WO2016082401A1 - Conversation method and apparatus, user terminal and computer storage medium - Google Patents

Conversation method and apparatus, user terminal and computer storage medium Download PDF

Info

Publication number
WO2016082401A1
WO2016082401A1 PCT/CN2015/075398 CN2015075398W WO2016082401A1 WO 2016082401 A1 WO2016082401 A1 WO 2016082401A1 CN 2015075398 W CN2015075398 W CN 2015075398W WO 2016082401 A1 WO2016082401 A1 WO 2016082401A1
Authority
WO
WIPO (PCT)
Prior art keywords
user terminal
data
verification
identity
verification result
Prior art date
Application number
PCT/CN2015/075398
Other languages
French (fr)
Chinese (zh)
Inventor
任斌
钟安利
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016082401A1 publication Critical patent/WO2016082401A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • Embodiments of the present invention relate to call security technologies in the field of communications, and in particular, to a call method, apparatus, user terminal, and computer storage medium.
  • the purpose of the embodiments of the present invention is to provide a method, a device, a user terminal, and a computer storage medium, which can prevent user identity from being tampered with and ensure call security.
  • the embodiment of the invention provides a method for calling, which is applied to a first user terminal, and includes:
  • the verifying the identity of the second user terminal, and obtaining a verification result includes:
  • the first digital certificate is verified by using the root certificate of the certificate authority. If the verification is successful, the verification result is that the identity verification is successful. Otherwise, the verification result is that the identity verification fails.
  • the verifying the identity of the second user terminal, and obtaining a verification result includes:
  • the verification result is that the authentication is successful. Otherwise, the verification result is an identity verification failure.
  • the verifying the identity of the second user terminal is specifically performed by using a voice link used by the voice call.
  • the method further comprises:
  • the password is used to encrypt and decrypt the voice data that is exchanged between the first user terminal and the second user terminal by using the voice link.
  • the embodiment of the invention further provides a call device, which is applied to a first user terminal, and includes:
  • the verification module is configured to verify the identity of the second user terminal and obtain a verification result during a voice call between the first user terminal and a second user terminal;
  • a maintaining module configured to maintain the voice when the verification result is that the authentication is successful call
  • the verification module comprises:
  • the verification unit is configured to use the root certificate of the certificate authority to verify the first digital certificate. If the verification is successful, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
  • the verification module comprises:
  • a receiving unit configured to receive the signed data
  • the encryption module is configured to use the public key of the first user terminal to encrypt the password to obtain a first ciphertext
  • a sending module configured to send the first ciphertext to the first user terminal, so that the first user terminal can receive the first ciphertext, and use the private key of the first user terminal
  • the first ciphertext is decrypted and restored to obtain the password.
  • FIG. 1 is a flow chart showing the steps of a signal mixing output method according to an embodiment of the present invention
  • FIG. 2 shows the main functions of a trusted authentication center in accordance with a preferred embodiment of the present invention
  • FIG. 3 is a diagram of generating a certificate according to a preferred embodiment of the present invention.
  • FIG. 7 is a process of identity authentication and password negotiation before a call is established according to a preferred embodiment of the present invention.
  • FIG. 8 is a structural block diagram of a signal mixing output device according to an embodiment of the present invention.
  • FIG. 1 is a flow chart showing the steps of a signal mixing output method according to an embodiment of the present invention.
  • an embodiment of the present invention provides a method for ensuring call security, including the following steps:
  • Step 101 During the voice call between the first user terminal and a second user terminal, verify the identity of the second user terminal, and obtain a verification result.
  • Step 102 When the verification result is that the identity verification is successful, maintaining the voice call.
  • the method is applied to a first user terminal.
  • the user can end the call when determining that there is a problem with the identity of the peer call user, thereby preventing the user identity from being tampered and ensuring the call security.
  • the user terminal is, for example, a mobile phone.
  • the verifying the identity of the second user terminal, and obtaining a verification result may be implemented in multiple manners, as follows:
  • the verifying the identity of the second user terminal, and obtaining a verification result may include:
  • the first digital certificate is verified by using the root certificate of the certificate authority. If the verification is successful, the verification result is that the identity verification is successful. Otherwise, the verification result is that the identity verification fails.
  • the verifying the identity of the second user terminal, and obtaining a verification result may include:
  • the verification result is that the authentication is successful. Otherwise, the verification result is an identity verification failure.
  • the verifying the identity of the second user terminal may be performed by using a voice link used by the voice call.
  • it may further comprise:
  • the preferred embodiment provides a method for preventing call spoofing and call eavesdropping based on a digital certificate.
  • Digital certificate technology is widely used in the field of computer security.
  • the principle of cryptography can be used to uniquely confirm the identity of the owner of a digital certificate. Therefore, digital certificate technology can be used to confirm the identity of the other party during a telephone call.
  • the preferred embodiment utilizes cryptographic principles to ensure that the identity of both parties to the call is trusted in the use of telecommunications voice services, as well as ensuring the confidentiality of the content of the call.
  • the preferred embodiment adopts the following technical solutions, first establishing a trusted authentication center, referred to as CA, which is responsible for the generation of digital certificates, and issuance, certificate downloading, and certificate cancellation.
  • An identity-sensitive group each of whom can apply for a digital certificate at the CA.
  • the certificate mainly contains information such as the certificate ID, telephone number, expiration date, and identity of the holder.
  • Each certificate corresponds to a pair of RSA encryption algorithm keys, the public key is disclosed in the certificate, and the private key is only held by the certificate owner.
  • both the calling party and the called party need to use the certificate's key for authentication and negotiate the encrypted password of the subsequent call.
  • the preferred embodiment is mainly implemented by a certificate authority (CA) and a phone terminal.
  • the CA includes a certificate generation module, a certificate storage module, a certificate download module, and a certificate cancellation module.
  • the phone terminal is an identity authentication module and a key negotiation module. And a pulse code modulation (PCM, Pulse Code Modulation) encryption module.
  • PCM pulse code modulation
  • Step B The user applies for a digital certificate through the CA, and signs the certificate with the private key of the CA;
  • Step F After the phone is connected, A sends its own certificate ID to B through the voice channel of the PCM, and B also sends the certificate ID to A;
  • Trojans can only be checked by anti-virus software, but if the virus database is not updated in time, a new Trojan will be implanted for eavesdropping.
  • the entire PCM path is obtained from the hardware.
  • the voice signal will be encrypted immediately, until the peer end is converted into a voice signal before decryption, so the entire network path is transmitted in ciphertext, from which node to eavesdrop, the acquired data can not restore the voice signal, so All of the above eavesdropping problems can be solved.
  • the certificate authority needs to be responsible for certificate generation, certificate download, certificate storage, and certificate logout. Users join the trusted group and need to apply for digital certificates in the CA. As shown in Figure 3, the CA submits information according to the user. The phone number, which generates a standard X.509 certificate format, is signed with the CA's private key, and the generated certificate can be distributed to the user and retained on the CA storage server. If the user quits the trusted group, the certificate needs to be revoked. The CA needs to mark the certificate in the storage server and is logged out. During use, the user can return a certificate to the certificate file according to the certificate ID, or the error message that the certificate does not exist or has been logged out.
  • the two call users and the CA need to communicate with each other during the establishment of the call.
  • the end user and the CA communication need to be connected via the internet, and the Wi-Fi connection of the mobile phone or the 3G/4G data service can be used.
  • the identity authentication and password negotiation before establishing a secure voice channel need to pass through the original PCM voice channel;
  • the software of the present invention is divided into two parts in the smart terminal, one is certificate authentication and password negotiation, and is implemented in the application layer by an application processor (AP, Application Processor), and the other is a voice encryption part.
  • the kernel is implemented by the AP.
  • the AP and some baseband processors BP, Baseband Processor
  • BP Baseband Processor
  • the encryption module is placed in the kernel part, and the sound card device driver collects the PCM voice. It will be encrypted immediately, so the voice data collected through the application layer is encrypted.
  • Certificate authentication and password negotiation are used to verify the identity of the other party. If the identity untrusted call ends immediately, after the identity authentication is completed, the encrypted password is negotiated with the other party.
  • the password is passed to the kernel's encryption module to encrypt and decrypt the PCM data.
  • the voice data is transmitted through the microphone to collect the voice signal, which is converted into a digital signal by hardware.
  • the software driver obtains the PCM data and encrypts it immediately.
  • the encryption the data length does not change, so the original data is still used.
  • the format and rate are sent to the network for delivery.
  • the other party receives the encrypted data, it is processed in the kernel. Decrypting, decrypting to obtain the original PCM data, and the sound card driver transfers the PCM data to the hardware to restore the voice signal;
  • the certification center CA is established, and both A and B apply for a certificate at the CA, and both A and B have a RAS private corresponding to their own certificate. Key password.
  • A dials B's phone, B rings, and answers the call.
  • the original PCM voice link has been opened, and the subsequent A/B data exchanges all pass through this link.
  • the method of transmitting data through the PCM voice channel by both A/B parties after the two parties are connected, there will be two-way PCM transmission and reception channels, A->B and B->A.
  • the data to be sent is encapsulated starting with 0x7E and in the general way ending with 0x7E.
  • the last byte of a set of data is used as a CRC check. If the checksum is incorrect, a retransmission mechanism is required.
  • 0x7E only in the authentication and password negotiation phase, there is no need to wrap the data with 0x7E after the password negotiation is completed. It is to be noted that the present invention is only suitable for delivering voice-coded uncompressed and lossless communication networks.
  • Certificate download and verification A sends the certificate ID to B, and B also sends its own certificate ID to A.
  • the CA first queries the certificate according to the certificate ID. If it does not exist, the error is sent. Then check whether the certificate is logged out. If it is logged out, it returns an error. If the certificate exists and is legal, then B returns A's certificate file. After B gets the certificate file of A, it uses the CA's public key to verify the certificate. If the certificate verification fails, exit the call. Then extract the phone number in the certificate and compare it with the caller number. If the phone number and the caller number in the certificate do not match, the call ends. A verify the certificate and telephone number of B in the same manner as above;
  • a and B get the legal certificate of the other party, A then generates the random number RA, and sends the data of the number NB of the B and B to B, and the signature result is SIGN (R. A+NB) is sent to A, and A uses B's certificate to verify the signature result. If the signature is correct, B's identity is legal. Similarly, B generates a random number RB, sends it and A's number NA composition data to A, A signs it and sends the signature result SIGN(R.B+NA) to B, and B uses A's certificate to perform the signature result. Verify that if the signature is correct, the identity of A is legal.
  • Password negotiation A generates a random number KEY and encrypts it with B's public key and sends it to B and B. Its decryption acquires KEY;
  • both parties get the KEY
  • use KEY to encrypt the PCM stream to be sent to the other party.
  • the obtained ciphertext length is equal to the original PCM data length, so the network transmission method does not need to be done. Any changes are still transmitted in accordance with the previous code rate and method.
  • the receiver receives the ciphertext of the same length at a constant rate, decrypts it with the KEY, acquires the original PCM data, and then converts it into the original sound signal.
  • a maintaining module configured to maintain the voice call when the verification result is that the authentication is successful
  • the verification module may include:
  • An acquiring unit configured to interact with the second user terminal and an authentication center to obtain a signed digital certificate, where the signed digital certificate is applied by the second user terminal from the authentication center to the first digital certificate And signing the first digital certificate by using a private key of the authentication center, and saving the first digital certificate to a server of the authentication center;
  • the verification unit is configured to use the root certificate of the certificate authority to verify the first digital certificate. If the verification is successful, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
  • a receiving unit configured to receive the signed data
  • the determining unit is configured to determine whether the second data is the same as the first data. If the same, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
  • it may further comprise:
  • a sending module configured to send the first ciphertext to the first user terminal, so that the first user terminal can receive the first ciphertext, and use the private key of the first user terminal
  • the first ciphertext is decrypted and restored to obtain the password.
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the steps of the foregoing method embodiments are included; and the foregoing storage medium includes: a mobile storage device, a random access memory (RAM, Random)
  • RAM random access memory
  • RAM random access memory
  • ROM Read-Only Memory
  • the above-described integrated unit of the present invention may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product, which is stored in a storage medium and includes a plurality of instructions for making
  • a computer device which may be a personal computer, server, or network device, etc.
  • the foregoing storage medium includes various media that can store program codes, such as a mobile storage device, a RAM, a ROM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

Provided are a conversation method and apparatus, a user terminal and a computer storage medium. The conversation method comprises: in a process of voice conversation between a first user terminal and a second user terminal, verifying the identity of the second user terminal, so as to obtain a verification result; when the verification result is that the identity verification is successful, maintaining the voice conversation; and when the verification result is that the identity verification is unsuccessful, ending the voice conversation.

Description

通话方法、装置、用户终端及计算机存储介质Call method, device, user terminal and computer storage medium 技术领域Technical field
本发明实施例涉及通信领域的通话安全技术,尤其涉及一种通话方法、装置、用户终端及计算机存储介质。Embodiments of the present invention relate to call security technologies in the field of communications, and in particular, to a call method, apparatus, user terminal, and computer storage medium.
背景技术Background technique
随着电信业务的快速发展,各种语音通话功能已经非常普及,在电信业务中,来电显示业务都会用到,电话被叫方会根据来电显示的电话号码判断电话对方的身份,但是现在有一种非法的技术,会在网络中修改主叫号码,控制被叫方的来电显示号码,将电话号码伪装成某个被叫方信任的号码,达到欺骗被叫的目的,所以在涉及到重大利益关系的语音通话过程中,仅仅根据来电显示对对方进行信任是不可靠的。With the rapid development of telecommunication services, various voice call functions have become very popular. In the telecommunication service, the caller ID service will be used, and the called party will judge the identity of the other party according to the phone number displayed by the caller, but now there is a kind of Illegal technology will modify the calling number in the network, control the caller ID number of the called party, disguise the phone number as a number trusted by the called party, and achieve the purpose of deceiving the called party, so it involves a major interest relationship. During the voice call, it is unreliable to trust the other party based solely on the caller ID.
发明内容Summary of the invention
本发明实施例的目的是提供一种通话方法、装置、用户终端及计算机存储介质,能够防止用户身份被篡改,保证通话安全。The purpose of the embodiments of the present invention is to provide a method, a device, a user terminal, and a computer storage medium, which can prevent user identity from being tampered with and ensure call security.
本发明实施例提供方案如下:The solution provided by the embodiment of the present invention is as follows:
本发明实施例提供一种通话方法,应用于一第一用户终端,包括:The embodiment of the invention provides a method for calling, which is applied to a first user terminal, and includes:
在所述第一用户终端与一第二用户终端之间进行语音通话的过程中,对所述第二用户终端的身份进行验证,获取一验证结果;During the process of performing a voice call between the first user terminal and a second user terminal, verifying the identity of the second user terminal to obtain a verification result;
当所述验证结果为身份验证成功时,保持所述语音通话;And maintaining the voice call when the verification result is that the identity verification is successful;
当所述验证结果为身份验证失败时,结束所述语音通话。When the verification result is that the authentication fails, the voice call is ended.
优选地,所述对所述第二用户终端的身份进行验证,获取一验证结果包括:Preferably, the verifying the identity of the second user terminal, and obtaining a verification result includes:
与所述第二用户终端和一认证中心交互,获取一签名后数字证书,所述签名后数字证书由所述第二用户终端从所述认证中心申请到第一数字证书后,利用所述认证中心的私钥对所述第一数字证书签名后得到并保存到所述认证中心的服务器中; Interacting with the second user terminal and an authentication center to obtain a signed digital certificate, after the signed digital certificate is applied by the second user terminal from the authentication center to the first digital certificate, using the authentication The private key of the center is obtained by signing the first digital certificate, and is saved to a server of the authentication center;
利用所述认证中心的根证书,对所述第一数字证书进行验证,如果验证成功,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The first digital certificate is verified by using the root certificate of the certificate authority. If the verification is successful, the verification result is that the identity verification is successful. Otherwise, the verification result is that the identity verification fails.
优选地,所述对所述第二用户终端的身份进行验证,获取一验证结果包括:Preferably, the verifying the identity of the second user terminal, and obtaining a verification result includes:
生成一第一数据;Generating a first data;
将所述第一数据发送给所述第二用户终端,使得所述第二用户终端能够利用所述第二用户终端的私钥,对所述第一数据进行签名后,得到一签名后数据,并将所述签名后数据发送给所述第一用户终端;Transmitting the first data to the second user terminal, so that the second user terminal can use the private key of the second user terminal to sign the first data, and obtain a signed data. And sending the signed data to the first user terminal;
接收所述签名后数据;Receiving the signed data;
利用所述第二用户终端的公钥,对所述签名后数据进行解密后,得到第二数据;Decrypting the signed data by using a public key of the second user terminal to obtain second data;
判断所述第二数据与所述第一数据是否相同,如果相同,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。Determining whether the second data is the same as the first data. If the same, the verification result is that the authentication is successful. Otherwise, the verification result is an identity verification failure.
优选地,所述对所述第二用户终端的身份进行验证具体通过所述语音通话所采用的语音链路进行。Preferably, the verifying the identity of the second user terminal is specifically performed by using a voice link used by the voice call.
优选地,还包括:Preferably, the method further comprises:
当所述验证结果为身份验证成功时,生成一随机数作为密码,所述密码用于加解密所述第一用户终端与所述第二用户终端之间利用所述语音链路交互的语音数据;When the verification result is that the authentication is successful, generating a random number as a password, the password is used to encrypt and decrypt the voice data that is exchanged between the first user terminal and the second user terminal by using the voice link. ;
利用所述第一用户终端的公钥,对所述密码进行加密后得到一第一密文;Encrypting the password by using a public key of the first user terminal to obtain a first ciphertext;
将所述第一密文发送给所述第一用户终端,使得所述第一用户终端能够接收所述第一密文,并利用所述第一用户终端的私钥对所述第一密文解密后还原得到所述密码。Transmitting the first ciphertext to the first user terminal, so that the first user terminal is capable of receiving the first ciphertext, and using the private key of the first user terminal to the first ciphertext The password is restored after decryption.
本发明实施例还提供一种通话装置,应用于一第一用户终端,包括:The embodiment of the invention further provides a call device, which is applied to a first user terminal, and includes:
验证模块,配置为在所述第一用户终端与一第二用户终端之间进行语音通话的过程中,对所述第二用户终端的身份进行验证,获取一验证结果;The verification module is configured to verify the identity of the second user terminal and obtain a verification result during a voice call between the first user terminal and a second user terminal;
保持模块,配置为当所述验证结果为身份验证成功时,保持所述语音 通话;a maintaining module configured to maintain the voice when the verification result is that the authentication is successful call;
结束模块,配置为当所述验证结果为身份验证失败时,结束所述语音通话。And ending the module, configured to end the voice call when the verification result is that the authentication fails.
优选地,所述验证模块包括:Preferably, the verification module comprises:
获取单元,配置为与所述第二用户终端和一认证中心交互,获取一签名后数字证书,所述签名后数字证书由所述第二用户终端从所述认证中心申请到第一数字证书后,利用所述认证中心的私钥对所述第一数字证书签名后保存到所述认证中心的服务器中;An acquiring unit, configured to interact with the second user terminal and an authentication center to obtain a signed digital certificate, where the signed digital certificate is applied by the second user terminal from the authentication center to the first digital certificate And signing the first digital certificate by using a private key of the authentication center, and saving the first digital certificate to a server of the authentication center;
验证单元,配置为利用所述认证中心的根证书,对所述第一数字证书进行验证,如果验证成功,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The verification unit is configured to use the root certificate of the certificate authority to verify the first digital certificate. If the verification is successful, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
优选地,所述验证模块包括:Preferably, the verification module comprises:
生成单元,配置为生成一第一数据;Generating a unit configured to generate a first data;
发送单元,配置为将所述第一数据发送给所述第二用户终端,使得所述第二用户终端能够利用所述第二用户终端的私钥,对所述第一数据进行签名后,得到一签名后数据,并将所述签名后数据发送给所述第一用户终端;a sending unit, configured to send the first data to the second user terminal, so that the second user terminal can use the private key of the second user terminal to sign the first data, and obtain a signed data, and transmitting the signed data to the first user terminal;
接收单元,配置为接收所述签名后数据;a receiving unit, configured to receive the signed data;
解密单元,配置为利用所述第二用户终端的公钥,对所述签名后数据进行解密后,得到第二数据;The decrypting unit is configured to use the public key of the second user terminal to decrypt the signed data to obtain second data;
判断单元,配置为判断所述第二数据与所述第一数据是否相同,如果相同,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The determining unit is configured to determine whether the second data is the same as the first data. If the same, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
优选地,所述对所述第二用户终端的身份进行验证通过所述语音通话所采用的语音链路进行。Preferably, the verifying the identity of the second user terminal is performed by using a voice link used by the voice call.
优选地,还包括:Preferably, the method further comprises:
生成模块,配置为当所述验证结果为身份验证成功时,生成一随机数作为密码,所述密码用于加解密所述第一用户终端与所述第二用户终端之间利用所述语音链路交互的语音数据; a generating module, configured to generate a random number as a password when the verification result is successful, and the password is used to encrypt and decrypt the voice chain between the first user terminal and the second user terminal Voice data for road interaction;
加密模块,配置为利用所述第一用户终端的公钥,对所述密码进行加密后得到一第一密文;The encryption module is configured to use the public key of the first user terminal to encrypt the password to obtain a first ciphertext;
发送模块,配置为将所述第一密文发送给所述第一用户终端,使得所述第一用户终端能够接收所述第一密文,并利用所述第一用户终端的私钥对所述第一密文解密后还原得到所述密码。a sending module, configured to send the first ciphertext to the first user terminal, so that the first user terminal can receive the first ciphertext, and use the private key of the first user terminal The first ciphertext is decrypted and restored to obtain the password.
本发明实施例还提供一种包括以上所述的通话装置的用户终端。An embodiment of the present invention further provides a user terminal including the foregoing call device.
本发明实施例还提供一种计算机存储介质,所述计算机存储介质中存储有可执行指令,所述可执行指令用于执行以上所述的通话方法。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores executable instructions, and the executable instructions are used to execute the call method described above.
从以上所述可以看出,本发明实施例至少具有如下有益效果:As can be seen from the above, the embodiments of the present invention have at least the following beneficial effects:
使用户在判定对端通话用户身份有问题时能够结束本次通话,从而防止了用户身份被篡改,保证了通话安全。The user can end the call when it is determined that there is a problem with the identity of the peer call user, thereby preventing the user identity from being tampered and ensuring the call security.
附图说明DRAWINGS
图1表示本发明实施例提供的一种信号混合输出方法的步骤流程图;1 is a flow chart showing the steps of a signal mixing output method according to an embodiment of the present invention;
图2表示本发明实施例的较佳实施方式的可信的认证中心主要功能;2 shows the main functions of a trusted authentication center in accordance with a preferred embodiment of the present invention;
图3是本发明实施例的较佳实施方式的证书的生成;3 is a diagram of generating a certificate according to a preferred embodiment of the present invention;
图4是本发明实施例的较佳实施方式的实际应用中各节点的连接关系;4 is a connection relationship of each node in an actual application according to a preferred embodiment of the present invention;
图5是本发明实施例的较佳实施方式的针对智能通话终端本发明的软件实现原理;5 is a software implementation principle of the present invention for an intelligent call terminal according to a preferred embodiment of the present invention;
图6是本发明实施例的较佳实施方式的在通话过程中数据加密和发送过程;6 is a data encryption and transmission process during a call according to a preferred embodiment of the present invention;
图7是本发明实施例的较佳实施方式的通话建立前的身份认证和密码协商过程;FIG. 7 is a process of identity authentication and password negotiation before a call is established according to a preferred embodiment of the present invention; FIG.
图8表示本发明实施例提供的一种信号混合输出装置的结构框图。FIG. 8 is a structural block diagram of a signal mixing output device according to an embodiment of the present invention.
具体实施方式detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合附图及具体实施例对本发明实施例进行详细描述。The embodiments of the present invention will be described in detail below with reference to the drawings and specific embodiments.
图1表示本发明实施例提供的一种信号混合输出方法的步骤流程图, 参照图1,本发明实施例提供一种保证通话安全的方法,包括如下步骤:1 is a flow chart showing the steps of a signal mixing output method according to an embodiment of the present invention. Referring to FIG. 1, an embodiment of the present invention provides a method for ensuring call security, including the following steps:
步骤101,在所述第一用户终端与一第二用户终端之间进行语音通话的过程中,对所述第二用户终端的身份进行验证,获取一验证结果;Step 101: During the voice call between the first user terminal and a second user terminal, verify the identity of the second user terminal, and obtain a verification result.
步骤102,当所述验证结果为身份验证成功时,保持所述语音通话;Step 102: When the verification result is that the identity verification is successful, maintaining the voice call.
步骤103,当所述验证结果为身份验证失败时,结束所述语音通话。Step 103: When the verification result is that the identity verification fails, the voice call ends.
所述方法应用于一第一用户终端。The method is applied to a first user terminal.
可见,通过上述方式,使得用户在判定对端通话用户身份有问题时能够结束本次通话,从而防止了用户身份被篡改,保证了通话安全。It can be seen that, in the above manner, the user can end the call when determining that there is a problem with the identity of the peer call user, thereby preventing the user identity from being tampered and ensuring the call security.
其中,用户终端例如:手机。The user terminal is, for example, a mobile phone.
本发明实施例中,所述对所述第二用户终端的身份进行验证,获取一验证结果可通过多种方式实现,举例如下:In the embodiment of the present invention, the verifying the identity of the second user terminal, and obtaining a verification result may be implemented in multiple manners, as follows:
<方式一><Mode 1>
所述对所述第二用户终端的身份进行验证,获取一验证结果可包括:The verifying the identity of the second user terminal, and obtaining a verification result may include:
与所述第二用户终端和一认证中心交互,获取一签名后数字证书,所述签名后数字证书由所述第二用户终端从所述认证中心申请到第一数字证书后,利用所述认证中心的私钥对所述第一数字证书签名后得到并保存到所述认证中心的服务器中;Interacting with the second user terminal and an authentication center to obtain a signed digital certificate, after the signed digital certificate is applied by the second user terminal from the authentication center to the first digital certificate, using the authentication The private key of the center is obtained by signing the first digital certificate, and is saved to a server of the authentication center;
利用所述认证中心的根证书,对所述第一数字证书进行验证,如果验证成功,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The first digital certificate is verified by using the root certificate of the certificate authority. If the verification is successful, the verification result is that the identity verification is successful. Otherwise, the verification result is that the identity verification fails.
<方式二><Method 2>
所述对所述第二用户终端的身份进行验证,获取一验证结果可包括:The verifying the identity of the second user terminal, and obtaining a verification result may include:
生成一第一数据;Generating a first data;
将所述第一数据发送给所述第二用户终端,使得所述第二用户终端能够利用所述第二用户终端的私钥,对所述第一数据进行签名后,得到一签名后数据,并将所述签名后数据发送给所述第一用户终端;Transmitting the first data to the second user terminal, so that the second user terminal can use the private key of the second user terminal to sign the first data, and obtain a signed data. And sending the signed data to the first user terminal;
接收所述签名后数据;Receiving the signed data;
利用所述第二用户终端的公钥,对所述签名后数据进行解密后,得到第二数据; Decrypting the signed data by using a public key of the second user terminal to obtain second data;
判断所述第二数据与所述第一数据是否相同,如果相同,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。Determining whether the second data is the same as the first data. If the same, the verification result is that the authentication is successful. Otherwise, the verification result is an identity verification failure.
其中,所述第二用户终端的私钥和公钥可以分别预先保存在所述第二用户终端和所述第一用户终端中,也可以分别由所述第二用户终端和所述第一用户终端从所述认证中心获得。The private key and the public key of the second user terminal may be pre-stored in the second user terminal and the first user terminal, respectively, or may be respectively performed by the second user terminal and the first user. The terminal is obtained from the certification center.
本发明实施例中,所述对所述第二用户终端的身份进行验证具体可通过所述语音通话所采用的语音链路进行。In the embodiment of the present invention, the verifying the identity of the second user terminal may be performed by using a voice link used by the voice call.
优选地,还可包括:Preferably, it may further comprise:
当所述验证结果为身份验证成功时,生成一随机数作为密码,所述密码用于加解密所述第一用户终端与所述第二用户终端之间利用所述语音链路交互的语音数据;When the verification result is that the authentication is successful, generating a random number as a password, the password is used to encrypt and decrypt the voice data that is exchanged between the first user terminal and the second user terminal by using the voice link. ;
利用所述第一用户终端的公钥,对所述密码进行加密后得到一第一密文;Encrypting the password by using a public key of the first user terminal to obtain a first ciphertext;
将所述第一密文发送给所述第一用户终端,使得所述第一用户终端能够接收所述第一密文,并利用所述第一用户终端的私钥对所述第一密文解密后还原得到所述密码。Transmitting the first ciphertext to the first user terminal, so that the first user terminal is capable of receiving the first ciphertext, and using the private key of the first user terminal to the first ciphertext The password is restored after decryption.
为将本发明实施例阐述得更加清楚明白,下面提供本发明实施例的较佳实施方式。In order to make the embodiments of the present invention more clearly understood, the preferred embodiments of the embodiments of the present invention are provided below.
本较佳实施方式提供一种基于数字证书防止来电欺骗以及通话窃听的方法。The preferred embodiment provides a method for preventing call spoofing and call eavesdropping based on a digital certificate.
本较佳实施方式涉及一种保证语音电话通话安全的方法,防止接听电话时来电号码的伪装或者欺骗,以及防止通话内容被窃听,更具体的说,利用数字证书技术对通话双方的身份进行验证,以及在通话开始前协商通话密钥,加密通话内容,保证通话内容的安全性。The preferred embodiment relates to a method for ensuring the security of a voice telephone call, preventing camouflage or spoofing of the caller number when answering the call, and preventing the call content from being eavesdropped, and more specifically, verifying the identity of both parties by using digital certificate technology. And negotiate the call key before the call starts, encrypt the call content, and ensure the security of the call content.
数字证书技术在计算机安全领域得到广泛使用,利用密码学原理可以唯一确认数字证书拥有者的身份,所以在电话通话中可以利用数字证书技术确认对方的身份。Digital certificate technology is widely used in the field of computer security. The principle of cryptography can be used to uniquely confirm the identity of the owner of a digital certificate. Therefore, digital certificate technology can be used to confirm the identity of the other party during a telephone call.
除了来电号码欺骗的风险外,在语音通话交流过程中还存在被窃听的可能,打电话会涉及公司机密或者个人因私,如果通话内容被第三方窃听 到会对通话者造成损失。如果对通话内容进行加密,即使通话数据被拿到,也无法获取其真是内容,加密时会有密钥可靠性问题,利用数字证书的非对称加密技术可以协商出可靠的密码。In addition to the risk of caller number spoofing, there is still the possibility of eavesdropping during the voice call exchange. The call will involve company secrets or personal privacy, if the call content is eavesdropped by a third party. It will cause losses to the caller. If the content of the call is encrypted, even if the call data is obtained, the content cannot be obtained. When the encryption is performed, there is a problem of key reliability. The asymmetric encryption technology using the digital certificate can negotiate a reliable password.
本较佳实施方式利用密码学原理,确保在使用电信语音业务中,通话双方的身份可信,以及确保通话内容的保密性。The preferred embodiment utilizes cryptographic principles to ensure that the identity of both parties to the call is trusted in the use of telecommunications voice services, as well as ensuring the confidentiality of the content of the call.
本较佳实施方式采用以下技术方案,首先建立可信的认证中心,简称CA,该CA负责数字证书的生成,和签发,证书下载,和证书注销。身份敏感的一个群体,可以每个人在该CA申请一个数字证书,证书主要包含证书ID,电话号码,有效日期,和持有人的身份等信息。每个证书对应一对RSA加密算法的密钥,公钥在证书内公开,私钥只有证书拥有者持有。当电话接通时,主叫和被叫都需要用证书的密钥进行身份验证,同时协商后续通话的加密密码。The preferred embodiment adopts the following technical solutions, first establishing a trusted authentication center, referred to as CA, which is responsible for the generation of digital certificates, and issuance, certificate downloading, and certificate cancellation. An identity-sensitive group, each of whom can apply for a digital certificate at the CA. The certificate mainly contains information such as the certificate ID, telephone number, expiration date, and identity of the holder. Each certificate corresponds to a pair of RSA encryption algorithm keys, the public key is disclosed in the certificate, and the private key is only held by the certificate owner. When the call is connected, both the calling party and the called party need to use the certificate's key for authentication and negotiate the encrypted password of the subsequent call.
本较佳实施方式主要有认证中心(CA,Certificate Authority)和话机终端实现,CA包括证书生成模块,证书存储模块,证书下载模块,证书注销模块;话机终端由身份认证模块,密钥协商模块,以及脉冲编码调制(PCM,Pulse Code Modulation)加密模块组成。The preferred embodiment is mainly implemented by a certificate authority (CA) and a phone terminal. The CA includes a certificate generation module, a certificate storage module, a certificate download module, and a certificate cancellation module. The phone terminal is an identity authentication module and a key negotiation module. And a pulse code modulation (PCM, Pulse Code Modulation) encryption module.
基本操作步骤如下:The basic steps are as follows:
步骤A:建立数字认证中心(CA),并公开该CA的证书和加密公钥;Step A: Establish a digital certificate authority (CA), and expose the certificate and encryption public key of the CA;
步骤B:用户通过CA申请数字证书,并用CA的私钥给证书签名;Step B: The user applies for a digital certificate through the CA, and signs the certificate with the private key of the CA;
步骤C:将证书保存到CA服务器,以及公开用户的数字证书和公钥;Step C: save the certificate to the CA server, and publicize the user's digital certificate and public key;
步骤D:用户A通过任意运营商或者途径打电话给B;Step D: User A calls B through any operator or way;
步骤E:B电话振铃显示A的来电号码;Step E: B phone rings to display the caller number of A;
步骤F:电话接通后,A通过PCM的语音通道,将自己的证书ID发给B,B也将证书ID发给A;Step F: After the phone is connected, A sends its own certificate ID to B through the voice channel of the PCM, and B also sends the certificate ID to A;
步骤G:A、B双方根据对方的证书ID,通过CA下载对方的证书,并获取对方的公钥。Step G: Both A and B download the certificate of the other party through the CA according to the certificate ID of the other party, and obtain the public key of the other party.
步骤H:A、B获取到对方证书后,用CA的根证书对彼此的证书进行验证;假如验证失败,通话立刻结束;Step H: After obtaining the certificate of the other party, A and B use the root certificate of the CA to verify each other's certificate; if the verification fails, the call ends immediately;
步骤I:A生成随机数R.A,并将B的电话号N.B追加在随机数上组成 (R.A+N.B),发送给B;Step I: A generates a random number R.A, and adds B's telephone number N.B to the random number. (R.A+N.B), sent to B;
步骤J:B收到(R.A+N.B)后,用自己的私钥对其进行签名,并将签名结果SIGN-(R.A+N.B)发送给A;Step J: After receiving (R.A+N.B), B signs it with its own private key, and sends the signature result SIGN-(R.A+N.B) to A;
步骤K:A收到B的SIGN-(R.A+N.B)签名结果后,用B的公钥进行验证,和原始的(R.A+N.B)进行比较,如果错误通话结束;Step K: After receiving the SIGN-(R.A+N.B) signature result of B, A uses B's public key for verification, and compares with the original (R.A+N.B), if the wrong call ends;
步骤L:B生成随机数R.B,并将A的电话号N.A追加在随机数上组成(R.B+N.A),发送给A;Step L: B generates a random number R.B, and adds A's telephone number N.A to a random number (R.B+N.A), and sends it to A;
步骤M:A收到(R.B+N.A)后,用自己的私钥对其进行签名,并将签名结果SIGN-(R.B+N.A)发送给B;Step M: After receiving (R.B+N.A), A signs it with its own private key, and sends the signature result SIGN-(R.B+N.A) to B;
步骤N:B收到A的SIGN-(R.B+N.A)签名结果后,用A的公钥进行验证,和原始的(R.B+N.A)进行比较,如果错误通话结束;Step N: After receiving the SIGN-(R.B+N.A) signature result of A, B uses the public key of A to verify, and compares with the original (R.B+N.A), if the wrong call ends;
步骤O:B生成随机数KEY,将其用A的公钥加密生成密文Pub.A-KEY,发送给A;Step O: B generates a random number KEY, which is encrypted with the public key of A to generate a ciphertext Pub.A-KEY, which is sent to A;
步骤P:A用自己的私钥对Pub.A-KEY进行解密,还原KEY;Step P: A decrypts the Pub.A-KEY with its own private key, and restores the KEY;
步骤Q:A、B双方已经完成身份验证,和拥有协商到的密码KEY,后续通话,A将本端的原始语音PCM数据用KEY加密然后送给网络,B收到加密后的数据后用KEY解密,获取原始的PCM,然后就可以播放原始的语音数据获取到A端的语音;同样,B将本端的原始PCM数据用KEY加密发给A,A收到后用KEY解密,获取原始的PCM,然后播放获取得到B端的语音。Step Q: Both A and B have completed the authentication, and have the negotiated password KEY, subsequent call, A will encrypt the original voice PCM data of the local end with KEY and then send it to the network. After receiving the encrypted data, B decrypts it with KEY. The original PCM is obtained, and then the original voice data can be played to obtain the voice of the A end; likewise, B sends the original PCM data of the local end to the A with the KEY encryption, and after receiving the A, the KEY is decrypted to obtain the original PCM, and then Play to get the voice of the B end.
与相关技术相比较,对来电显示欺骗问题,只能靠被叫用户的警觉,以及运营商的监管,但是并没有从原理上彻底解决的方法。使用本方法,就可以使通话双方的身份达到绝对的信任目的;对通话窃听问题来说,对普通的固定电话网络来说,是非常不安全的,整个网络上的语音数据都是明文,随时可以被窃听。对于目前发展的移动网络来说,网络对物理信道进行编码处理达到安全效果,但是如果运营商的核心网络部分被不法分子控制,也会有被窃听的风险。智能手机也会被植入窃听软件,目前只能通过杀毒软件进行检查木马程序,但是如果病毒库没有及时更新,就会有新型木马程序被植入进行窃听。使用本方法,整个PCM通路,从硬件获取的 语音信号会立刻被加密,直到对端被转换成语音信号之前才解密,所以整个网络通路上都是以密文传输,从哪个节点进行窃听,获取到的数据都无法还原出来语音信号,所以,以上所有的窃听问题都可以得到解决。Compared with related technologies, the problem of caller ID fraud can only rely on the alert of the called user and the supervision of the operator, but there is no way to completely solve the problem in principle. By using this method, the identity of both parties of the call can be absolutely trusted. For the problem of call eavesdropping, it is very insecure for the ordinary fixed telephone network, and the voice data on the entire network is plain text, at any time. Can be eavesdropped. For the currently developed mobile network, the network encodes the physical channel to achieve security effects, but if the operator's core network part is controlled by criminals, there is also the risk of eavesdropping. Smartphones will also be embedded in eavesdropping software. At present, Trojans can only be checked by anti-virus software, but if the virus database is not updated in time, a new Trojan will be implanted for eavesdropping. Using this method, the entire PCM path is obtained from the hardware. The voice signal will be encrypted immediately, until the peer end is converted into a voice signal before decryption, so the entire network path is transmitted in ciphertext, from which node to eavesdrop, the acquired data can not restore the voice signal, so All of the above eavesdropping problems can be solved.
下面结合附图给出优选实施例,对本较佳实施方式使用场景、设计原理详细说明:The preferred embodiments are given below in conjunction with the accompanying drawings, and the usage scenarios and design principles of the preferred embodiment are described in detail:
如图2所示,认证中心需要负责证书生成,提供证书下载,证书存储,和证书注销功能,用户加入可信群体,需要在CA申请数字证书,图3所示,CA根据用户提交的信息和电话号码,生成标准的X.509证书格式,并用CA的私钥进行签名,生成的证书可以分发给用户,以及保留在CA存储服务器。用户退出可信群体,需要注销证书,CA需要在存储服务器中标记该证书被注销。在使用过程中,用户可以根据证书ID现在某个具体证书,CA可以根据证书状态返回给证书文件,或者证书不存在或者已经被注销的错误信息。As shown in Figure 2, the certificate authority needs to be responsible for certificate generation, certificate download, certificate storage, and certificate logout. Users join the trusted group and need to apply for digital certificates in the CA. As shown in Figure 3, the CA submits information according to the user. The phone number, which generates a standard X.509 certificate format, is signed with the CA's private key, and the generated certificate can be distributed to the user and retained on the CA storage server. If the user quits the trusted group, the certificate needs to be revoked. The CA needs to mark the certificate in the storage server and is logged out. During use, the user can return a certificate to the certificate file according to the certificate ID, or the error message that the certificate does not exist or has been logged out.
图4所示,两个通话用户和CA在建立通话过程中需要相互通讯,终端用户和CA通讯需要通过internet连接,可以采用手机的Wi-Fi连接,或者3G/4G的数据业务,两个用户之间在建立安全语音通道前的身份认证和密码协商需要通过,通过原始的PCM语音通道实现;As shown in Figure 4, the two call users and the CA need to communicate with each other during the establishment of the call. The end user and the CA communication need to be connected via the internet, and the Wi-Fi connection of the mobile phone or the 3G/4G data service can be used. The identity authentication and password negotiation before establishing a secure voice channel need to pass through the original PCM voice channel;
图5所示,在智能终端中本发明的软件分为两个部分,一个是证书认证和密码协商,在应用层通过应用处理器(AP,Application Processor)实现,另外一个是语音加密部分,在内核中通过AP实现,AP与可以与基带处理器(BP,Baseband Processor)有些恶意软件会采集电话录音,并将其通过网络发出,所以加密模块放在内核部分,声卡设备驱动采集到PCM语音后,马上就会加密,所以通过应用层采集到的语音数据都是加密的。证书认证和密码协商用来验证对方的身份,如果身份不可信通话立刻结束,身份认证完成后,和对方协商加密密码,获取密码后,将密码传递给内核的加密模块,加密和解密PCM数据;图6所示的成功获取密码后,语音数据的传递过程麦克风采集语音信号,通过硬件转换为数字信号,软件驱动获取到PCM数据后马上加密,加密后数据长度不变,所以还是按照原来的数据格式和速率发送到网络传递,对方收到加密后的数据后,在内核进行 解密,解密后得到原始的PCM数据,由声卡驱动将PCM数据交给硬件进行还原语音信号;As shown in FIG. 5, the software of the present invention is divided into two parts in the smart terminal, one is certificate authentication and password negotiation, and is implemented in the application layer by an application processor (AP, Application Processor), and the other is a voice encryption part. The kernel is implemented by the AP. The AP and some baseband processors (BP, Baseband Processor) can collect the phone recording and send it through the network. Therefore, the encryption module is placed in the kernel part, and the sound card device driver collects the PCM voice. It will be encrypted immediately, so the voice data collected through the application layer is encrypted. Certificate authentication and password negotiation are used to verify the identity of the other party. If the identity untrusted call ends immediately, after the identity authentication is completed, the encrypted password is negotiated with the other party. After obtaining the password, the password is passed to the kernel's encryption module to encrypt and decrypt the PCM data. After the successful acquisition of the password shown in Figure 6, the voice data is transmitted through the microphone to collect the voice signal, which is converted into a digital signal by hardware. The software driver obtains the PCM data and encrypts it immediately. After the encryption, the data length does not change, so the original data is still used. The format and rate are sent to the network for delivery. After the other party receives the encrypted data, it is processed in the kernel. Decrypting, decrypting to obtain the original PCM data, and the sound card driver transfers the PCM data to the hardware to restore the voice signal;
图7所示,本发明在应用中的整个详细过程,根据前面所述内容,认证中心CA建立,以及A和B均在CA申请了证书,并且A、B都拥有和自己证书对应的RAS私钥密码。A拨打B的电话,B振铃,并接听电话,此时原始的PCM语音链路已经打通,后续A/B双方数据交互全部通过这个链路。As shown in FIG. 7, the entire detailed process of the present invention in the application, according to the foregoing, the certification center CA is established, and both A and B apply for a certificate at the CA, and both A and B have a RAS private corresponding to their own certificate. Key password. A dials B's phone, B rings, and answers the call. At this point, the original PCM voice link has been opened, and the subsequent A/B data exchanges all pass through this link.
A/B双方通过PCM语音通道传输数据的方法:双方电话接通后会有双向的PCM发送和接收通道,A->B和B->A。按照0x7E开始,和0x7E结尾的通用方式封装要发送的数据。一组数据最后一个字节作为CRC校验,如果校验错误,需要有重发机制。用0x7E仅仅在身份认证和密码协商阶段,密码协商完成之后不需要用0x7E封装数据。需要提出的是,本发明只适合于传递语音编码无压缩以及无损耗的通讯网络。The method of transmitting data through the PCM voice channel by both A/B parties: after the two parties are connected, there will be two-way PCM transmission and reception channels, A->B and B->A. The data to be sent is encapsulated starting with 0x7E and in the general way ending with 0x7E. The last byte of a set of data is used as a CRC check. If the checksum is incorrect, a retransmission mechanism is required. With 0x7E only in the authentication and password negotiation phase, there is no need to wrap the data with 0x7E after the password negotiation is completed. It is to be noted that the present invention is only suitable for delivering voice-coded uncompressed and lossless communication networks.
证书下载和验证:A将证书ID发送给B,B也将自己的证书ID发送给A,B向CA发送下载A的证书请求,CA首先根据证书ID查询证书是否存在,如果不存在,发送错误,然后检查该证书是否被注销,如果被注销返回错误,如果证书存在并且合法,则给B返回A的证书文件,B拿到A的证书文件后,收先用CA的公钥对证书进行验证,如果证书验证失败,退出通话。然后提取出证书中的电话号码,和来电号码进行对比,如果证书中电话号码和来电号码不匹配,通话结束。A以上述同样的方式,验证B的证书和电话号码;Certificate download and verification: A sends the certificate ID to B, and B also sends its own certificate ID to A. B sends a certificate request to download the A to the CA. The CA first queries the certificate according to the certificate ID. If it does not exist, the error is sent. Then check whether the certificate is logged out. If it is logged out, it returns an error. If the certificate exists and is legal, then B returns A's certificate file. After B gets the certificate file of A, it uses the CA's public key to verify the certificate. If the certificate verification fails, exit the call. Then extract the phone number in the certificate and compare it with the caller number. If the phone number and the caller number in the certificate do not match, the call ends. A verify the certificate and telephone number of B in the same manner as above;
身份验证:通过上面的方法,A、B拿到了对方的合法证书,A随后生成随机数R.A,将其和B的号码N.B组成数据发送给B,B对其签名后将签名结果SIGN(R.A+N.B)发送给A,A用B的证书对签名结果进行验证,如果签名正确,说明B的身份合法。同样,B生成随机数R.B,将其和A的号码N.A组成数据发送给A,A对其签名后将签名结果SIGN(R.B+N.A)发送给B,B用A的证书对签名结果进行验证,如果签名正确,说明A的身份合法。Authentication: Through the above method, A and B get the legal certificate of the other party, A then generates the random number RA, and sends the data of the number NB of the B and B to B, and the signature result is SIGN (R. A+NB) is sent to A, and A uses B's certificate to verify the signature result. If the signature is correct, B's identity is legal. Similarly, B generates a random number RB, sends it and A's number NA composition data to A, A signs it and sends the signature result SIGN(R.B+NA) to B, and B uses A's certificate to perform the signature result. Verify that if the signature is correct, the identity of A is legal.
密码协商:A生成随机数KEY,并用B的公钥加密,发送给B,B对 其解密获取KEY;Password negotiation: A generates a random number KEY and encrypts it with B's public key and sends it to B and B. Its decryption acquires KEY;
进行安全通话:双方得到KEY后,用KEY对要发送给对方的PCM码流进行加密,采用DES或者AES算法,得到的密文长度和原始的PCM数据长度相等,所以网络传输的方法不需要做任何改动,还是按照以前的码流速率和方法传输数据。接收方按照不变的速率接收到相同长度的密文,对其用KEY进行解密,获取到原始的PCM数据,然后转换为原始声音信号。To make a secure call: After both parties get the KEY, use KEY to encrypt the PCM stream to be sent to the other party. Using DES or AES algorithm, the obtained ciphertext length is equal to the original PCM data length, so the network transmission method does not need to be done. Any changes are still transmitted in accordance with the previous code rate and method. The receiver receives the ciphertext of the same length at a constant rate, decrypts it with the KEY, acquires the original PCM data, and then converts it into the original sound signal.
图8表示本发明实施例提供的一种信号混合输出装置的结构框图,参照图8,本发明实施例还提供一种保证通话安全的装置,包括:FIG. 8 is a structural block diagram of a signal mixing output device according to an embodiment of the present invention. Referring to FIG. 8 , an embodiment of the present invention further provides a device for ensuring call security, including:
验证模块,配置为在所述第一用户终端与一第二用户终端之间进行语音通话的过程中,对所述第二用户终端的身份进行验证,获取一验证结果;The verification module is configured to verify the identity of the second user terminal and obtain a verification result during a voice call between the first user terminal and a second user terminal;
保持模块,配置为当所述验证结果为身份验证成功时,保持所述语音通话;a maintaining module configured to maintain the voice call when the verification result is that the authentication is successful;
结束模块,配置为当所述验证结果为身份验证失败时,结束所述语音通话。And ending the module, configured to end the voice call when the verification result is that the authentication fails.
所述装置应用于一第一用户终端。The device is applied to a first user terminal.
可见,通过上述方式,使得用户在判定对端通话用户身份有问题时能够结束本次通话,从而防止了用户身份被篡改,保证了通话安全。It can be seen that, in the above manner, the user can end the call when determining that there is a problem with the identity of the peer call user, thereby preventing the user identity from being tampered and ensuring the call security.
本发明实施例中,所述验证模块可包括:In the embodiment of the present invention, the verification module may include:
获取单元,配置为与所述第二用户终端和一认证中心交互,获取一签名后数字证书,所述签名后数字证书由所述第二用户终端从所述认证中心申请到第一数字证书后,利用所述认证中心的私钥对所述第一数字证书签名后保存到所述认证中心的服务器中;An acquiring unit, configured to interact with the second user terminal and an authentication center to obtain a signed digital certificate, where the signed digital certificate is applied by the second user terminal from the authentication center to the first digital certificate And signing the first digital certificate by using a private key of the authentication center, and saving the first digital certificate to a server of the authentication center;
验证单元,配置为利用所述认证中心的根证书,对所述第一数字证书进行验证,如果验证成功,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The verification unit is configured to use the root certificate of the certificate authority to verify the first digital certificate. If the verification is successful, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
本发明实施例中,所述验证模块可包括:In the embodiment of the present invention, the verification module may include:
生成单元,配置为生成一第一数据;Generating a unit configured to generate a first data;
发送单元,配置为将所述第一数据发送给所述第二用户终端,使得所 述第二用户终端能够利用所述第二用户终端的私钥,对所述第一数据进行签名后,得到一签名后数据,并将所述签名后数据发送给所述第一用户终端;a sending unit, configured to send the first data to the second user terminal, so that The second user terminal can use the private key of the second user terminal to sign the first data, obtain a signed data, and send the signed data to the first user terminal;
接收单元,配置为接收所述签名后数据;a receiving unit, configured to receive the signed data;
解密单元,配置为利用所述第二用户终端的公钥,对所述签名后数据进行解密后,得到第二数据;The decrypting unit is configured to use the public key of the second user terminal to decrypt the signed data to obtain second data;
判断单元,配置为判断所述第二数据与所述第一数据是否相同,如果相同,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The determining unit is configured to determine whether the second data is the same as the first data. If the same, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
本发明实施例中,所述对所述第二用户终端的身份进行验证具体可通过所述语音通话所采用的语音链路进行。。In the embodiment of the present invention, the verifying the identity of the second user terminal may be performed by using a voice link used by the voice call. .
优选地,还可包括:Preferably, it may further comprise:
生成模块,配置为当所述验证结果为身份验证成功时,生成一随机数作为密码,所述密码用于加解密所述第一用户终端与所述第二用户终端之间利用所述语音链路交互的语音数据;a generating module, configured to generate a random number as a password when the verification result is successful, and the password is used to encrypt and decrypt the voice chain between the first user terminal and the second user terminal Voice data for road interaction;
加密模块,配置为利用所述第一用户终端的公钥,对所述密码进行加密后得到一第一密文;The encryption module is configured to use the public key of the first user terminal to encrypt the password to obtain a first ciphertext;
发送模块,配置为将所述第一密文发送给所述第一用户终端,使得所述第一用户终端能够接收所述第一密文,并利用所述第一用户终端的私钥对所述第一密文解密后还原得到所述密码。a sending module, configured to send the first ciphertext to the first user terminal, so that the first user terminal can receive the first ciphertext, and use the private key of the first user terminal The first ciphertext is decrypted and restored to obtain the password.
参见图5,装置中的模块可以处理器(CPU)、微处理器(MCU)实现。Referring to Figure 5, the modules in the device can be implemented by a processor (CPU), a microprocessor (MCU).
本发明实施例还提供一种用户终端,所述用户终端包括以上所述的保证通话安全的装置。An embodiment of the present invention further provides a user terminal, where the user terminal includes the foregoing device for ensuring call security.
本发明实施例还提供一种计算机存储介质,所述计算机存储介质中存储有可执行指令,所述可执行指令用于执行图1所示的通话方法。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores executable instructions, and the executable instructions are used to execute the call method shown in FIG.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、随机存取存储器(RAM,Random  Access Memory)、只读存储器(ROM,Read-Only Memory)、磁碟或者光盘等各种可以存储程序代码的介质。A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to the program instructions. The foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The steps of the foregoing method embodiments are included; and the foregoing storage medium includes: a mobile storage device, a random access memory (RAM, Random) A variety of media that can store program code, such as Access Memory), Read-Only Memory (ROM), disk, or optical disk.
或者,本发明上述集成的单元如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实施例的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本发明各个实施例所述方法的全部或部分。而前述的存储介质包括:移动存储设备、RAM、ROM、磁碟或者光盘等各种可以存储程序代码的介质。Alternatively, the above-described integrated unit of the present invention may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product, which is stored in a storage medium and includes a plurality of instructions for making A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the methods described in various embodiments of the present invention. The foregoing storage medium includes various media that can store program codes, such as a mobile storage device, a RAM, a ROM, a magnetic disk, or an optical disk.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。 The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims (12)

  1. 一种保证通话安全的方法,包括:A method of securing calls, including:
    在第一用户终端与一第二用户终端之间进行语音通话的过程中,对所述第二用户终端的身份进行验证,获取一验证结果;During the process of performing a voice call between the first user terminal and a second user terminal, verifying the identity of the second user terminal to obtain a verification result;
    当所述验证结果为身份验证成功时,保持所述语音通话;And maintaining the voice call when the verification result is that the identity verification is successful;
    当所述验证结果为身份验证失败时,结束所述语音通话。When the verification result is that the authentication fails, the voice call is ended.
  2. 根据权利要求1所述的方法,其中,所述对所述第二用户终端的身份进行验证,获取一验证结果包括:The method of claim 1, wherein the verifying the identity of the second user terminal, obtaining a verification result comprises:
    与所述第二用户终端和一认证中心交互,获取一签名后数字证书,所述签名后数字证书由所述第二用户终端从所述认证中心申请到第一数字证书后,利用所述认证中心的私钥对所述第一数字证书签名后得到并保存到所述认证中心的服务器中;Interacting with the second user terminal and an authentication center to obtain a signed digital certificate, after the signed digital certificate is applied by the second user terminal from the authentication center to the first digital certificate, using the authentication The private key of the center is obtained by signing the first digital certificate, and is saved to a server of the authentication center;
    利用所述认证中心的根证书,对所述第一数字证书进行验证,如果验证成功,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The first digital certificate is verified by using the root certificate of the certificate authority. If the verification is successful, the verification result is that the identity verification is successful. Otherwise, the verification result is that the identity verification fails.
  3. 根据权利要求1所述的方法,其中,所述对所述第二用户终端的身份进行验证,获取一验证结果包括:The method of claim 1, wherein the verifying the identity of the second user terminal, obtaining a verification result comprises:
    生成一第一数据;Generating a first data;
    将所述第一数据发送给所述第二用户终端,使得所述第二用户终端利用所述第二用户终端的私钥,对所述第一数据进行签名后,得到一签名后数据,并将所述签名后数据发送给所述第一用户终端;Transmitting the first data to the second user terminal, so that the second user terminal uses the private key of the second user terminal to sign the first data, and obtains a signed data, and Transmitting the signed data to the first user terminal;
    接收所述签名后数据;Receiving the signed data;
    利用所述第二用户终端的公钥,对所述签名后数据进行解密后,得到第二数据;Decrypting the signed data by using a public key of the second user terminal to obtain second data;
    判断所述第二数据与所述第一数据是否相同,如果相同,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。Determining whether the second data is the same as the first data. If the same, the verification result is that the authentication is successful. Otherwise, the verification result is an identity verification failure.
  4. 根据权利要求1所述的方法,其中,所述对所述第二用户终端的身份进行验证通过所述语音通话所采用的语音链路进行。 The method of claim 1 wherein said verifying said identity of said second user terminal is performed over a voice link employed by said voice call.
  5. 根据权利要求4所述的方法,其中,还包括:The method of claim 4, further comprising:
    当所述验证结果为身份验证成功时,生成一随机数作为密码,所述密码用于加解密所述第一用户终端与所述第二用户终端之间利用所述语音链路交互的语音数据;When the verification result is that the authentication is successful, generating a random number as a password, the password is used to encrypt and decrypt the voice data that is exchanged between the first user terminal and the second user terminal by using the voice link. ;
    利用所述第一用户终端的公钥,对所述密码进行加密后得到一第一密文;Encrypting the password by using a public key of the first user terminal to obtain a first ciphertext;
    将所述第一密文发送给所述第一用户终端,使得所述第一用户终端能够接收所述第一密文,并利用所述第一用户终端的私钥对所述第一密文解密后还原得到所述密码。Transmitting the first ciphertext to the first user terminal, so that the first user terminal is capable of receiving the first ciphertext, and using the private key of the first user terminal to the first ciphertext The password is restored after decryption.
  6. 一种保证通话安全的装置,包括:A device for ensuring the security of a call, comprising:
    验证模块,配置为在所述第一用户终端与一第二用户终端之间进行语音通话的过程中,对所述第二用户终端的身份进行验证,获取一验证结果;The verification module is configured to verify the identity of the second user terminal and obtain a verification result during a voice call between the first user terminal and a second user terminal;
    保持模块,配置为当所述验证结果为身份验证成功时,保持所述语音通话;a maintaining module configured to maintain the voice call when the verification result is that the authentication is successful;
    结束模块,配置为当所述验证结果为身份验证失败时,结束所述语音通话。And ending the module, configured to end the voice call when the verification result is that the authentication fails.
  7. 根据权利要求6所述的装置,其中,所述验证模块包括:The apparatus of claim 6 wherein said verification module comprises:
    获取单元,配置为与所述第二用户终端和一认证中心交互,获取一签名后数字证书,所述签名后数字证书由所述第二用户终端从所述认证中心申请到第一数字证书后,利用所述认证中心的私钥对所述第一数字证书签名后得到并保存到所述认证中心的服务器中;An acquiring unit, configured to interact with the second user terminal and an authentication center to obtain a signed digital certificate, where the signed digital certificate is applied by the second user terminal from the authentication center to the first digital certificate And signing the first digital certificate by using a private key of the authentication center, obtaining and saving the server to the server of the authentication center;
    验证单元,配置为利用所述认证中心的根证书,对所述第一数字证书进行验证,如果验证成功,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The verification unit is configured to use the root certificate of the certificate authority to verify the first digital certificate. If the verification is successful, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
  8. 根据权利要求6所述的装置,其中,所述验证模块包括:The apparatus of claim 6 wherein said verification module comprises:
    生成单元,配置为生成一第一数据;Generating a unit configured to generate a first data;
    发送单元,配置为将所述第一数据发送给所述第二用户终端,使得所述第二用户终端利用所述第二用户终端的私钥,对所述第一数据进行签名后,得到一签名后数据,并将所述签名后数据发送给所述第一用户终端; a sending unit, configured to send the first data to the second user terminal, so that the second user terminal uses the private key of the second user terminal to sign the first data, and obtain a Post-signature data, and sending the signed data to the first user terminal;
    接收单元,配置为接收所述签名后数据;a receiving unit, configured to receive the signed data;
    解密单元,配置为利用所述第二用户终端的公钥,对所述签名后数据进行解密后,得到第二数据;The decrypting unit is configured to use the public key of the second user terminal to decrypt the signed data to obtain second data;
    判断单元,配置为判断所述第二数据与所述第一数据是否相同,如果相同,则所述验证结果为身份验证成功,否则,所述验证结果为身份验证失败。The determining unit is configured to determine whether the second data is the same as the first data. If the same, the verification result is that the identity verification succeeds. Otherwise, the verification result is an identity verification failure.
  9. 根据权利要求6所述的方法,其中,所述对所述第二用户终端的身份进行验证具体通过所述语音通话所采用的语音链路进行。The method of claim 6, wherein said verifying the identity of said second user terminal is performed by a voice link employed by said voice call.
  10. 根据权利要求9所述的装置,其中,还包括:The apparatus according to claim 9, further comprising:
    生成模块,配置为当所述验证结果为身份验证成功时,生成一随机数作为密码,所述密码用于加解密所述第一用户终端与所述第二用户终端之间利用所述语音链路交互的语音数据;a generating module, configured to generate a random number as a password when the verification result is successful, and the password is used to encrypt and decrypt the voice chain between the first user terminal and the second user terminal Voice data for road interaction;
    加密模块,配置为利用所述第一用户终端的公钥,对所述密码进行加密后得到一第一密文;The encryption module is configured to use the public key of the first user terminal to encrypt the password to obtain a first ciphertext;
    发送模块,配置为将所述第一密文发送给所述第一用户终端,使得所述第一用户终端能够接收所述第一密文,并利用所述第一用户终端的私钥对所述第一密文解密后还原得到所述密码。a sending module, configured to send the first ciphertext to the first user terminal, so that the first user terminal can receive the first ciphertext, and use the private key of the first user terminal The first ciphertext is decrypted and restored to obtain the password.
  11. 一种用户终端,包括如权利要求6至10中任一权利要求所述的通话装置。A user terminal comprising the communication device according to any one of claims 6 to 10.
  12. 一种计算机存储介质,所述计算机存储介质中存储有可执行指令,所述可执行指令用于执行权利要求1至5任一项所述的通话方法。 A computer storage medium having stored therein executable instructions for performing the method of calling according to any one of claims 1 to 5.
PCT/CN2015/075398 2014-11-25 2015-03-30 Conversation method and apparatus, user terminal and computer storage medium WO2016082401A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410689894.XA CN105704711A (en) 2014-11-25 2014-11-25 Method for ensuring call communication security, device and user terminal
CN201410689894.X 2014-11-25

Publications (1)

Publication Number Publication Date
WO2016082401A1 true WO2016082401A1 (en) 2016-06-02

Family

ID=56073458

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/075398 WO2016082401A1 (en) 2014-11-25 2015-03-30 Conversation method and apparatus, user terminal and computer storage medium

Country Status (2)

Country Link
CN (1) CN105704711A (en)
WO (1) WO2016082401A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112423298A (en) * 2020-11-25 2021-02-26 公安部交通管理科学研究所 Identity authentication system and method for road traffic signal management and control facility
CN113868628A (en) * 2021-10-19 2021-12-31 南方电网数字电网研究院有限公司 Signature verification method and device, computer equipment and storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109861946B (en) * 2017-11-30 2021-07-23 中国电信股份有限公司 Method and system for verifying calling number and call receiving equipment
CN112000938B (en) * 2020-07-15 2022-11-29 国网山东省电力公司信息通信公司 Power grid dispatching identity authentication method and system based on multimode identification
CN111970407A (en) * 2020-08-28 2020-11-20 深圳鑫想科技有限责任公司 Method and system for effectively preventing telecommunication fraud
CN115037470A (en) * 2021-03-03 2022-09-09 中国电信股份有限公司 Method, device and system for authenticating calling information

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080034217A1 (en) * 2006-07-18 2008-02-07 Bellsouth Intellectual Property Corporation Security For A Personal Communication Device
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system
CN104065648A (en) * 2014-06-05 2014-09-24 天地融科技股份有限公司 Data processing method of voice communication

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1905445B (en) * 2005-07-27 2012-02-15 国际商业机器公司 System and method of speech identification using mobile speech identification card
CN102480713B (en) * 2010-11-25 2014-05-28 中国移动通信集团河南有限公司 Method, system and device for communication between sink node and mobile communication network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080034217A1 (en) * 2006-07-18 2008-02-07 Bellsouth Intellectual Property Corporation Security For A Personal Communication Device
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system
CN104065648A (en) * 2014-06-05 2014-09-24 天地融科技股份有限公司 Data processing method of voice communication

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112423298A (en) * 2020-11-25 2021-02-26 公安部交通管理科学研究所 Identity authentication system and method for road traffic signal management and control facility
CN112423298B (en) * 2020-11-25 2022-01-18 公安部交通管理科学研究所 Identity authentication system and method for road traffic signal management and control facility
CN113868628A (en) * 2021-10-19 2021-12-31 南方电网数字电网研究院有限公司 Signature verification method and device, computer equipment and storage medium
CN113868628B (en) * 2021-10-19 2024-06-07 南方电网数字平台科技(广东)有限公司 Signature verification method, signature verification device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN105704711A (en) 2016-06-22

Similar Documents

Publication Publication Date Title
US7607012B2 (en) Method for securing a communication
JP3816337B2 (en) Security methods for transmission in telecommunications networks
US7269730B2 (en) Method and apparatus for providing peer authentication for an internet key exchange
WO2016082401A1 (en) Conversation method and apparatus, user terminal and computer storage medium
US9693226B2 (en) Method and apparatus for securing a connection in a communications network
EP1976322A1 (en) An authentication method
JP2010259074A (en) Secure session set up based on wireless application protocol
CN107294937A (en) Data transmission method, client and server based on network service
CN103974241A (en) Voice end-to-end encryption method aiming at mobile terminal with Android system
CA2661922A1 (en) Method and system for providing authentication service for internet users
JP2005515715A (en) Data transmission link
CN108599926B (en) HTTP-Digest improved AKA identity authentication system and method based on symmetric key pool
WO2019219862A1 (en) Internet of things security with multi-party computation (mpc)
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
WO2012024903A1 (en) Method for encrypting voice calls in mobile communication network, and system, terminal, and network side thereof
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN112672342B (en) Data transmission method, device, equipment, system and storage medium
CN110912686A (en) Secure channel key negotiation method and system
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
US6910129B1 (en) Remote authentication based on exchanging signals representing biometrics information
TW200537959A (en) Method and apparatus for authentication in wireless communications
CN108616350B (en) HTTP-Digest class AKA identity authentication system and method based on symmetric key pool
CN108040071B (en) Dynamic switching method for VoIP audio and video encryption key
Di Pietro et al. A two-factor mobile authentication scheme for secure financial transactions
CN113411187A (en) Identity authentication method and system, storage medium and processor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15862338

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15862338

Country of ref document: EP

Kind code of ref document: A1