTN 290.
  • PSTN 290 interfaces with MSC 280, which forms an interface with BSC 275, and BSC 275 controls BS 270 accordingly to transmit forward link signals to communication terminal 100.
  • the embodiment of the invention provides a method for encrypting a call, which is used to perform stricter encryption protection on the call process to prevent the call content from being eavesdropped.
  • FIG. 3 is a flowchart of a method for applying a call encryption method according to an embodiment of the present invention to a calling end. For convenience of description, only parts related to the embodiment of the present invention are listed, and the details are as follows:
  • the method for encrypting a call provided by the embodiment of the present invention is applied to a calling end, and includes the following steps:
  • Step S100 randomly generating a call key according to a preset algorithm.
  • step S100 when the user needs to call the communication terminal of another user, the terminal held by the user is the calling terminal, and the calling terminal randomly generates the call key according to a preset algorithm.
  • Step S200 sending a call request including the call key to the called end through the network side.
  • step S200 when the calling end issues a call request, the network side (communication base station) includes the call key generated by the calling end in the call request and sends it to the called end.
  • step S300 if the called party accepts the call request, the content of the call is encrypted according to the call key and sent to the called end through the network side.
  • step S300 if the called party receives the call key, it indicates that the called party accepts the call request and receives the call key, the call is formally established, and the calling end encrypts the call content according to the call key. And sending the encrypted call content to the called end through the network side, the called end also encrypts the content of the call through the call key, and sends it back to the calling end through the network side.
  • step S400 the call key is replaced according to a preset frequency.
  • step S400 the calling terminal replaces the call key according to the preset frequency.
  • the call key is randomly generated according to a preset algorithm every 10 seconds, and the call key is sent to the called end through the network side.
  • the current call content is encrypted by the call key and sent to the called end through the network side, and the called end decrypts and listens to the received call content according to the previously received call key, and the called end according to the currently received call.
  • the secret key encrypts the content of the call and sends it back to the calling end through the network side to form a completed call link, and the call key is replaced according to the preset frequency, and the call key can be randomly replaced according to the irregular frequency. Enhance communication security.
  • the calling terminal randomly generates a call according to a preset frequency and a preset algorithm.
  • the key in order to encrypt the content of the call, can more effectively protect the content of the call from being monitored or being monitored.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • FIG. 4 is a flowchart showing an implementation process of the call encryption method provided by the first embodiment of the present invention. For the convenience of description, only the parts related to the embodiment of the present invention are listed, and the details are as follows:
  • step S400 includes the following steps:
  • Step S401 randomly generating a call key according to the preset frequency and the preset algorithm
  • Step S402 the randomly generated call key is sent to the called end by the network side;
  • Step S403 Encrypt the call content according to the preset frequency and the randomly generated call key, and send the call content to the called end through the network side.
  • the calling end randomly generates a call key according to the preset frequency and a preset algorithm, and transmits the generated call key to the called party through the network side every preset period. End, and use the call key to encrypt the content of the call and send it to the called end through the network side.
  • FIG. 5 is a flowchart of a method for applying a call encryption method according to an embodiment of the present invention to a network side. For convenience of description, only parts related to the embodiment of the present invention are listed, and the details are as follows:
  • Step S500 receiving a call request that includes a call key sent by the calling end.
  • step S500 the call request sent by the calling terminal is received, and the call request includes a call key. Since the call content sent by the calling end is encrypted by the call key before transmission, the call key needs to be used during the call. The call is sent to the called end, so that the called end decrypts the subsequent received call content according to the previously received call key.
  • Step S600 sending a call request including the call key to the called end.
  • Step S700 if the called party accepts the call request, receiving the content of the call encrypted by the calling terminal according to the call key, and transmitting the encrypted call content to the called terminal;
  • Step S800 forwarding the session key exchanged by the calling terminal according to the preset frequency and the content of the call encrypted according to the replaced session key.
  • the call key generated by the calling end according to the preset algorithm has a life cycle, and the call key and the call content encrypted according to the replaced call key are replaced at intervals.
  • the side first sends the replaced call key to the called end, and then sends the call content encrypted according to the replaced call key to the called end.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • FIG. 6 is a flowchart showing an implementation process of the call encryption method provided by the second embodiment of the present invention. For the convenience of description, only the parts related to the embodiment of the present invention are listed, which are as follows:
  • step S800 includes the following steps:
  • Step S801 receiving and transmitting, to the called end, a call key randomly generated by the calling end according to a preset frequency
  • Step S802 receiving and transmitting, to the called end, the content of the call encrypted by the calling terminal according to the randomly generated call key.
  • the network side first sends the call key generated by the calling end to the called end, and then sends the call content encrypted by the calling end according to the call key, so that the called end can decrypt the received call content. Answer.
  • FIG. 7 shows a frame structure of a communication terminal according to an embodiment of the present invention. For convenience of description, only parts related to the embodiment of the present invention are listed, and the details are as follows:
  • An embodiment of the present invention provides a communication terminal 1 including
  • the secret key generating unit 101 is configured to randomly generate a call key according to a preset algorithm
  • the first calling unit 102 is configured to send a call request including the call key to the called end through the network side;
  • the first determining unit 103 is configured to determine whether the called end receives the call request.
  • the encryption unit 104 is configured to encrypt the content of the call according to the call key
  • the first sending unit 105 is configured to send the content of the call encrypted according to the call key to the called end through the network side;
  • the replacing unit 106 is configured to replace the call key according to a preset frequency.
  • the communication terminal includes a landline, a mobile phone, a tablet computer, an e-reader, and the like.
  • the communication terminal provided by the embodiment of the present invention corresponds to the calling end and the called end in the foregoing embodiment, and the working principle and implementation thereof. The manners correspond to the above embodiments, and the following embodiments are not described herein.
  • the replacement unit 106 is further configured to:
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA Field- Programmable Gate Array
  • FIG. 8 is a schematic structural diagram of a communication base station according to an embodiment of the present invention. For convenience of description, only parts related to the embodiment of the present invention are listed, and the details are as follows:
  • An embodiment of the present invention provides a communication base station 2, including:
  • the receiving unit 201 is configured to receive a call request that includes a call key sent by the calling end, and a call content that is encrypted according to the call key;
  • the second calling unit 202 is configured to send a call request including the call key to the called end;
  • the second determining unit 203 is configured to determine whether the called end receives the call request.
  • the second sending unit 204 is configured to send the encrypted call content to the called end;
  • the forwarding unit 205 is configured to forward the session key exchanged by the calling terminal according to the preset frequency and the content of the call encrypted according to the replaced session key.
  • the forwarding unit 205 is further configured to:
  • Controlling by the receiving unit 201, a call key randomly generated by the calling end according to a preset frequency, and a call content encrypted according to the randomly generated call key;
  • the second sending unit 204 is controlled to send, to the called end, a call key randomly generated by the calling end according to a preset frequency, and a call content encrypted according to the randomly generated call key.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA Field- Programmable Gate Array
  • the calling end randomly generates a call key according to a preset algorithm, and sends the call key to the called end through the network side, because the call key is randomly generated, the difficulty of being cracked
  • the call content is difficult to be acquired, and the call key is generated according to the preset frequency, that is, it is replaced every preset time. Even if a call key is cracked, it is difficult to crack all the call keys. That is, the entire call content cannot be obtained, and the content of the call between the two parties is strongly protected, thereby providing a more secure guarantee for the user's call.
  • the apparatus for tracking the service signaling may also be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a separate product.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • program codes such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • an embodiment of the present invention further provides a computer storage medium, wherein a computer program is stored, and the computer program is used to execute the method of call encryption in the embodiment of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种通话加密的方法、通信终端、基站及计算机存储介质,所述方法包括:根据预设算法随机生成通话秘钥;通过网络侧向被叫端发出包括所述通话秘钥的呼叫请求;若所述被叫端接受所述呼叫请求,则根据所述通话秘钥对通话内容进行加密并通过所述网络侧发送给所述被叫端;根据预设频率更换所述通话秘钥。

Description

一种通话加密的方法、通信终端、基站及计算机存储介质 技术领域
本发明涉及通信领域,尤其涉及一种通话加密的方法、通信终端、基站及计算机存储介质。
背景技术
随着社会经济的快速发展,人们的生活节奏越来越快,越来越多的人使用电话进行商务沟通、情感交流等。电话拉近了人们的距离,方便了彼此的交流,提高了工作效率。
但是,随着科技的发展,也使得破解通话内容的技术手段越来越先进,目前,通话加密基本上都是利用公共秘钥对通话内容进行加密保护,重要的通话内容和商业秘密往往会在不经意间被暗中获取窃听,给用户的隐私和商业秘密造成极大的安全隐患。
发明内容
有鉴于此,本发明实施例的主要目的在于解决现有通话加密方式容易被破解,给用户的隐私和商业秘密造成极大的安全隐患的问题。
本发明实施例解决上述技术问题所采用的技术方案如下:
一种通话加密的方法,应用于主叫端,该方法包括:
根据预设算法随机生成通话秘钥;
通过网络侧向被叫端发出包括该通话秘钥的呼叫请求;
若该被叫端接受该呼叫请求,则根据该通话秘钥对通话内容进行加密并通过该网络侧发送给该被叫端;
根据预设频率更换该通话秘钥。
本发明实施例中,该根据预设频率更换该通话秘钥,包括:
根据预设频率和该预设算法随机生成通话秘钥;
通过该网络侧向该被叫端发送该随机生成的通话秘钥;
根据该预设频率以及该随机生成的通话秘钥对通话内容进行加密并通过该网络侧发送给该被叫端。
本发明实施例的目的还在于提供一种通话加密的方法,应用于网络侧,该方法包括:
接收主叫端发送的包括通话秘钥的呼叫请求;
向被叫端发送包括该通话秘钥的呼叫请求;
若该被叫端接受该呼叫请求,则接收该主叫端根据该通话密钥加密的通话内容并将该加密的通话内容发送给该被叫端;
转发该主叫端根据预设频率更换的通话密钥以及根据该更换的通话密钥加密的通话内容。
本发明实施例中,该转发该主叫端根据预设频率更换的通话密钥以及根据该更换的通话密钥加密的通话内容,包括:
接收并向该被叫端发送该主叫端根据预设频率随机生成的通话秘钥;
接收并向该被叫端发送该主叫端根据该随机生成的通话秘钥加密的通话内容。
本发明实施例的另一目的还在于提供一种通信终端,该通信终端包括:
秘钥生成单元,配置为根据预设算法随机生成通话秘钥;
第一呼叫单元,配置为通过网络侧向被叫端发出包括该通话秘钥的呼叫请求;
第一判断单元,配置为判断该被叫端是否接收该呼叫请求;
加密单元,配置为根据该通话秘钥对通话内容进行加密;
第一发送单元,配置为将根据该通话秘钥加密的通话内容通过该网络 侧发送给该被叫端;
更换单元,配置为根据预设频率更换该通话秘钥。
本发明实施例中,该更换单元还配置为:
控制该通话秘钥生成单元根据预设频率和该预设算法随机生成通话秘钥;
控制该第一发送单元通过该网络侧向该被叫端发送该随机生成的通话秘钥;
控制该加密单元根据该预设频率以及该随机生成的通话秘钥对通话内容进行加密;
并控制该第一发送单元将根据该随机生成的通话秘钥加密的通话内容通过该网络侧发送给该被叫端。
本发明实施例的目的还在于提供一种通信基站,该通信基站包括:
接收单元,配置为接收主叫端发送的包括通话秘钥的呼叫请求以及根据该通话密钥加密的通话内容;
第二呼叫单元,配置为向被叫端发送包括该通话秘钥的呼叫请求;
第二判断单元,配置为判断该被叫端是否接收该呼叫请求;
第二发送单元,配置为将该加密的通话内容发送给该被叫端;
转发单元,配置为转发该主叫端根据预设频率更换的通话密钥以及根据该更换的通话密钥加密的通话内容。
本发明实施例中,该转发单元还配置为:
控制该接收单元接收该主叫端根据预设频率随机生成的通话秘钥,以及根据该随机生成的通话秘钥加密的通话内容;
控制该第二发送单元向该被叫端发送该主叫端根据预设频率随机生成的通话秘钥,以及根据该随机生成的通话秘钥加密的通话内容。
此外,为实现上述目的,本发明实施例还提供了一种计算机存储介质, 本发明实施例提供的计算机存储介质存储有计算机程序,该计算机程序用于执行上述通话加密的方法。
在本发明实施例的方法、通信终端、基站及计算机存储介质中,主叫端根据预设算法随机生成通话秘钥,通过网络侧发送给被叫端,由于通话秘钥是随机生成的,其被破解的难度极大,使通话内容难以以被获取,且该通话秘钥是根据预设频率进行生成,即每隔预设时间进行更换,即使一个通话秘钥被破解,也难以破解全部的通话秘钥,即不能获取整个通话内容,极强的保护了通话双方的通话内容,为用户的通话提供更安全的保障。
附图说明
图1为实现本发明各个实施例的通信终端的硬件结构示意图;
图2为如图1所示的通信终端的无线通信系统示意图;
图3为本发明实施例提供的通话加密的方法应用于主叫端的流程图;
图4是本发明第一实施例提供的通话加密的方法的实现流程图;
图5是本发明实施例提供的通话加密的方法应用于网络侧的流程图;
图6是本发明第二实施例提供的通话加密的方法的实现流程图;
图7是本发明实施例提供的通信终端的框架结构图;
图8是本发明实施例提供的通信基站的框架结构图。
具体实施方式
为了使本发明实施例所要解决的技术问题、技术方案及有益效果更加清楚、明白,以下结合附图和实施例,对本发明实施例进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。
现在将参考附图描述实现本发明各个实施例的终端。在后续的描述中,使用用于表示元件的诸如“模块”、“部件”或“单元”的后缀仅为了有利 于本发明实施例的说明,其本身并没有特定的意义。因此,"模块"与"部件"可以混合地使用。
终端可以以各种形式来实施。例如,本发明实施例中描述的终端可以包括诸如移动电话、智能电话、笔记本电脑、数字广播接收器、个人数字助理(PDA,Personal Digital Assistant)、平板电脑(PAD)、便携式多媒体播放器(PMP,Portable Media Player)、导航装置等等的终端以及诸如数字TV、台式计算机等等的固定终端。下面,假设终端是通信终端。然而,本领域技术人员将理解的是,除了特别用于移动目的的元件之外,根据本发明的实施方式的构造也能够应用于固定类型的终端。
图1为实现本发明各个实施例的通信终端的硬件结构示意。
通信终端100可以包括无线通信单元110、音频/视频(A/V)输入单元120、用户输入单元130、感测单元140、输出单元150、存储器160、接口单元170、控制器180和电源单元190等等。图1示出了具有各种组件的通信终端,但是应理解的是,并不要求实施所有示出的组件。可以替代地实施更多或更少的组件。将在下面详细描述通信终端的元件。
无线通信单元110通常包括一个或多个组件,其允许通信终端100与无线通信系统或网络之间的无线电通信。例如,无线通信单元可以包括广播接收模块111、移动通信模块112、无线互联网模块113、短程通信模块114和位置信息模块115中的至少一个。
广播接收模块111经由广播信道从外部广播管理服务器接收广播信号和/或广播相关信息。广播信道可以包括卫星信道和/或地面信道。广播管理服务器可以是生成并发送广播信号和/或广播相关信息的服务器或者接收之前生成的广播信号和/或广播相关信息并且将其发送给终端的服务器。广播信号可以包括TV广播信号、无线电广播信号、数据广播信号等等。而且,广播信号可以进一步包括与TV或无线电广播信号组合的广播信号。广播相 关信息也可以经由移动通信网络提供,并且在该情况下,广播相关信息可以由移动通信模块112来接收。广播信号可以以各种形式存在,例如,其可以以数字多媒体广播(DMB,Digital Multimedia Broadcasting)的电子节目指南(EPG,Electronic Program Guide)、数字视频广播手持(DVB-H,Digital Video Broadcasting-Handheld)的电子服务指南(ESG,Electronic Service Guide)等等的形式而存在。广播接收模块111可以通过使用各种类型的广播系统接收信号广播。特别地,广播接收模块111可以通过使用诸如多媒体广播-地面(DMB-T,Digital Multimedia Broadcasting-Terrestrial)、数字多媒体广播-卫星(DMB-S,Digital Multimedia Broadcasting-Satellite)、数字视频广播手持(DVB-H),前向链路媒体(MediaFLO,Media Forward Link Only)的数据广播系统、地面数字广播综合服务(ISDB-T,Integrated Services Digital Broadcasting-Terrestrial)等等的数字广播系统接收数字广播。广播接收模块111可以被构造为适合提供广播信号的各种广播系统以及上述数字广播系统。经由广播接收模块111接收的广播信号和/或广播相关信息可以存储在存储器160(或者其它类型的存储介质)中。
移动通信模块112将无线电信号发送到基站(例如,接入点、节点B等等)、外部终端以及服务器中的至少一个和/或从其接收无线电信号。这样的无线电信号可以包括语音通话信号、视频通话信号、或者根据文本和/或多媒体消息发送和/或接收的各种类型的数据。
无线互联网模块113支持通信终端的无线互联网接入。该模块可以内部或外部地耦接到终端。该模块所涉及的无线互联网接入技术可以包括无线局域网络(WLAN,Wireless Local Area Networks)(Wi-Fi)、无线宽带(Wibro)、全球微波互联接入(Wimax)、高速下行链路分组接入(HSDPA,High Speed Downlink Packet Access)等等。
短程通信模块114是用于支持短程通信的模块。短程通信技术的一些 示例包括蓝牙、射频识别(RFID,Radio Frequency Identification)、红外数据协会(IrDA,Infrared Data Association)、超宽带(UWB,Ultra Wideband)、紫蜂等等。
位置信息模块115是用于检查或获取通信终端的位置信息的模块。位置信息模块的典型示例是全球定位系统(GPS,Global Positioning System)。根据当前的技术,GPS模块115计算来自三个或更多卫星的距离信息和准确的时间信息并且对于计算的信息应用三角测量法,从而根据经度、纬度和高度准确地计算三维当前位置信息。当前,用于计算位置和时间信息的方法使用三颗卫星并且通过使用另外的一颗卫星校正计算出的位置和时间信息的误差。此外,GPS模块115能够通过实时地连续计算当前位置信息来计算速度信息。
A/V输入单元120用于接收音频或视频信号。A/V输入单元120可以包括相机121和麦克风1220,相机121对在视频捕获模式或图像捕获模式中由图像捕获装置获得的静态图片或视频的图像数据进行处理。处理后的图像帧可以显示在显示单元151上。经相机121处理后的图像帧可以存储在存储器160(或其它存储介质)中或者经由无线通信单元110进行发送,可以根据通信终端的构造提供两个或更多相机1210。麦克风122可以在电话通话模式、记录模式、语音识别模式等等运行模式中经由麦克风接收声音(音频数据),并且能够将这样的声音处理为音频数据。处理后的音频(语音)数据可以在电话通话模式的情况下转换为可经由移动通信模块112发送到移动通信基站的格式输出。麦克风122可以实施各种类型的噪声消除(或抑制)算法以消除(或抑制)在接收和发送音频信号的过程中产生的噪声或者干扰。
用户输入单元130可以根据用户输入的命令生成键输入数据以控制通信终端的各种操作。用户输入单元130允许用户输入各种类型的信息,并 且可以包括键盘、锅仔片、触摸板(例如,检测由于被接触而导致的电阻、压力、电容等等的变化的触敏组件)、滚轮、摇杆等等。特别地,当触摸板以层的形式叠加在显示单元151上时,可以形成触摸屏。
感测单元140检测通信终端100的当前状态,(例如,通信终端100的打开或关闭状态)、通信终端100的位置、用户对于通信终端100的接触(即,触摸输入)的有无、通信终端100的取向、通信终端100的加速或减速移动和方向等等,并且生成用于控制通信终端100的操作的命令或信号。例如,当通信终端100实施为滑动型移动电话时,感测单元140可以感测该滑动型电话是打开还是关闭。另外,感测单元140能够检测电源单元190是否提供电力或者接口单元170是否与外部装置耦接。感测单元140可以包括接近传感器1410将在下面结合触摸屏来对此进行描述。
接口单元170用作至少一个外部装置与通信终端100连接可以通过的接口。例如,外部装置可以包括有线或无线头戴式耳机端口、外部电源(或电池充电器)端口、有线或无线数据端口、存储卡端口、用于连接具有识别模块的装置的端口、音频输入/输出(I/O)端口、视频I/O端口、耳机端口等等。识别模块可以是存储用于验证用户使用通信终端100的各种信息并且可以包括用户识别模块(UIM,User Identify Module)、客户识别模块(SIM,Subscriber Identity Module)、通用客户识别模块(USIM,Universal Subscriber Identity Module)等等。另外,具有识别模块的装置(下面称为"识别装置")可以采取智能卡的形式,因此,识别装置可以经由端口或其它连接装置与通信终端100连接。接口单元170可以用于接收来自外部装置的输入(例如,数据信息、电力等等)并且将接收到的输入传输到通信终端100内的一个或多个元件或者可以用于在通信终端和外部装置之间传输数据。
另外,当通信终端100与外部底座连接时,接口单元170可以用作允 许通过其将电力从底座提供到通信终端100的路径或者可以用作允许从底座输入的各种命令信号通过其传输到通信终端的路径。从底座输入的各种命令信号或电力可以用作用于识别通信终端是否准确地安装在底座上的信号。输出单元150被构造为以视觉、音频和/或触觉方式提供输出信号(例如,音频信号、视频信号、警报信号、振动信号等等)。输出单元150可以包括显示单元151、音频输出模块152、警报单元153等等。
显示单元151可以显示在通信终端100中处理的信息。例如,当通信终端100处于电话通话模式时,显示单元151可以显示与通话或其它通信(例如,文本消息收发、多媒体文件下载等等)相关的用户界面(UI,User Interface)或图形用户界面(GUI,Graphical User Interface)。当通信终端100处于视频通话模式或者图像捕获模式时,显示单元151可以显示捕获的图像和/或接收的图像、示出视频或图像以及相关功能的UI或GUI等等。
同时,当显示单元151和触摸板以层的形式彼此叠加以形成触摸屏时,显示单元151可以用作输入装置和输出装置。显示单元151可以包括液晶显示器(LCD,Liquid Crystal Display)、薄膜晶体管LCD(TFT-LCD,Thin Film Transistor-LCD)、有机发光二极管(OLED,Organic Light-Emitting Diode)显示器、柔性显示器、三维(3D)显示器等等中的至少一种。这些显示器中的一些可以被构造为透明状以允许用户从外部观看,这可以称为透明显示器,典型的透明显示器可以例如为透明有机发光二极管(TOLED)显示器等等。根据特定想要的实施方式,通信终端100可以包括两个或更多显示单元(或其它显示装置),例如,通信终端可以包括外部显示单元(未示出)和内部显示单元(未示出)。触摸屏可用于检测触摸输入压力以及触摸输入位置和触摸输入面积。
音频输出模块152可以在通信终端处于呼叫信号接收模式、通话模式、记录模式、语音识别模式、广播接收模式等等模式下时,将无线通信单元 110接收的或者在存储器160中存储的音频数据转换音频信号并且输出为声音。而且,音频输出模块152可以提供与通信终端100执行的特定功能相关的音频输出(例如,呼叫信号接收声音、消息接收声音等等)。音频输出模块152可以包括扬声器、蜂鸣器等等。
警报单元153可以提供输出以将事件的发生通知给通信终端100。典型的事件可以包括呼叫接收、消息接收、键信号输入、触摸输入等等。除了音频或视频输出之外,警报单元153可以以不同的方式提供输出以通知事件的发生。例如,警报单元153可以以振动的形式提供输出,当接收到呼叫、消息或一些其它进入通信(incomingcommunication)时,警报单元153可以提供触觉输出(即,振动)以将其通知给用户。通过提供这样的触觉输出,即使在用户的移动电话处于用户的口袋中时,用户也能够识别出各种事件的发生。警报单元153也可以经由显示单元151或音频输出模块152提供通知事件的发生的输出。
存储器160可以存储由控制器180执行的处理和控制操作的软件程序等等,或者可以暂时地存储己经输出或将要输出的数据(例如,电话簿、消息、静态图像、视频等等)。而且,存储器160可以存储关于当触摸施加到触摸屏时输出的各种方式的振动和音频信号的数据。
存储器160可以包括至少一种类型的存储介质,所述存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等等)、随机访问存储器(RAM,Random Access Memory)、静态随机访问存储器(SRAM,Static Random Access Memory)、只读存储器(ROM,Read Only Memory)、电可擦除可编程只读存储器(EEPROM,Electrically Erasable Programmable Read Only Memory)、可编程只读存储器(PROM,Programmable Read Only Memory)、磁性存储器、磁盘、光盘等等。而且,通信终端100可以与通过网络连接执行存储器160的存储功能的网络存储装置协作。
控制器180通常控制通信终端的总体操作。例如,控制器180执行与语音通话、数据通信、视频通话等等相关的控制和处理。另外,控制器180可以包括用于再现(或回放)多媒体数据的多媒体模块1810,多媒体模块1810可以构造在控制器180内,或者可以构造为与控制器180分离。控制器180可以执行模式识别处理,以将在触摸屏上执行的手写输入或者图片绘制输入识别为字符或图像。
电源单元190在控制器180的控制下接收外部电力或内部电力并且提供操作各元件和组件所需的适当的电力。
这里描述的各种实施方式可以以使用例如计算机软件、硬件或其任何组合的计算机可读介质来实施。对于硬件实施,这里描述的实施方式可以通过使用特定用途集成电路(ASIC,Application Specific Integrated Circuit)、数字信号处理器(DSP,Digital Signal Processing)、数字信号处理装置(DSPD,Digital Signal Processing Device)、可编程逻辑装置(PLD,Programmable Logic Device)、现场可编程门阵列(FPGA,Field Programmable Gate Array)、处理器、控制器、微控制器、微处理器、被设计为执行这里描述的功能的电子单元中的至少一种来实施,在一些情况下,这样的实施方式可以在控制器180中实施。对于软件实施,诸如过程或功能的实施方式可以与允许执行至少一种功能或操作的单独的软件模块来实施。软件代码可以由以任何适当的编程语言编写的软件应用程序(或程序)来实施,软件代码可以存储在存储器160中并且由控制器180执行。
至此,己经按照其功能描述了通信终端。下面,为了简要起见,将描述诸如折叠型、直板型、摆动型、滑动型通信终端等等的各种类型的通信终端中的滑动型通信终端作为示例。因此,本发明能够应用于任何类型的通信终端,并且不限于滑动型通信终端。
如图1中所示的通信终端100可以被构造为利用经由帧或分组发送数 据的诸如有线和无线通信系统以及基于卫星的通信系统来操作。
现在将参考图2描述其中根据本发明实施例的通信终端能够操作的通信系统。
这样的通信系统可以使用不同的空中接口和/或物理层。例如,由通信系统使用的空中接口包括例如频分多址(FDMA,Frequency Division Multiple Access)、时分多址(TDMA,Time Division Multiple Access)、码分多址(CDMA,Code Division Multiple Access)和通用移动通信系统(UMTS,Universal Mobile Telecommunications System)(特别地,长期演进(LTE,Long Term Evolution))、全球移动通信系统(GSM)等等。作为非限制性示例,下面的描述涉及CDMA通信系统,但是这样的教导同样适用于其它类型的系统。
参考图2,CDMA无线通信系统可以包括多个通信终端100、多个基站(BS,Base Station)270、基站控制器(BSC,Base Station Controller)275和移动交换中心(MSC,Mobile Switching Center)280。MSC280被构造为与公共电话交换网络(PSTN,Public Switched Telephone Network)290形成接口。MSC280还被构造为与可以经由回程线路耦接到基站270的BSC275形成接口。回程线路可以根据若干己知的接口中的任一种来构造,所述接口包括例如E1/T1、ATM,IP、PPP、帧中继、HDSL、ADSL或xDSL。将理解的是,如图2中所示的系统可以包括多个BSC2750。
每个BS270可以服务一个或多个分区(或区域),由多向天线或指向特定方向的天线覆盖的每个分区放射状地远离BS270。或者,每个分区可以由用于分集接收的两个或更多天线覆盖。每个BS270可以被构造为支持多个频率分配,并且每个频率分配具有特定频谱(例如,1.25MHz,5MHz等等)。
分区与频率分配的交叉可以被称为CDMA信道。BS270也可以被称为基站收发器子系统(BTS,Base Transceiver Station)或者其它等效术语。在 这样的情况下,术语"基站"可以用于笼统地表示单个BSC275和至少一个BS270。基站也可以被称为"蜂窝站"。或者,特定BS270的各分区可以被称为多个蜂窝站。
如图2中所示,广播发射器(BT,Broadcast Transmitter)295将广播信号发送给在系统内操作的通信终端100。如图1中所示的广播接收模块111被设置在通信终端100处以接收由BT295发送的广播信号。在图2中,示出了几个全球定位系统(GPS)卫星300。卫星300帮助定位多个通信终端100中的至少一个。
在图2中,描绘了多个卫星300,但是理解的是,可以利用任何数目的卫星获得有用的定位信息。如图1中所示的GPS模块115通常被构造为与卫星300配合以获得想要的定位信息。替代GPS跟踪技术或者在GPS跟踪技术之外,可以使用可以跟踪通信终端的位置的其它技术。另外,至少一个GPS卫星300可以选择性地或者额外地处理卫星DMB传输。
作为无线通信系统的一个典型操作,BS270接收来自各种通信终端100的反向链路信号。通信终端100通常参与通话、消息收发和其它类型的通信。特定基站270接收的每个反向链路信号被在特定BS270内进行处理。获得的数据被转发给相关的BSC275。BSC提供通话资源分配和包括BS270之间的软切换过程的协调的移动管理功能。BSC275还将接收到的数据路由到MSC280,其提供用于与PSTN290形成接口的额外的路由服务。类似地,PSTN290与MSC280形成接口,MSC与BSC275形成接口,并且BSC275相应地控制BS270以将正向链路信号发送到通信终端100。
基于上述通信终端硬件结构以及通信系统,提出本发明方法各个实施例。
本发明实施例提供了一种通话加密的方法,用于对通话过程进行更严格的加密保护,防止通话内容被窃听。
图3示出了本发明实施例提供的通话加密方法应用于主叫端的流程,为了便于说明,仅列出与本发明实施例相关的部分,详述如下:
本发明实施例提供的通话加密的方法,应用于主叫端,包括以下步骤:
步骤S100,根据预设算法随机生成通话秘钥。
在步骤S100中,当用户需要呼叫其他用户的通信终端时,其所持有的终端即为主叫端,该主叫端根据预设算法随机生成通话秘钥。
步骤S200,通过网络侧向被叫端发出包括该通话秘钥的呼叫请求。
在步骤S200中,当主叫端发出呼叫请求时,网络侧(通信基站)将主叫端生成的通话秘钥包含在呼叫请求中发送给被叫端。
步骤S300,若该被叫端接受该呼叫请求,则根据该通话秘钥对通话内容进行加密并通过该网络侧发送给该被叫端。
在步骤S300中,若该被叫端接收该通话秘钥,表明该被叫端接受了呼叫请求并接收了该通话秘钥,通话正式建立,主叫端根据该通话秘钥对通话内容进行加密,并通过网络侧将该加密的通话内容发送给该被叫端,该被叫端也通过该通话秘钥对其通话内容进行加密后通过网络侧发回给主叫端。
步骤S400,根据预设频率更换该通话秘钥。
在步骤S400中,主叫端根据预设频率更换该通话秘钥,例如,每10秒根据预设算法随机生成一次通话秘钥,通过网络侧将该通话秘钥发送给被叫端,同时,利用该通话秘钥对当前通话内容进行加密并通过网络侧发送给被叫端,被叫端根据预先接收的通话秘钥对接收的通话内容进行解密收听,并且,被叫端根据当前接收的通话秘钥对其通话内容进行加密后通过网络侧发回给主叫端,形成一个完成的通话链路,且通话秘钥根据预设频率进行更换,也可以根据不规则频率随机更换通话秘钥,增强通信安全。
在本发明实施例,通过主叫端根据预设频率和预设算法随机生成通话 密钥,以对通话内容进行分段加密,可以更有效的保护通话内容不被监听或被全部监听。
实施例一:
图4示出了本发明第一实施例提供的通话加密方法应用于主叫端的实现流程,为了便于说明,仅列出与本发明实施例相关的部分,详述如下:
作为本发明一优选实施例,步骤S400包括以下步骤:
步骤S401,根据预设频率和该预设算法随机生成通话秘钥;
步骤S402,通过该网络侧向该被叫端发送该随机生成的通话秘钥;
步骤S403,根据该预设频率以及该随机生成的通话秘钥对通话内容进行加密并通过该网络侧发送给该被叫端。
在本发明实施例中,当通话链路建立成功后,主叫端根据预设频率和预设算法随机生成通话秘钥,每隔预设周期通过网络侧将生成的通话秘钥传送给被叫端,并利用该通话秘钥对通话内容进行加密后通过网络侧发送给被叫端。
图5是本发明实施例提供的通话加密方法应用于网络侧的流程,为了便于说明,仅列出与本发明实施例相关的部分,详述如下:
本发明实施例提供的应用于网络侧的通话加密方法,包括以下步骤:
步骤S500,接收主叫端发送的包括通话秘钥的呼叫请求。
在步骤S500中,接收主叫端发出的呼叫请求,该呼叫请求包括通话秘钥,由于主叫端发出的通话内容在传输前被该通话秘钥进行加密,需要在呼叫时将该通话秘钥发送给被叫端,以利于被叫端根据事先接收的通话秘钥对后续接收的通话内容进行解密接听。
步骤S600,向被叫端发送包括该通话秘钥的呼叫请求。
步骤S700,若该被叫端接受该呼叫请求,则接收该主叫端根据该通话密钥加密的通话内容并将该加密的通话内容发送给该被叫端;
步骤S800,转发该主叫端根据预设频率更换的通话密钥以及根据该更换的通话密钥加密的通话内容。
在本发明实施例中,主叫端根据预设算法生成的通话秘钥都有一个生命周期,每隔一段时间就会更换通话秘钥和根据该更换后的通话秘钥加密的通话内容,网络侧首先将更换的通话秘钥发送给被叫端,然后将根据该更换后的通话秘钥加密的通话内容发送给被叫端。
实施例二:
图6示出了本发明第二实施例提供的通话加密方法应用于网络侧的实现流程,为了便于说明,仅列出与本发明实施例相关的部分,详述如下:
作为本发明一优选实施例,步骤S800包括以下步骤:
步骤S801,接收并向该被叫端发送该主叫端根据预设频率随机生成的通话秘钥;
步骤S802,接收并向该被叫端发送该主叫端根据该随机生成的通话秘钥加密的通话内容。
在本发明实施例中,网络侧先向被叫端发送主叫端生成的通话秘钥,然后发送主叫端根据该通话秘钥加密的通话内容,便于被叫端对接收的通话内容进行解密接听。
图7示出了本发明实施例提供的通信终端的框架结构,为了便于说明,仅列出与本发明实施例相关的部分,详述如下:
本发明实施例提供了一种通信终端1,包括
秘钥生成单元101,配置为根据预设算法随机生成通话秘钥;
第一呼叫单元102,配置为通过网络侧向被叫端发出包括该通话秘钥的呼叫请求;
第一判断单元103,配置为判断该被叫端是否接收该呼叫请求;
加密单元104,配置为根据该通话秘钥对通话内容进行加密;
第一发送单元105,配置为将根据该通话秘钥加密的通话内容通过该网络侧发送给该被叫端;
更换单元106,配置为根据预设频率更换该通话秘钥。
在本发明实施例中,通信终端包括座机、手机、平板电脑、电子阅读器等,本发明实施例提供的通信终端对应于上述实施例中的主叫端和被叫端,其工作原理和实施方式与上述实施例对应,这里及以下实施例就不在赘述。
作为本发明一优选实施例,更换单元106还配置为:
控制该通话秘钥生成单元101根据预设频率和该预设算法随机生成通话秘钥;
控制该第一发送单元105通过该网络侧向该被叫端发送该随机生成的通话秘钥;
控制该加密单元104根据该预设频率以及该随机生成的通话秘钥对通话内容进行加密;
并控制该第一发送单元105将根据该随机生成的通话秘钥加密的通话内容通过该网络侧发送给该被叫端。
实际应用中,上述各个单元的具体功能可由位于通信终端中的中央处理器(CPU,Central Processing Unit)、或数字信号处理器(DSP,Digital Signal Processor)、或可编程门阵列(FPGA,Field-Programmable Gate Array)实现。
图8示出了本发明实施例提供的通信基站的框架结构,为了便于说明,仅列出与本发明实施例相关的部分,详述如下:
本发明实施例提供了一种通信基站2,包括:
接收单元201,配置为接收主叫端发送的包括通话秘钥的呼叫请求以及根据该通话密钥加密的通话内容;
第二呼叫单元202,配置为向被叫端发送包括该通话秘钥的呼叫请求;
第二判断单元203,配置为判断该被叫端是否接收该呼叫请求;
第二发送单元204,配置为将该加密的通话内容发送给该被叫端;
转发单元205,配置为转发该主叫端根据预设频率更换的通话密钥以及根据该更换的通话密钥加密的通话内容。
作为本发明一优选实施例,转发单元205还配置为:
控制该接收单元201接收该主叫端根据预设频率随机生成的通话秘钥,以及根据该随机生成的通话秘钥加密的通话内容;
控制该第二发送单元204向该被叫端发送该主叫端根据预设频率随机生成的通话秘钥,以及根据该随机生成的通话秘钥加密的通话内容。
需要说明的是,上述方法实施例中的技术特征在该通信终端和通信基站均对应适用,这里不再重述。
实际应用中,上述各个单元的具体功能可由位于通信基站中的中央处理器(CPU,Central Processing Unit)、或数字信号处理器(DSP,Digital Signal Processor)、或可编程门阵列(FPGA,Field-Programmable Gate Array)实现。
在本发明实施例的方法、通信终端和基站中,主叫端根据预设算法随机生成通话秘钥,通过网络侧发送给被叫端,由于通话秘钥是随机生成的,其被破解的难度极大,使通话内容难以以被获取,且该通话秘钥是根据预设频率进行生成,即每隔预设时间进行更换,即使一个通话秘钥被破解,也难以破解全部的通话秘钥,即不能获取整个通话内容,极强的保护了通话双方的通话内容,为用户的通话提供更安全的保障。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来控制相关的硬件完成,所述的程序可以在存储于一计算机可读取存储介质中,所述的存储介质,如ROM/RAM、磁盘、光盘等。
本发明实施例上述业务信令跟踪的装置如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本发明各个实施例所述方法的全部或部分。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read Only Memory)、磁碟或者光盘等各种可以存储程序代码的介质。这样,本发明实施例不限制于任何特定的硬件和软件结合。
相应地,本发明实施例还提供一种计算机存储介质,其中存储有计算机程序,该计算机程序用于执行本发明实施例的通话加密的方法。
以上参照附图说明了本发明的优选实施例,并非因此局限本发明的权利范围。本领域技术人员不脱离本发明的范围和实质,可以有多种变型方案实现本发明,比如作为一个实施例的特征可用于另一实施例而得到又一实施例。凡在运用本发明的技术构思之内所作的任何修改、等同替换和改进,均应在本发明的权利范围之内。

Claims (9)

  1. 一种通话加密的方法,应用于主叫端,所述方法包括:
    根据预设算法随机生成通话秘钥;
    通过网络侧向被叫端发出包括所述通话秘钥的呼叫请求;
    若所述被叫端接受所述呼叫请求,则根据所述通话秘钥对通话内容进行加密并通过所述网络侧发送给所述被叫端;
    根据预设频率更换所述通话秘钥。
  2. 如权利要求1所述的方法,其中,所述根据预设频率更换所述通话秘钥,包括:
    根据预设频率和所述预设算法随机生成通话秘钥;
    通过所述网络侧向所述被叫端发送所述随机生成的通话秘钥;
    根据所述预设频率以及所述随机生成的通话秘钥对通话内容进行加密并通过所述网络侧发送给所述被叫端。
  3. 一种通话加密的方法,应用于网络侧,所述方法包括:
    接收主叫端发送的包括通话秘钥的呼叫请求;
    向被叫端发送包括所述通话秘钥的呼叫请求;
    若所述被叫端接受所述呼叫请求,则接收所述主叫端根据所述通话密钥加密的通话内容并将所述加密的通话内容发送给所述被叫端;
    转发所述主叫端根据预设频率更换的通话密钥以及根据所述更换的通话密钥加密的通话内容。
  4. 如权利要求3所述的方法,其中,所述转发所述主叫端根据预设频率更换的通话密钥以及根据所述更换的通话密钥加密的通话内容,包括:
    接收并向所述被叫端发送所述主叫端根据预设频率随机生成的通话秘钥;
    接收并向所述被叫端发送所述主叫端根据所述随机生成的通话秘钥加 密的通话内容。
  5. 一种通信终端,所述通信终端包括:
    秘钥生成单元,配置为根据预设算法随机生成通话秘钥;
    第一呼叫单元,配置为通过网络侧向被叫端发出包括所述通话秘钥的呼叫请求;
    第一判断单元,配置为判断所述被叫端是否接收所述呼叫请求;
    加密单元,配置为根据所述通话秘钥对通话内容进行加密;
    第一发送单元,配置为将根据所述通话秘钥加密的通话内容通过所述网络侧发送给所述被叫端;
    更换单元,配置为根据预设频率更换所述通话秘钥。
  6. 如权利要求5所述的通信终端,其中,所述更换单元还配置为:
    控制所述通话秘钥生成单元根据预设频率和所述预设算法随机生成通话秘钥;
    控制所述第一发送单元通过所述网络侧向所述被叫端发送所述随机生成的通话秘钥;
    控制所述加密单元根据所述预设频率以及所述随机生成的通话秘钥对通话内容进行加密;
    并控制所述第一发送单元将根据所述随机生成的通话秘钥加密的通话内容通过所述网络侧发送给所述被叫端。
  7. 一种通信基站,所述通信基站包括:
    接收单元,配置为接收主叫端发送的包括通话秘钥的呼叫请求以及根据所述通话密钥加密的通话内容;
    第二呼叫单元,配置为向被叫端发送包括所述通话秘钥的呼叫请求;
    第二判断单元,配置为判断所述被叫端是否接收所述呼叫请求;
    第二发送单元,配置为将所述加密的通话内容发送给所述被叫端;
    转发单元,配置为转发所述主叫端根据预设频率更换的通话密钥以及根据所述更换的通话密钥加密的通话内容。
  8. 如权利要求7所述的通信基站,其中,所述转发单元还配置为:
    控制所述接收单元接收所述主叫端根据预设频率随机生成的通话秘钥,以及根据所述随机生成的通话秘钥加密的通话内容;
    控制所述第二发送单元向所述被叫端发送所述主叫端根据预设频率随机生成的通话秘钥,以及根据所述随机生成的通话秘钥加密的通话内容。
  9. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,该计算机可执行指令配置为执行权利要求1-4任一项所述的通话加密的方法。
PCT/CN2015/085413 2014-07-29 2015-07-29 一种通话加密的方法、通信终端、基站及计算机存储介质 WO2016015643A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410366822.1 2014-07-29
CN201410366822.1A CN104113836B (zh) 2014-07-29 2014-07-29 一种通话加密的方法、通信终端及基站

Publications (1)

Publication Number Publication Date
WO2016015643A1 true WO2016015643A1 (zh) 2016-02-04

Family

ID=51710439

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/085413 WO2016015643A1 (zh) 2014-07-29 2015-07-29 一种通话加密的方法、通信终端、基站及计算机存储介质

Country Status (2)

Country Link
CN (1) CN104113836B (zh)
WO (1) WO2016015643A1 (zh)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113836B (zh) * 2014-07-29 2016-03-30 努比亚技术有限公司 一种通话加密的方法、通信终端及基站
CN104640108A (zh) * 2015-01-28 2015-05-20 深圳市比维视创科技有限公司 一种终端通话语音加密方法及语音加密系统
CN105577673A (zh) * 2015-12-29 2016-05-11 深圳市瑞铭无限科技有限公司 基于下发加密算法的数据加密方法和服务器
CN106488047B (zh) * 2016-12-20 2020-08-11 惠州Tcl移动通信有限公司 一种基于移动终端的通话数据传输控制方法及系统

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1202060A (zh) * 1997-05-21 1998-12-16 阿尔卡塔尔-阿尔斯托姆通用电气公司 移动无线网络终端间进行直接加密通信的方法及相应设施
CN1283063A (zh) * 1999-09-09 2001-02-07 深圳市中兴通讯股份有限公司 手机加密的方法
CN101159907A (zh) * 2007-11-20 2008-04-09 青岛海信移动通信技术股份有限公司 一种多模移动通信终端的加密方法及加密系统
US20100303233A1 (en) * 2009-05-26 2010-12-02 Fujitsu Limited Packet transmitting and receiving apparatus and packet transmitting and receiving method
CN101909290A (zh) * 2010-08-25 2010-12-08 中兴通讯股份有限公司 一种实现语音通话加密的方法及系统及移动终端
CN101917711A (zh) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 一种移动通信系统及其语音通话加密的方法
CN104113836A (zh) * 2014-07-29 2014-10-22 深圳市中兴移动通信有限公司 一种通话加密的方法、通信终端及基站

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103596169B (zh) * 2012-08-16 2018-07-27 南京中兴软件有限责任公司 集群系统加密终端与加密模块的通讯方法、系统及终端

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1202060A (zh) * 1997-05-21 1998-12-16 阿尔卡塔尔-阿尔斯托姆通用电气公司 移动无线网络终端间进行直接加密通信的方法及相应设施
CN1283063A (zh) * 1999-09-09 2001-02-07 深圳市中兴通讯股份有限公司 手机加密的方法
CN101159907A (zh) * 2007-11-20 2008-04-09 青岛海信移动通信技术股份有限公司 一种多模移动通信终端的加密方法及加密系统
US20100303233A1 (en) * 2009-05-26 2010-12-02 Fujitsu Limited Packet transmitting and receiving apparatus and packet transmitting and receiving method
CN101909290A (zh) * 2010-08-25 2010-12-08 中兴通讯股份有限公司 一种实现语音通话加密的方法及系统及移动终端
CN101917711A (zh) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 一种移动通信系统及其语音通话加密的方法
CN104113836A (zh) * 2014-07-29 2014-10-22 深圳市中兴移动通信有限公司 一种通话加密的方法、通信终端及基站

Also Published As

Publication number Publication date
CN104113836A (zh) 2014-10-22
CN104113836B (zh) 2016-03-30

Similar Documents

Publication Publication Date Title
WO2016173422A1 (zh) 多屏互动方法及系统
WO2016173467A1 (zh) 虚拟卡信息的处理方法及系统
WO2017071481A1 (zh) 一种移动终端及其实现分屏的方法
WO2017071310A1 (zh) 视频通话系统、装置和方法
CN105208011B (zh) 一种验证系统及方法
CN106413128B (zh) 一种投影方法及移动终端
WO2017008722A1 (zh) 一种基于内外网分离的通信方法、服务器及系统
WO2017032118A1 (zh) 来电处理方法、装置及系统
CN106817377A (zh) 一种数据加密装置、解密装置及方法
WO2017113961A1 (zh) 数据加密装置及方法、存储介质
WO2016015643A1 (zh) 一种通话加密的方法、通信终端、基站及计算机存储介质
CN104834863A (zh) Wi-Fi密码存储方法及装置
CN105184183A (zh) 一种聊天记录加密方法及移动终端
WO2017201896A1 (zh) 一种安全存储移动终端密码的方法及装置
WO2016155425A1 (zh) 数据发送操作撤销方法、装置及计算机存储介质
CN104618382B (zh) 一种实现信息无痕访问的方法及装置
CN106255114A (zh) 一种终端及其识别伪基站的方法
CN105282155B (zh) 一种终端间进行交互的权限控制方法、装置及系统
CN104836910A (zh) 一种移动终端应用权限切换的方法及移动终端
CN105095705B (zh) 一种信息处理方法及装置
WO2018010640A1 (zh) 一种基于虚拟卡的通信方法及装置、计算机存储介质
WO2017071582A1 (zh) 移动终端及其无线网络连接方法、存储介质
CN104702781A (zh) 一种信息加密的方法及装置
CN106453854B (zh) 应用分享的装置及方法
CN105740728B (zh) 移动终端、数据加密或解密方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15827372

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 23/06/2017 )

122 Ep: pct application non-entry in european phase

Ref document number: 15827372

Country of ref document: EP

Kind code of ref document: A1