WO2016204700A1 - System for secure transmission of voice communication via communication network and method of secure transmission of voice communication - Google Patents

System for secure transmission of voice communication via communication network and method of secure transmission of voice communication Download PDF

Info

Publication number
WO2016204700A1
WO2016204700A1 PCT/SK2016/050007 SK2016050007W WO2016204700A1 WO 2016204700 A1 WO2016204700 A1 WO 2016204700A1 SK 2016050007 W SK2016050007 W SK 2016050007W WO 2016204700 A1 WO2016204700 A1 WO 2016204700A1
Authority
WO
WIPO (PCT)
Prior art keywords
participant
communication device
network
called
calling
Prior art date
Application number
PCT/SK2016/050007
Other languages
English (en)
French (fr)
Inventor
Maximilián STRÉMY
Andrej ELIÁŠ
Martin JEDLIČKA
Original Assignee
Qintec A.S.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qintec A.S. filed Critical Qintec A.S.
Publication of WO2016204700A1 publication Critical patent/WO2016204700A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1059End-user terminal functionalities specially adapted for real-time communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment

Definitions

  • the invention falls within the field of telecommunications and specifically relates to a system for secure transmission of voice communication via a communication network and method for secure transmission of voice communication.
  • securing the content of voice communication represents an important safety requirement. Not only the safety of transmission of the communication content itself is important, but also the safety of participants of the communication process, i.e. their clear identification.
  • Another methods of secure transmission of voice communication include so-called software encryption of communication, when the content of communication is encrypted by a software operating directly in a communication device that is running on the operating system.
  • the disadvantage of such solution is that the operating system or some application can be modified in order to make possible infiltration of the communication device and misuse of the communication content.
  • the consequence of these disadvantages is that a potential attacker can easily disrupt such communication using specific technical means, which can lead to tracking of the content of communication and subsequent misuse of the content of communication.
  • Another risk factor is the loss of one of the devices, which can result in that the identity of the participant of communication can be changed and such change can be used to obtain the content of communication.
  • the secure transmission refers to protection of transmitted data against their misuse by unauthorized person.
  • the system for secure transmission of voice communication via a communication network comprises at least: a wireless communication device of a calling participant, a network communication device of the calling participant, a central control unit, a network communication device of a called participant and a wireless communication device of the called participant.
  • the wireless communication devices of the calling participant and of the called participant are able to encrypt and/or decrypt the communication.
  • At least three memory registers are in each wireless communication device.
  • the wireless communication device of the calling participant is able to encrypt the voice communication by means of a public encryption key of the called participant.
  • the wireless communication device of the called participant is able to decrypt the voice communication by means of a private encryption key of the called participant.
  • the wireless communication device of the calling participant is connected via the communication network to the network communication device of the calling participant.
  • the wireless communication device of the called participant is connected via the communication network to the network communication device of the called participant.
  • the network communication devices of the calling participant and the called participant are each connected via the communication network to the central control unit.
  • In the network communication devices is a software serving for verifying the identity of the participant of the communication network when the connection to the central control unit via the communication network is created.
  • a private encryption key of the calling participant is stored in a memory register for the private encryption key of the calling participant in the wireless communication device of the calling participant.
  • a public encryption key of the calling participant is stored in a memory register for the public encryption key of the calling participant in the wireless communication device of the calling participant.
  • the public encryption key of the calling participant is also stored in a memory register for the public encryption key of the calling participant in the wireless communication device of the called participant.
  • the private encryption key of the called participant is stored in a memory register for the private encryption key of the called participant in the wireless communication device of the called participant.
  • the public encryption key of the called participant is stored in a memory register for the public encryption key of the called participant in the wireless communication device of the called participant.
  • the public encryption key of the called participant is also stored in a memory register for the public encryption key of the called participant in the wireless communication device of the calling participant.
  • encryption and decryption keys can be changed at any time at the request of the participants.
  • each wireless communication device has its own authentication code that is stored in a register for the authentication code.
  • the authentication code that is unique for each wireless communication device, it is possible to identify each wireless communication device connected to the network communication device, and thereby also within the communication network.
  • the authentication code also serves to block the specific wireless communication device when accessing the communication network in case of its loss or theft.
  • the use authentication code increases the overall security of the system according to this invention, since it represents another type of identification of the user of the communication network.
  • the wireless communication devices of the calling participant and the called participant comprise a central processing unit, a microphone, an ADC/DAC converter, a loud-speaker, a wireless module, the memory register for the public encryption key of the called participant, the memory register for the public encryption key of the calling participant, and the memory register for the private encryption key of the calling participant.
  • the wireless communication device of the calling participant includes also a memory register for the authentication code of the calling participant.
  • the wireless communication device of the called participant comprises a central processing unit, a microphone, an ADC/DAC converter, a loud-speaker, a wireless module, the memory register for the public encryption key of the calling participant, the memory register for the public encryption key of the called participant, and the memory register for the private encryption key of the called participant.
  • the wireless communication device of the called participant includes also a memory register for the authentication code of the called participant.
  • the communication network between the control unit and the network communication devices may be technically different from the communication network created between the wireless communication device and the network communication device of the same participant.
  • Technological nature of the communication network between the wireless communication device and network communication device of the same participant is inalterable, but as the communication network between the control unit and the network communication devices, any wireless network allowing data transmission and meeting the required communication parameters can be used, which is a great advantage of this invention.
  • the first type is the wireless communication device the main functions of which are encryption and decryption of the content of the voice communication, wireless transmission of encrypted digital signal into the network communication device, wireless reception of encrypted digital signal from the network communication device, creation and storing of a new pair of encryption keys.
  • Other functions include transformation of audio signal into digital signal, transformation of digital signal into audio signal.
  • the second type of the device is the network communication device. Its main functions include maintenance of communication link with the central control unit, wireless reception of encrypted digital signal from and into the wireless communication device. Other functions of the network communication device software include storing information about all participants of the communication network, such as the name of the participant, status of the participant (connected or not connected to the communication network) and the status of the wireless communication device of the participant (connected or not connected to the network communication device). Required functions of this type of device are available by means of specially designed and implemented the software, the function of which is also verifying the identity of the wireless communication module realized by means of entering the login data by the user into the software of the network communication device.
  • the third type of the device is the central control unit, the main functions of which are storing data about all participants of the communication network, such as name of the participant, status of the participant (connected or not connected to the communication network), status of the wireless communication device of the participant (connected or not connected to the network communication device), login data of the participant, authentication code of each wireless communication device in the communication network.
  • any number of the individual devices can be used, the only limitation is bandwidth of the communication network through which communication between the network communication devices of the calling participant and the called participant is performed and the ability of the central control unit to operate the required number of devices simultaneously in real time. All devices in said system are able to communicate bidirectionally and in real time.
  • a method of secure transmission of voice communication in the system for secure transmission of voice communication comprises the following steps:
  • the encrypted signal from the network communication device of the calling participant is further transmitted to the network communication device of the called participant. If the connection between the network communication device of the called participant and the wireless communication device of the called participant via the communication network is created, the encrypted signal is transmitted via this communication network to the wireless communication device of the called participant.
  • the encrypted signal is then processed by the central processing unit, which decrypts it by means of the private encryption key of the called participant.
  • the decrypted digital signal is transmitted to the ADC/DAC converter on the wireless communication device of the called participant, where it is converted to audio signal.
  • Transmission is performed in a similar manner also in the opposite direction - from the called participant to the calling participant.
  • the main advantage of the present invention lies in a higher level of security as the central control unit does not store any main decryption key, but the decryption keys are stored only on the individual wireless communication devices of the calling participant and of the called participant.
  • the whole process of secure transmission of voice communication via the system according to this invention takes place bidirectionally in real time, wherein it is not dependent on the type of the communication network between the network communication devices of the calling participant and the called participant and the central control unit.
  • Fig. 1 On Fig. 1 is shown a simplified scheme of the system for secure transmission of voice communication, which contains only devices of one calling participant and one called participant of communication.
  • Fig. 2 is schematically shown the wireless communication device of the calling participant.
  • Fig. 3 is schematically shown the wireless communication device of the called participant.
  • the system for secure transmission of voice communication via the communication network comprises the wireless communication device AJ, of the calling participant, the network communication device Bl of the calling participant, the central control unit C, the network communication device B2 of the called participant and the wireless communication device A2 of the called participant.
  • Four memory registers 106, 107, 108, 109; 206, 207, 208, 209 are in each wireless communication device AJ_ of the calling participant and each wireless communication device A2 of the called participant.
  • the wireless communication device Al of the calling participant and the wireless communication device A2 of the called participant are equipped with the encryption and/or decryption key and are able to encrypt and/or decrypt the communication.
  • the wireless communication device Al of the calling participant is able to encrypt the voice communication by means of the public encryption key of the called participant.
  • the wireless communication device A2 of the called participant is able to decrypt the voice communication by means of the private encryption key of the called participant.
  • the wireless communication device AJ_ of the calling participant is connected via the communication network S2 with the network communication device BJ_ of the calling participant.
  • the wireless communication device A2 of the called participant is connected via the communication network S2 with the network communication device B2 of the called participant.
  • the network communication devices Bl , B2 of the calling participant and the called participant are connected via the communication network Si with the central control unit C.
  • the private encryption key of the calling participant is stored in the memory register 108 of the wireless communication device AJ_ of the calling participant.
  • the public encryption key of the calling participant is stored in the memory register 107 of the wireless communication device Al of the calling participant.
  • the private encryption key of the called participant is stored in the memory register 208 of the wireless communication device A2 of the called participant.
  • the public encryption key of the called participant is stored in the memory register 207 of the wireless communication device A2 of the called participant.
  • the public encryption key of the calling participant is also stored in the memory register 206 of the wireless communication device A2 of the called participant.
  • the public encryption key of the called participant is also stored in the memory register 106 of the wireless communication device AJ_ of the calling participant.
  • the private encryption key of the calling participant, the public encryption key of the calling participant, the private encryption key of the called participant and the public encryption key of the called participant can be changed at any time.
  • the wireless communication device Al of the calling participant has its own authentication code of the calling participant, which is stored in the memory register 109 for the authentication code of the calling participant and also in the memory registers of the central control unit C.
  • the wireless communication device A2 of the called participant has its own authentication code, which is stored in the memory register 209 for the authentication code of the called participant and also in the memory registers of the central control unit C.
  • the wireless communication device AJ_ of the calling participant comprises the central processing unit 101, the microphone 102, the ADC/DAC converter 103, the loud-speaker 104, the wireless module 105, the memory register 106 for the public encryption key of the called participant, the memory register 107 for the public encryption key of the calling participant, and the memory register 108 for the private encryption key of the calling participant, and the memory register 109 for the authentication code of the calling participant.
  • the wireless communication device A2 of the called participant comprises the central processing unit 201, the microphone 202, the ADC/DAC converter 203, the loud-speaker 204, the wireless module 205, the memory register 206 for the public encryption key of the calling participant, the memory register 207 for the public encryption key of the called participant, the memory register 208 for the private encryption key of the called participant, and the memory register 209 for the authentication code of the called participant.
  • the communication network SJ. is wireless and is technologically different from the communication network S2 which is also wireless.
  • the communication network Si is realized by Bluetooth technology and the communication network S2 is realized by HSDPA mobile network.
  • the authentication code of the calling participant is also used to block the wireless communication device AJ_ of the calling participant when accessing the communication network Si via the network communication device BJ_ of the calling participant and the authentication code of the called participant is also used to block the wireless communication device A2 of the called participant when accessing the communication network SJ_ via the network communication device B2 of the called participant.
  • This function can be used in case of loss or theft of the wireless communication device Al of the calling participant or the wireless communication device A2 of the called participant.
  • the system for secure transmission of voice communication via the communication network according to Example 1 was constructed.
  • the secure transmission of voice communication via the communication network begins by authentication of the participant when accessing the communication network Si, regardless of whether it is the calling participant or the called participant.
  • the calling participant enters his/her login data (username and password) into the software on the network communication device Bl of the calling participant.
  • These login data are sent via the communication network SI to the memory registers of the central control unit C, which verifies the participant by comparing login data entered by the user into the software on the network communication device ⁇ of the calling participant with the login data stored in the central control unit C. If the compared login data are identical, the central control unit C will allow access and communication of the participant, or the network communication device Bi of the calling participant or the network communication device B2 of the called participant, to the communication network Si or S2.
  • the authentication code of the calling participant or of the called participant is sent via the communication network S2 from the wireless communication device Al of the calling participant or the wireless communication device A2 of the called participant through the network communication device BJ_ of the calling participant or the of the network communication device B2 of the called participant and via the communication network Si to the central control unit C which verifies whether it is identical to the authentication code assigned to the login data of the user stored on the central unit C.
  • the participant connected to the communication network SI can communicate with other network participants in secure manner.
  • the central control unit C will not allow communication of the participant with other network participants in secure manner.
  • the secure transmission of voice communication itself begins when the calling participant selects the called participant in the contact list on the network communication device BI of the calling participant and presses a button to initiate voice communication.
  • the software on the network communication device BJ_ of the calling participant sends the request for creation of transmission of voice communication to the called participant through the central control unit C. If the network communication device B2 of the called participant is available in the communication network Si and the wireless communication device A2 of the called participant is connected via the communication network S2 with the network communication device B2 of the called participant, then, as the first step, the central control unit C sends the request for generation of the new pair of encryption keys via the network communication device Bl of the calling participant to the wireless communication device Al of the calling participant.
  • the wireless communication device Al of the calling participant generates simultaneously the new private key of the calling participant, which is saved to the memory register 108, and also the new public key of the calling participant, which is saved to the memory register 107, and the new public key of the calling participant is sent through the network communication device Bl of the calling participant via the communication network Si to the network communication device B2 of the called participant, and from there to the wireless communication device A2 of the called participant, where the new public key of the calling participant is saved to the memory register 206.
  • the central control unit C sends the request for generation of the new pair of encryption keys via the network communication device B2 of the called participant to the wireless communication device A2 of the called participant.
  • the wireless communication device A2 of the called participant generates simultaneously the new private key of the called participant, which is saved to the memory register 208, and also the new public key of the called participant, which is saved to the memory register 207. and the new public key of the called participant is sent through the network communication device B2 of the called communication participant via the communication network SJ_ to the network communication device BJ_ of the calling participant and from there to the wireless communication device Al of the calling participant, where the new public key of the called participant is saved to the memory register 106.
  • the central control unit C creates the connection between the network communication device BJ_ of the calling participant and the network communication device B2 of the called participant, which is manifested by visual change on the display of the network communication device BJ_ of the calling participant and of the network communication device B2 of the called participant, and also in activating the microphone 102 and the loud-speaker 104 on the wireless communication device AJ_ of the calling participant and activating the microphone 202 and the loud-speaker 204 on the wireless communication device A2 of the called participant.
  • the audio signal received by the microphone 102 on the wireless communication device Al_ of the calling participant is transmitted to the ADC/DAC converter 103, where it is converted to digital signal.
  • This digital signal is further processed by the central processing unit 101 on the wireless communication device AJ_ of the calling participant, where it is encrypted by means of the encryption algorithm which uses for this purpose the public encryption key of the called participant stored in the memory register 106.
  • the digital signal encrypted in this way is sent through the wireless module 105 of the wireless communication device AJ_ of the calling participant via the communication network S2 to the wireless module of the network communication device ⁇ of the calling participant.
  • the network communication device BJ_ of the calling participant transmits the encrypted digital signal via the communication network SI to the network communication device B2 of the called participant.
  • the encrypted digital signal is transmitted via the communication network S2 to the wireless module 205 of the wireless communication device A2 of the called participant.
  • the software of the network communication device B2 of the called participant sends a message to the central control unit C, which sends it further to the network communication device BJ_ of the calling participant and the software visually notifies the calling participant that it is not possible to create secure transmission of voice communication content.
  • the encrypted digital signal is transmitted to the wireless communication device A2 of the called participant, it is processed by the central processing unit 201, which decrypts it by means of the private encryption key of the called participant from the memory register 208.
  • This decrypted digital signal is transmitted to the ADC/DAC converter 203 on the wireless communication device A2 of the called participant, where it is converted to audio signal that is reproduced to the called participant by means of the loud-speaker 204.
  • Example 2 The system for secure transmission of voice communication via the communication network according to Example 1 was constructed.
  • the transmission of voice communication in the direction from the called participant to the calling participant is performed in a similar manner as in Example 2.
  • the system for secure transmission of voice communication via the communication network can be used mainly for voice communication in the field of telecommunications.
  • the invention can be used mainly in voice communication of devices that communicate via the mobile communication network, but also for devices communicating via any other communication network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
PCT/SK2016/050007 2015-06-16 2016-06-14 System for secure transmission of voice communication via communication network and method of secure transmission of voice communication WO2016204700A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SKPUV50054-2015 2015-06-16
SK50054-2015U SK7505Y1 (sk) 2015-06-16 2015-06-16 Systém na zabezpečený prenos hlasovej komunikácie cez komunikačnú sieť a spôsob zabezpečeného prenosu hlasovej komunikácie

Publications (1)

Publication Number Publication Date
WO2016204700A1 true WO2016204700A1 (en) 2016-12-22

Family

ID=55362095

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SK2016/050007 WO2016204700A1 (en) 2015-06-16 2016-06-14 System for secure transmission of voice communication via communication network and method of secure transmission of voice communication

Country Status (2)

Country Link
SK (1) SK7505Y1 (sk)
WO (1) WO2016204700A1 (sk)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302545A (zh) * 2017-08-16 2017-10-27 广东海翔教育科技有限公司 一种语音通信管理方法
CN113242538A (zh) * 2021-05-11 2021-08-10 深圳市创意者科技有限公司 一种蓝牙会议音箱的通讯语音信息加密系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236088A1 (en) * 2005-04-13 2006-10-19 Sbc Knowledge Ventures, L.P. Technique for encrypting communications
US20100166178A1 (en) * 2008-12-31 2010-07-01 Verizon Patent And Licensing Inc. Method and system for securing packetized voice transmissions

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236088A1 (en) * 2005-04-13 2006-10-19 Sbc Knowledge Ventures, L.P. Technique for encrypting communications
US20100166178A1 (en) * 2008-12-31 2010-07-01 Verizon Patent And Licensing Inc. Method and system for securing packetized voice transmissions

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302545A (zh) * 2017-08-16 2017-10-27 广东海翔教育科技有限公司 一种语音通信管理方法
CN113242538A (zh) * 2021-05-11 2021-08-10 深圳市创意者科技有限公司 一种蓝牙会议音箱的通讯语音信息加密系统

Also Published As

Publication number Publication date
SK7505Y1 (sk) 2016-08-01
SK500542015U1 (en) 2016-03-01

Similar Documents

Publication Publication Date Title
CN105978917B (zh) 一种用于可信应用安全认证的系统和方法
CN102215221B (zh) 从移动设备对计算机的安全远程唤醒、引导及登录的方法和系统
EP2424185B1 (en) Method and device for challenge-response authentication
US20210070252A1 (en) Method and device for authenticating a user to a transportation vehicle
US8769289B1 (en) Authentication of a user accessing a protected resource using multi-channel protocol
US9621344B2 (en) Method and system for recovering a security credential
CN105634737B (zh) 一种数据传输方法、终端及其系统
CN1249637A (zh) 在无线系统中加密无线通信的方法
US8230218B2 (en) Mobile station authentication in tetra networks
CN1977559B (zh) 保护在用户之间进行通信期间交换的信息的方法和系统
CN101635924A (zh) 一种cdma端到端加密通信系统及其密钥分发方法
CN103036681A (zh) 一种密码安全键盘装置及系统
CN105592056A (zh) 用于移动设备的密码安全系统及其密码安全输入方法
CN101001143A (zh) 一种终端设备对系统设备进行认证的方法
EP2436164A1 (en) Method and equipment for establishing secure connection on communication network
WO2016204700A1 (en) System for secure transmission of voice communication via communication network and method of secure transmission of voice communication
US20150156173A1 (en) Communication system utilizing fingerprint information and use thereof
JPH11331181A (ja) ネットワーク端末認証装置
US9648495B2 (en) Method and device for transmitting a verification request to an identification module
US10181951B2 (en) Protected encryption key recovery
JPH10243470A (ja) 携帯電話機セキュリティコード割当システム及び方法
US11003744B2 (en) Method and system for securing bank account access
CN113079506B (zh) 网络安全认证方法、装置及设备
CN107864136A (zh) 一种防止系统短信服务被盗用的方法
WO2016030832A1 (en) Method and system for mobile data and communication security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16745877

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16745877

Country of ref document: EP

Kind code of ref document: A1