CN103986579B - A kind of data handling system of voice call - Google Patents
A kind of data handling system of voice call Download PDFInfo
- Publication number
- CN103986579B CN103986579B CN201410208562.5A CN201410208562A CN103986579B CN 103986579 B CN103986579 B CN 103986579B CN 201410208562 A CN201410208562 A CN 201410208562A CN 103986579 B CN103986579 B CN 103986579B
- Authority
- CN
- China
- Prior art keywords
- call
- authorization code
- call terminal
- user
- safety chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
The present invention provides a kind of data handling system of voice call, including:First output module, for exporting the first authorization code;Second output module, for exporting the second authorization code;First safety chip, for receiving the second encryption data, is decrypted to the second encryption data, obtains the second ciphertext data;First playing module, for playing the second ciphertext data;First reminding module, for pointing out to confirm the second ciphertext data;First safety chip, is additionally operable to receive the first confirmation instruction, starts encryption and decryption operation;Second safety chip, is additionally operable to receive the first encryption data, the first encryption data is decrypted, the first ciphertext data is obtained;Second playing module, for playing the first ciphertext data;Second reminding module, is additionally operable to prompting and the first ciphertext data is confirmed;Second safety chip, is additionally operable to receive the second confirmation instruction, starts encryption and decryption operation.
Description
Technical field
The present invention relates to electronic technology field, more particularly to a kind of data handling system of voice call.
Background technology
In the prior art, there is monitored possibility in the voice call between user, therefore current voice call is present
Security risk.It is the call key by the TF card memory storages on mobile phone by the way of in the prior art for security risk
To voice encryption, the protection to voice call is realized.But it is black in actual applications, if call terminal is mounted with Malware
Visitor can steal the call key in TF cards by Malware, and then crack the voice messaging after encryption, cause call terminal
Speech data leakage risk, therefore how safety progresss voice encryption operate be technical problem urgently to be resolved hurrily;In addition,
There is monitored possibility in voice call in the prior art, therefore the monitored possibility of reduction voice call is equally urgently to solve
Technical problem certainly.
The content of the invention
The present invention provides a kind of data handling system of voice call, main purpose be to solve above-mentioned technical problem it
One.
The present invention provides a kind of data handling system of voice call, and the system includes:First safety chip, for generating
First negotiation information, and the first negotiation information to the first call terminal is sent by the first communication interface;Wherein, the first safe core
Piece is located in the first safety means, and the first safety means are connected with the first call terminal, and independently of the first call terminal;Second
Safety chip, converses eventually for generating the second negotiation information, and sending the second negotiation information by the second communication interface to second
End;Wherein, the second safety chip is located in the second safety means, and the second safety means are connected with the second call terminal, and independent
In the second call terminal;First safety chip, is additionally operable to receive the first call terminal is sent second by the first communication interface
Negotiation information;Second safety chip, is additionally operable to receive the first negotiation letter that the second call terminal is sent by the second communication interface
Breath;First safety chip, is additionally operable to calculate the first negotiation information and the second negotiation information, obtains the first call key;
Wherein, the first call key is used for the progress encryption and decryption operation of the voice call to the user of the first call terminal;Second safe core
Piece, is additionally operable to calculate the first negotiation information and the second negotiation information, obtains the second call key;Wherein, the second call
Key is used for the voice call to the user of the second call terminal and carries out encryption and decryption operation;First output module, for exporting the
One authorization code;Wherein, wherein the first authorization code is the first safety chip according to the first call key generation, the first output module
In the first safety means, or, in the first call terminal;First reminding module, for pointing out to the first authorization code
Read aloud;Wherein, the first reminding module is located in the first safety means, or, in the first call terminal;First safety
Chip, the user for being additionally operable to obtain the first call terminal reads aloud result to the first authorization code, obtains the first acoustic information;Utilize
First acoustic information is encrypted first call key, obtains the first encryption data, and send out by the first communication interface
Send the first encryption data;Second output module, for exporting the second authorization code;Wherein, the second authorization code is the second safety chip
Generated according to the second call key, the second output module is located in the second safety means, or, positioned at the second call terminal
In;Second reminding module, for pointing out to read aloud the second authorization code;Wherein, the second reminding module is located at the second safety and set
In standby, or, in the second call terminal;Second safety chip, is additionally operable to obtain the user of the second call terminal to second
Authorization code reads aloud result, obtains second sound information;Second sound information is encrypted using the second call key,
The second encryption data is obtained, and the second encryption data is sent by the second communication interface;First safety chip, is additionally operable to passing through
First communication interface is received after the second encryption data, and the second encryption data is decrypted using the first call key, obtained
Second ciphertext data;First playing module, for playing the second ciphertext data;Wherein, the first playing module is located at the first safety
In equipment, or, in the first call terminal;First reminding module, is additionally operable to prompting according to the first authorization code to playing out
The second ciphertext data confirmed;First safety chip, is additionally operable in the prompting of the first reminding module according to the first authorization code pair
After the second ciphertext data played out is confirmed, if the first safety chip receives the first confirmation instruction, startup utilizes the
Voice call of the one call key to the user of the first call terminal carries out encryption and decryption operation;Or, lead to starting using first
Talk about key to carry out after encryption and decryption operation the voice call of the user of the first call terminal, if the first safety chip receives the
One confirms instruction, and the voice call using the first call key to the user of the first call terminal proceeds encryption and decryption operation;
Second safety chip, is additionally operable to after the first encryption data is received by the second communication interface, utilizes the second call key pair
First encryption data is decrypted, and obtains the first ciphertext data;Second playing module, for playing the first ciphertext data;Wherein,
Second playing module is located in the second safety means, or, in the second call terminal;Second reminding module, is additionally operable to
Second output module exports the second authorization code and the second playing module is played after the first ciphertext data, points out according to the second authorization code
The first ciphertext data played out is confirmed;Second safety chip, is additionally operable in the prompting of the second reminding module according to second
After authorization code confirms to the first ciphertext data played out, if the second safety chip receives the second confirmation instruction, open
It is dynamic that encryption and decryption operation is carried out to the voice call of the user of the second call terminal using the second call key;Or, starting profit
Voice call with the second call key to the user of the second call terminal is carried out after encryption and decryption operation, if the second safety chip
The second confirmation instruction is received, the voice call using the second call key to the user of the second call terminal proceeds plus solution
Close operation.
In addition, the first output module, specifically for the first authorization code is converted into acoustic information, obtains the first authorization code
Acoustic information, and play the acoustic information of the first authorization code;Or, show the first authorization code.
In addition, the second output module, specifically for the second authorization code is converted into acoustic information, obtains the second authorization code
Acoustic information, and play the acoustic information of the second authorization code;Or, show the second authorization code.
In addition, the first safety chip, is additionally operable to detect the voice of the user of the first call terminal in the first safety chip
During end of conversation, the first call key is deleted;And/or, the second safety chip is additionally operable to detect second in the second safety chip
At the end of the voice call of the user of call terminal, the second call key is deleted.
In addition, the system also includes:First voice acquisition module, the user for gathering the first call terminal awards to first
Weighted code reads aloud result, obtains the first acoustic information, and send first acoustic information;Wherein, the first voice acquisition module is located at
In first safety means, or, in the first call terminal;First safety chip, specifically for obtaining the first voice collecting
The first acoustic information that module is sent.
In addition, the system also includes:Second voice acquisition module, the user for gathering the second call terminal awards to second
Weighted code reads aloud result, obtains second sound information, and send second sound information;Wherein, the second voice acquisition module is located at
In second safety means, or, in the second call terminal;Second safety chip, specifically for obtaining the second voice collecting
The second sound information that module is sent.
In addition, the length of the first authorization code is less than the length of the first call key, and/or, the length of the second authorization code is small
In the length of the second call key.
In addition, the first authorization code is used for the call key of unique mark first, and/or, the second authorization code is used for unique mark
Second call key.
In addition, the first reminding module, specifically for pointing out to be with the first authorization code to the authorization code in the second ciphertext data
It is no it is consistent confirmed, and the sound of the sound characteristic of authorization code and the user of the second call terminal are read aloud in the second ciphertext data
Whether sound feature is unanimously confirmed;Wherein, first confirms instruction to confirm that the authorization code in the second ciphertext data is awarded with first
Weighted code is consistent, and the sound characteristic of the sound characteristic of authorization code and the user of the second call terminal are read aloud in the second ciphertext data
Consistent instruction.
In addition, the second reminding module, specifically for pointing out to be with the second authorization code to the authorization code in the first ciphertext data
It is no it is consistent confirmed, and the sound of the sound characteristic of authorization code and the user of the first call terminal are read aloud in the first ciphertext data
Whether sound feature is unanimously confirmed;Wherein, second confirms instruction to confirm that the authorization code in the first ciphertext data is awarded with second
Weighted code is consistent, and the sound characteristic of the sound characteristic of authorization code and the user of the first call terminal are read aloud in the first ciphertext data
Consistent instruction.
Compared with call key is the mode generated on TF cards in the prior art, the system embodiment that the present invention is provided is led to
Generation call key is crossed on the safety means independently of call terminal, is reduced during voice encryption by malice on call terminal
The possibility of software attacks;And be the safety chip in safety means to generate, the high security based on safety chip, reduce
The possibility of call key from stealing, it is ensured that the security of voice encryption;In addition, in voice encryption, in safety chip
Encrypted using call key in portion so that call key is called in a security context, it is ensured that the safety of call key makes
With.
In voice encryption communication process, safety means point out basis by playing the ciphertext data from call opposite end
Authorization code confirms to the ciphertext data played out, realizes the confirmation of the identity information to opposite end of conversing so that user determines
Whether someone monitors for this call, improves and the success rate that the third party monitors is recognized in voice call, so as to reduce voice call
Monitored possibility, and when user determines that this voice call has third party's monitoring, user can take anti-monitoring in time
Safety measure prevent information leakage, improve the safety of data transfer in voice call.
Further, the ciphertext data from call opposite end is played on a security device, reduces malice on call terminal
The attack of software, it is ensured that voice call safety.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, being used required in being described below to embodiment
Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
The structural representation of the data handling system for the voice call that Fig. 1 provides for the present invention;
Fig. 2 is the schematic diagram of the first subsystem of the embodiment of the present invention one;
Fig. 3 is another schematic diagram of the first subsystem of the embodiment of the present invention one;
Fig. 4 is the schematic diagram of the second subsystem of the embodiment of the present invention one;
Fig. 5 is another schematic diagram of the second subsystem of the embodiment of the present invention one.
Embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on this
The embodiment of invention, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to protection scope of the present invention.
The embodiment of the present invention is described in further detail below in conjunction with accompanying drawing.
Embodiment one
A kind of structural representation of the data handling system embodiment for voice call that Fig. 1 provides for the present invention.Shown in Fig. 1
In system, the first safety means are connected by the first communication interface with the first call terminal, and the first call terminal passes through communication network
Network is connected with the second call terminal, and the second call terminal is connected by the second communication interface with the second safety means.Wherein, first
Safety chip is located in the first safety means, and the second safety chip is located in the second safety means.Knot based on system shown in Figure 1
Structure, is provided below following examples and system shown in Figure 1 is elaborated, and the system includes:
First safety chip, the first negotiation information is sent for generating the first negotiation information, and by the first communication interface
To the first call terminal;Wherein, the first safety chip is located in the first safety means, the first safety means and the first call terminal
It is connected, and independently of the first call terminal;
Second safety chip, the second negotiation information is sent for generating the second negotiation information, and by the second communication interface
To the second call terminal;Wherein, the second safety chip is located in the second safety means, the second safety means and the second call terminal
It is connected, and independently of the second call terminal;
First safety chip, is additionally operable to receive the second negotiation letter that the first call terminal is sent by the first communication interface
Breath;
Second safety chip, is additionally operable to receive the first negotiation letter that the second call terminal is sent by the second communication interface
Breath;
First safety chip, is additionally operable to calculate the first negotiation information and the second negotiation information, obtains the first call
Key;Wherein, the first call key is used for the progress encryption and decryption operation of the voice call to the user of the first call terminal;
Second safety chip, is additionally operable to calculate the first negotiation information and the second negotiation information, obtains the second call
Key;Wherein, the second call key is used for the progress encryption and decryption operation of the voice call to the user of the second call terminal;
First output module, for exporting the first authorization code;Wherein, wherein the first authorization code be the first safety chip according to
First call key generation, the first output module is located in the first safety means, or, in the first call terminal;
First reminding module, for pointing out to read aloud the first authorization code;Wherein, the first reminding module is located at the first peace
In full equipment, or, in the first call terminal;
First safety chip, the user for being additionally operable to obtain the first call terminal reads aloud result to the first authorization code, obtains
First acoustic information;The first acoustic information is encrypted using the first call key, the first encryption data is obtained, and lead to
Cross the first communication interface and send the first encryption data;
Second output module, for exporting the second authorization code;Wherein, the second authorization code is the second safety chip according to second
Converse what key was generated, the second output module is located in the second safety means, or, in the second call terminal;
Second reminding module, for pointing out to read aloud the second authorization code;Wherein, the second reminding module is located at the second peace
In full equipment, or, in the second call terminal;
Second safety chip, the user for being additionally operable to obtain the second call terminal reads aloud result to the second authorization code, obtains
Second sound information;Second sound information is encrypted using the second call key, the second encryption data is obtained, and lead to
Cross the second communication interface and send the second encryption data;
First safety chip, is additionally operable to after the second encryption data is received by the first communication interface, logical using first
Second encryption data is decrypted words key, obtains the second ciphertext data;
First playing module, for playing the second ciphertext data;Wherein, the first playing module is located at the first safety means
In, or, in the first call terminal;
First reminding module, is additionally operable to prompting and the second ciphertext data played out is confirmed according to the first authorization code;
First safety chip, is additionally operable to point out the second decryption according to the first authorization code to playing out in the first reminding module
After data are confirmed, if the first safety chip receives the first confirmation instruction, start using the first call key to first
The voice call of the user of call terminal carries out encryption and decryption operation;Or, conversed starting using the first call key first
The voice call of the user of terminal is carried out after encryption and decryption operation, if the first safety chip receives the first confirmation instruction, is utilized
Voice call of the first call key to the user of the first call terminal proceeds encryption and decryption operation;
Second safety chip, is additionally operable to after the first encryption data is received by the second communication interface, logical using second
First encryption data is decrypted words key, obtains the first ciphertext data;
Second playing module, for playing the first ciphertext data;Wherein, the second playing module is located at the second safety means
In, or, in the second call terminal;
Second reminding module, is additionally operable to export the second authorization code in the second output module and the second playing module plays first
After ciphertext data, point out to confirm the first ciphertext data played out according to the second authorization code;
Second safety chip, is additionally operable to point out the first decryption according to the second authorization code to playing out in the second reminding module
After data are confirmed, if the second safety chip receives the second confirmation instruction, start using the second call key to second
The voice call of the user of call terminal carries out encryption and decryption operation;Or, conversed starting using the second call key second
The voice call of the user of terminal is carried out after encryption and decryption operation, if the second safety chip receives the second confirmation instruction, is utilized
Voice call of the second call key to the user of the second call terminal proceeds encryption and decryption operation.
Wherein, the first reminding module, specifically for pointing out to be with the first authorization code to the authorization code in the second ciphertext data
It is no it is consistent confirmed, and the sound of the sound characteristic of authorization code and the user of the second call terminal are read aloud in the second ciphertext data
Whether sound feature is unanimously confirmed;First confirms instruction to confirm authorization code and the first authorization code one in the second ciphertext data
Cause, and read aloud in the second ciphertext data authorization code sound characteristic it is consistent with the sound characteristic of the user of the second call terminal
Instruction.
Wherein, the second reminding module, specifically for pointing out to be with the second authorization code to the authorization code in the first ciphertext data
It is no it is consistent confirmed, and the sound of the sound characteristic of authorization code and the user of the first call terminal are read aloud in the first ciphertext data
Whether sound feature is unanimously confirmed;Second confirms instruction to confirm authorization code and the second authorization code one in the first ciphertext data
Cause, and read aloud in the first ciphertext data authorization code sound characteristic it is consistent with the sound characteristic of the user of the first call terminal
Instruction.
Compared with call key is the mode generated on TF cards in the prior art, the system embodiment that the present invention is provided is led to
Generation call key is crossed on the safety means independently of call terminal, is reduced during voice encryption by malice on call terminal
The possibility of software attacks;And be the safety chip in safety means to generate, the high security based on safety chip, reduce
The possibility of call key from stealing, it is ensured that the security of voice encryption;In addition, in voice encryption, in safety chip
Encrypted using call key in portion so that call key is called in a security context, it is ensured that the safety of call key makes
With.
In voice encryption communication process, safety means point out basis by playing the ciphertext data from call opposite end
Authorization code confirms to the ciphertext data played out, realizes the confirmation of the identity information to opposite end of conversing so that user determines
Whether someone monitors for this call, improves and the success rate that the third party monitors is recognized in voice call, so as to reduce voice call
Monitored possibility, and when user determines that this voice call has third party's monitoring, user can take anti-monitoring in time
Safety measure prevent information leakage, improve the safety of data transfer in voice call.
Further, the ciphertext data from call opposite end is played on a security device, reduces malice on call terminal
The attack of software, it is ensured that voice call safety.
It is to be illustrated based on system shown in Figure 1 above, it is whole with the angle of the user of the first call terminal and the second call
The angle of the user at end, to corresponding module and the second call in systems of the first call terminal side in the system of embodiment one
Corresponding module is described further in systems for terminal side:
For ease of description, the first call terminal side structure that corresponding module is constituted in systems is hereafter referred to as the
One subsystem, is referred to as the second subsystem by the second call terminal side structure that corresponding module is constituted in systems.
Part I
First subsystem in the system of embodiment one is illustrated:
First, the first safety means and the first call terminal are illustrated:
First safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, it is integrated in
In wearable device;Certainly, the first safety means can also be the intelligent cipher key equipment USB Key with USB interface, support sound
What the intelligent cipher key equipment of frequency interface, intelligent cipher key equipment with function of Bluetooth communication etc. can be communicated with call terminal
Intelligent cipher key equipment, or, it is integrated in the intelligent cipher key equipment that can be communicated with call terminal.I.e. relative to the first call
Terminal, the first safety means are autonomous devices, and are not integrated on the first call terminal.
First communication interface can be wireless connection interface or wired connection interface.If the first communication interface
For wireless connection interface, then wireless communication module is built-in with the first safety means, can be Wi-Fi module, Wi-Fi
Direct modules, NFC module, bluetooth module or infrared module, such as the first safety means are bluetooth earphone;If first leads to
Letter interface is wired connection interface, then the first safety means can have data line, and the interface of data line can be sound
Frequency interface or USB interface, such as the first safety means are line control earphone.Certainly, the first safety means can also have nothing simultaneously
Line is connected and two kinds of functions of wired connection, i.e. the first safety means are built-in with wireless communication module, and are externally connected to data biography
Defeated line.
If being built-in with wireless communication module in the first safety means, the first safety means can by wireless connection with
First call terminal is connected;If the first communication interface is wired connection interface, the first safety means can pass through wired company
Connect and be connected with the first call terminal.
Wherein, the first call terminal is the terminal with voice call ability, can be traditional verbal system, such as fixed
Phone and cell phone or the terminal with function of network phone, such as PC, notebook computer and tablet personal computer.
2nd, the first negotiation information and the second negotiation information are illustrated:
First negotiation information is generated by the first safety chip in the first safety means, and in the prior art by first
Call terminal carries out key agreement and compared in itself, using independently of the first safety means of the first call terminal come complete consult,
Key agreement operation is reduced by the possibility of malware attacks in the first call terminal, and by first in the first safety means
Safety chip is more safe and reliable to generate the first negotiation information.
First safety chip is sent to the first call terminal after the first negotiation information is generated by the first communication interface,
First call terminal is sent to the second call terminal by communication network.
Second negotiation information be by the first call terminal receive the second call terminal transmission the second negotiation information after,
First safety chip is sent to by the first communication interface.
First safety chip sends the operation of the first negotiation information and receives the operation of the second negotiation information in execution sequence
Upper not obvious precedence relationship, can be performed simultaneously, can also successively be performed according to order.Wherein, the first negotiation information
It is referred to cipher key agreement algorithm of the prior art to set with the parameter information particular content in the second negotiation information, example
Such as, cipher key agreement algorithm ZRTP.
3rd, the first call key is illustrated:
First call cipher key calculation can be found in the calculation of cipher key agreement algorithm of the prior art to obtain, for example,
ZRTP.Wherein, the first call key can be stored in the first safety chip, to ensure the storage safety of the first call key;
For the first call key, the first safety chip in the first safety means is obtaining the first call key
Afterwards, the first call key can be used to ensure the safety of voice call between the first safety means and the second safety means, quite
On the basis of voice call in the prior art, voice encryption is set up between the first safety means and the second safety means and is led to
Road.
Wherein, the voice encryption passage that the present invention is provided is built upon between the first safety means and the second safety means
Passage, i.e., for the first safety means, voice encryption passage has sequentially passed through the first safety means, the first verbal system,
Two verbal systems and the second safety means, system architecture shown in Figure 1.It can thus be seen that the voice encryption of the present invention
Passage is built upon between safety means, therefore, is set up in the first call terminal and the second call terminal in call to call
During the entire process of end, the first call terminal and the second call terminal play a part of transparent data, reduce call terminal
The possibility of upper malware attacks, improves the safety of data transfer.
First safety chip, is additionally operable to detecting after the voice call of user of the first call terminal terminates, and deletes the
One call key.
After end of conversation, the first safety chip is destroyed the first call key used in this voice call and can reduced
First call key be stolen after by the possibility of irrational utilization, it is ensured that the operation of the first safety chip safety, same effectively profit
With the memory space of the first safety chip.
4th, the first output module and the first reminding module are illustrated:
1st, the first authorization code is exported to the first output module and the prompting of the first reminding module is read aloud the first authorization code
Illustrate:
First output module, specifically for the first authorization code is converted into acoustic information, obtains the sound of the first authorization code
Information, and play the acoustic information of the first authorization code;Or, show the first authorization code.
Wherein, the first output module can be the module with playing function, for example, loudspeaker or loudspeaker.
The data signal of first authorization code is sent to the first voice conversion module, the conversion of the first voice by the first safety chip
The data signal of first authorization code is converted into acoustic information by module, obtains the acoustic information of the first authorization code, and first is awarded
The acoustic information of weighted code is sent to the first output module, and the first output module plays the acoustic information of the first authorization code.Wherein,
One voice conversion module is located in the first safety means, or, in the first call terminal.
By the way that the first authorization code is changed, the acoustic information of the first authorization code is obtained, by playing the first authorization code
Acoustic information, reach output the first authorization code purpose.
Certainly, the first output module can also be the module with display function, such as display screen.
The data signal of first authorization code is sent to the first output module by the first safety chip, and the first output module is shown
First authorization code.
By showing the first authorization code, the purpose of the first authorization code of output is reached.
Wherein, the first reminding module can be the module with playing function, for example, loudspeaker or loudspeaker;It can also be
Module with display function, such as display screen.First reminding module and the first output module are same modules physically,
Can be two independent modules, and when the first reminding module and the first output module are two independent modules, Ke Yijun
In the first safety means, or in the first call terminal;Can also one of them be located at the first safety means in, another
In the first call terminal.
Wherein, the prompting of the first reminding module to the first authorization code read aloud and can awarded with the first output module output first
Weighted code is carried out simultaneously, for example, output " authorization code XXX " please be read aloud, wherein, XXX represents the content of the first authorization code.Wherein export
Mode can use broadcast mode or display mode.
Certainly, the prompting of the first reminding module to the first authorization code read aloud and can awarded with the first output module output first
Weighted code is separately carried out, for example, the information of " authorization code please be read aloud " is first exported, then export " information that authorization code is XXX ", or,
First output " information that authorization code is XXX ", then export the information of " authorization code please be read aloud ".The output side of wherein above-mentioned two information
Formula can be exported using broadcast mode or display mode, wherein the way of output of above-mentioned two information can be with identical, can also
It is different.
The first output module on the first call terminal that compares exports the first authorization code and/or the prompting of the first reminding module
The information read aloud the first authorization code, on the first safety means, the first output module exports the first authorization code and/or the
The information that the prompting of one reminding module is read aloud the first authorization code, it is possible to reduce malware attacks on the first call terminal
May, improve the safety of data transfer.
Wherein, the length of the first authorization code is less than the length of the first call key, and converses close for unique mark first
Key.
When the prompting of the first reminding module is read aloud the first authorization code, because the content read aloud is the first authorization code,
Not the first call key in itself, reduces the possibility that criminal steals the first call key when user reads aloud;In addition, the
One authorization code is generated according to the first call key, and the key that can be conversed with unique mark first, therefore communicating pair passes through
Whether the content for comparing authorization code is consistent, to determine whether call key is consistent used in communicating pair;Due to the first call
The digit of key is longer, by the first call key handling into the first authorization code so that the length of the first authorization code is compared with the first call
The length of key is short, reduces the content that user reads aloud, user-friendly.
2nd, the step that according to first authorization code to second ciphertext data that plays out is confirmed is pointed out the first reminding module
Rapid explanation:
The realization side that the prompting of first reminding module is confirmed according to the first authorization code to the second ciphertext data played out
Formula is similar to the implementation that the prompting of the first reminding module is read aloud the first authorization code, and here is omitted.
5th, the first acoustic information is obtained to the first safety chip to illustrate:
First safety chip, which obtains the first acoustic information, following two ways:
Mode A:System also includes:First voice acquisition module, the user for gathering the first call terminal awards to first
Weighted code reads aloud result, obtains the first acoustic information, and send first acoustic information;Wherein, the first voice acquisition module is located at
In first safety means;
First safety chip, specifically for obtaining the first sound that the first voice acquisition module is sent on the first safety means
Information.
In mode A, the first voice acquisition module can be Mike, gather to the first authorization code when reading aloud result,
It is acquired using the first voice acquisition module on the first safety means, it is possible to reduce Malware is attacked on the first call terminal
The possibility hit, it is ensured that the security of data acquisition.For example, when the first safety means are bluetooth earphone, can directly utilize bluetooth
The Mike of earphone is acquired to reading aloud result.
Mode B:System also includes:First voice acquisition module, the user for gathering the first call terminal awards to first
Weighted code reads aloud result, obtains the first acoustic information, and send first acoustic information;Wherein, the first voice acquisition module is located at
In first call terminal;
First safety chip, specifically for receiving the first voice collecting mould on the first call terminal by the first communication interface
The first acoustic information that block is sent.
The collection to reading aloud result is realized using the existing Mike of the first call terminal, it is convenient to realize, without pacifying to first
The hardware modification of full equipment is that the acquisition to reading aloud result can be achieved, and reduces the hardware cost of the first safety means.
Wherein, the sound for reading aloud user the first authorization code is acquired, and is obtained the first acoustic information, is actually gathered
Obtain two parts information, one be the output of the first safety means the first authorization code content, another is to read aloud first to award
The sound characteristic of the user of weighted code.
Sound characteristic wherein in first acoustic information is that the user of the first call terminal directly reads aloud first mandate
The user sound characteristic of itself during code, the content sources for identifying the first authorization code in first acoustic information are conversed in first
The user of terminal;It is not the sound spy that the sounding effect for the user for simulating first call terminal by speech simulation software is obtained
Levy.
Because the sound characteristic obtained when the sound characteristic that speech simulation software is simulated directly is read aloud with user is different, because
This is when playing above-mentioned two sound characteristic, and listener can be according to tone color, tone and the tone entrained by two sound characteristics
Deng customized information etc., the sound for the user for being real first call terminal is recognised that, so as to identify that carrying is authorized
Whether the acoustic information of code comes from the first call terminal.
6th, the operation of the first safety chip encryption and decryption is illustrated:
1st, the implementation that the first acoustic information is encrypted to the first encryption data by the first safety chip is as follows:
First acoustic information is sent to the first voice conversion module, the first voice conversion module by the first voice acquisition module
By the first acoustic information system into data signal, data to be verified are obtained, and data to be verified are sent to the first safety chip,
Data to be verified are encrypted using the first call key for first safety chip, obtain the first encryption data, and pass through
First communication interface sends the first encryption data.
Wherein, the effect of the first voice conversion module converts analog signals into data signal so that the first acoustic information
It can carry out data transmission in voice encryption passage.Wherein, the first voice acquisition module and the first voice conversion module are physics
On same module or two independent modules, and be in the first voice acquisition module and the first voice conversion module
During independent two modules, it can be respectively positioned in the first safety means, or in the first call terminal;Can also one of position
In the first safety means, another is located in the first call terminal.
Certainly, if the communication network between the first call terminal and the second call terminal supports the direct biography of analog signal
It is defeated, then by the first acoustic information system into the first encryption data during, the system not include the first voice conversion module.
Wherein, the first safety chip by the first communication interface after the first encryption data is sent, and the first call terminal leads to
Cross the first communication interface and receive the first encryption data, and the second call terminal is sent to by communication network.
2nd, the implementation that the second encryption data is processed into the second ciphertext data and played by the first safety means is as follows:
If the second encryption data is data signal, the first safety chip is using the first call key to the second encryption number
According to being decrypted, the second ciphertext data is obtained;First safety chip sends the second ciphertext data to the first voice conversion module, the
Second ciphertext data is converted into acoustic information by one voice conversion module, obtains the transformation result of the second ciphertext data, and by
The transformation result of two ciphertext datas is sent to the first playing module, and the first playing module plays the Change-over knot of the second ciphertext data
Really;
If the second encryption data is analog signal, the first safety chip is using the first call key to the second encryption number
According to being decrypted, the second ciphertext data is obtained, the second ciphertext data is sent to the first playing module, the first playing module is played
Second ciphertext data.
Wherein, the second encryption data is by communication network to be sent to the first call terminal by the second call terminal, and by
First call terminal is sent to the first safety chip by the first communication interface.
Wherein, the first playing module is played does not have between the second ciphertext data and the first output module the first authorization code of output
Obvious sequencing, can be performed simultaneously, can also successively be performed according to order.
7th, encryption and decryption operation is carried out to voice call to the first safety chip to illustrate:
Add with being encrypted to perform in difference, the present invention using the first call key by the first call terminal in the prior art
The main body of close operation is the first safety chip.Voice call is encrypted by the first safety chip, it is possible to reduce the first call
The possibility of malware attacks in terminal, improves the safety of data transfer.
And, obtained voice messaging is encrypted the first call key that the first safety chip is produced using itself, carries
High call safety.Specifically:
(1) executive agent of voice encryption is the first safety chip, because the first safety chip is in the first safety means
Portion, the first safety means are reduced during voice encryption by malice on the first call terminal independently of the first call terminal
The possibility of software attacks;In addition, carrying out language in the first safety means in the processor for the earphone in the prior art of comparing, the present invention
The executive agent of sound encryption is the first safety chip, because the computing that voice is encrypted and decrypted is in the first safety chip
Portion is completed, simply export encrypted result and decrypted result, it is to avoid data are cracked, therefore, processing more of the prior art
Device, the voice encryption intensity of the first safety chip is higher.
(2) the first call key is that the first safety chip is produced used in voice encryption, and the first safety chip will
First call key is stored in inside the first safety chip, reduces the possibility of the first call key from stealing, it is ensured that voice
The security of encryption;In addition, in voice encryption, being encrypted inside the first safety chip using the first call key so that
First call key is called in a security context, it is ensured that the safe handling of the first call key.
(3) encrypted object is the first voice acquisition module collection on the first safety means.The present invention utilizes the first peace
Full equipment carries out voice collecting, and the first safety means are reduced during voice collecting by first independently of the first call terminal
The possibility of malware attacks on call terminal.
As seen from the above, in voice encryption, whole cryptographic operation is all completed by the first safety means, without
Interacted with outside equipment, it is ensured that the security of cryptographic operation.
Certainly, the voice of the first safety means encryption can also be gathered by the first call terminal, and pass through the first communication
Interface obtains the voice collected.
It in summary it can be seen, first subsystem at least includes following module in the system of embodiment one:First safety chip,
First output module, the first reminding module, the first playing module and the first voice acquisition module.
First output module can be with play or display function module, the first reminding module can also be with broadcasting
Put or display function module, the first playing module be the module with playing function.
If the first output module and the first reminding module use playing function, the first output module and the first prompting
The function of module can be completed by the first playing module, therefore the first output module and the first reminding module are in embodiment one
It is not necessary module in first subsystem, is optional module, i.e., the first subsystem of embodiment one at least includes as follows
Module:First safety chip, the first playing module and the first voice acquisition module, wherein the corresponding hardware of the first playing module can
To be loudspeaker or loudspeaker, the first voice acquisition module can be Mikes.Due to the first playing module and the first voice collecting mould
Block can be located in the first safety means, or, the first playing module and the first voice acquisition module are respectively positioned on the first call
In terminal, it can be located at one of module in the first safety means, another module is located in the first call terminal, because
The structure of first subsystem of this embodiment one can have following several realizations:
S1:First safety means include the first safety chip;First call terminal includes the first playing module and the first language
Sound acquisition module;Referring specifically to the system architecture shown in Fig. 2.Fig. 2 is the schematic diagram of the first subsystem of the embodiment of the present invention one.
First subsystem shown in the Fig. 2 can be completed directly when realizing using the Mike of the first call terminal and loudspeaker, without to the
The hardware of one safety means and the first call terminal makees any change, and hardware cost is relatively low, realizes simple.
S2:First safety means include the first safety chip, the first playing module and the first voice acquisition module;Specific ginseng
System architecture as shown in Figure 3.Fig. 3 is another schematic diagram of the first subsystem of the embodiment of the present invention one.Shown in the Fig. 3
One subsystem is when realizing, because the voice and the second ciphertext data of broadcasting of the user of the first call terminal of collection are in independence
In being performed on the first safety means of the first call terminal, the attack of Malware on the first call terminal is reduced, is improved
The security of data;
S3:First safety means include the first safety chip and the first playing module;First call terminal includes the first language
Sound acquisition module.
S4:First safety means include the first safety chip and the first voice acquisition module;First call terminal includes the
One playing module.
If at least one in the first output module and the first reminding module uses display function, display function is used
Module be in the first subsystem of embodiment one it is essential, without using display function module embodiment one the first subsystem
It is optional.For example, the first reminding module uses display function, then at least include the first peace in the first subsystem of embodiment one
Full chip, the first reminding module, the first playing module and the first voice acquisition module;First output module and the first reminding module
Display function is used, then at least includes the first safety chip, the first output module, first in the first subsystem of embodiment one
Reminding module, the first playing module and the first voice acquisition module.
Compared with call key is the mode generated on TF cards in the prior art, the first of the offer of the embodiment of the present invention one
Subsystem is conversed key by generating first on the safety means independently of the first call terminal, during reducing voice encryption
By the possibility of malware attacks on the first call terminal;And be the first safety chip in the first safety means to generate
, based on the high security of the first safety chip, reduce the possibility of the first call key from stealing, it is ensured that voice encryption
Security;In addition, in voice encryption, being encrypted inside the first safety chip using the first call key so that first leads to
Words key is called in a security context, it is ensured that the safe handling of the first call key.
In addition, in voice encryption communication process, the first safety means are by playing second from the second call terminal
Ciphertext data, points out to confirm the second ciphertext data played out according to the first authorization code, realizes to the second call terminal
Identity information confirmation so that user determine this call whether someone monitor, improve and the third party recognized in voice call
The success rate of monitoring, so as to reduce the monitored possibility of voice call, and determines that this voice call has the third party in user
During monitoring, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve data transfer in voice call
Safety.
Further, the second ciphertext data from the second call terminal is played on the first safety means, is reduced
The attack of Malware on one call terminal, it is ensured that voice call safety.
Part II
Second subsystem in embodiment one is illustrated:
First, the second safety means and the second call terminal are illustrated:
Wherein, the second safety chip is sent to the second call after the second negotiation information is generated by the second communication interface
Terminal, the second call terminal is sent to the first call terminal by communication network.
Wherein, the second safety means can be the wearable devices such as intelligent glasses, intelligent watch, ear speaker device, or, collection
Into in wearable device, certainly, the second safety means can also be the intelligent cipher key equipment USB Key with USB interface, branch
Holding the intelligent cipher key equipment of COBBAIF, intelligent cipher key equipment with function of Bluetooth communication etc. can be led to call terminal
The intelligent cipher key equipment of letter, or, it is integrated in the intelligent cipher key equipment that can be communicated with call terminal;I.e. relative to second
Call terminal, the second safety means are autonomous devices, and are not integrated on the second call terminal.
Wherein, the second communication interface can be wireless connection interface or wired connection interface.If the second communication
Interface is wireless connection interface, then is built-in with wireless communication module in the second safety means, can be Wi-Fi module, Wi-Fi
Direct modules, NFC module, bluetooth module or infrared module, such as the second safety means are bluetooth earphone;If second leads to
Letter interface is wired connection interface, then the second safety means can have data line, and the interface of data line can be sound
Frequency interface or USB interface, such as the second safety means are line control earphone.Certainly, the second safety means can also have nothing simultaneously
Line is connected and two kinds of functions of wired connection, i.e. the second safety means are built-in with wireless communication module, and are externally connected to data biography
Defeated line.
If being built-in with wireless communication module in the second safety means, the second safety means can by wireless connection with
Second call terminal is connected;If the second communication interface is wired connection interface, the second safety means can pass through wired company
Connect and be connected with the second call terminal.
Wherein, the second call terminal is the terminal with voice call ability, can be traditional verbal system, such as fixed
Phone and cell phone or the terminal with function of network phone, such as PC, notebook computer and tablet personal computer.
2nd, the first negotiation information and the second negotiation information are illustrated:
Second negotiation information is generated by the second safety chip in the second safety means, and in the prior art by second
Call terminal carries out key agreement and compared in itself, using independently of the second safety means of the second call terminal come complete consult,
Key agreement operation is reduced by the possibility of malware attacks in the second call terminal, and by second in the second safety means
Safety chip is more safe and reliable to generate the second negotiation information.
First negotiation information be by the second call terminal receive the first call terminal transmission the first negotiation information after,
Second safety chip is sent to by the second communication interface.
Second safety chip sends the operation of the second negotiation information and receives the operation of the first negotiation information in execution sequence
Upper not obvious precedence relationship, can be performed simultaneously, can also successively be performed according to order.Wherein, the first negotiation information
It is referred to cipher key agreement algorithm of the prior art to set with the parameter information particular content in the second negotiation information, example
Such as, cipher key agreement algorithm ZRTP.
3rd, the second call key is illustrated:
Second call cipher key calculation can be found in the calculation of cipher key agreement algorithm of the prior art to obtain, for example,
ZRTP.Wherein, the second call key can be stored in the second safety chip, to ensure the storage safety of the second call key;
For the second call key, the second safety chip in the second safety means is obtaining the second call key
Afterwards, the second call key can be used to ensure the safety of voice call between the first safety means and the second safety means, quite
On the basis of voice call in the prior art, voice encryption is set up between the first safety means and the second safety means and is led to
Road.
Wherein, the voice encryption passage that the present invention is provided is built upon between the first safety means and the second safety means
Passage, i.e., for the second safety means, voice encryption passage has sequentially passed through the second safety means, the second verbal system,
One verbal system and the first safety means, system architecture shown in Figure 1.It can thus be seen that the voice encryption of the present invention
Passage is built upon between safety means, therefore, is set up in the first call terminal and the second call terminal in call to call
During the entire process of end, the first call terminal and the second call terminal play a part of transparent data, reduce call terminal
The possibility of upper malware attacks, improves the safety of data transfer.
Second safety chip, is additionally operable to detecting after the voice call of user of the second call terminal terminates, and deletes the
Two call keys.
After end of conversation, the second safety chip is destroyed the second call key used in this voice call and can reduced
Second call key be stolen after by the possibility of irrational utilization, it is ensured that the operation of the second safety chip safety, same effectively profit
With the memory space of the second safety chip.
4th, the second output module and the second reminding module are illustrated:
1st, the second authorization code is exported to the second output module and the prompting of the second reminding module is read aloud the second authorization code
Illustrate:
Second output module, specifically for the second authorization code is converted into acoustic information, obtains the sound of the second authorization code
Information, and play the acoustic information of the second authorization code;Or, show the second authorization code.
Wherein, the second output module can be the module with playing function, for example, loudspeaker or loudspeaker.
The data signal of second authorization code is sent to the second voice conversion module, the conversion of the second voice by the second safety chip
The data signal of second authorization code is converted into acoustic information by module, obtains the acoustic information of the second authorization code, and second is awarded
The acoustic information of weighted code is sent to the second output module, and the second output module plays the acoustic information of the second authorization code.Wherein,
Two voice conversion modules are located in the second safety means, or, in the second call terminal.
By the way that the second authorization code is changed, the acoustic information of the second authorization code is obtained, by playing the second authorization code
Acoustic information, reach output the second authorization code purpose.
Certainly, the second output module can also be the module with display function, such as display screen.
The data signal of second authorization code is sent to the second output module by the second safety chip, and the second output module is shown
Second authorization code.
By showing the second authorization code, the purpose of the second authorization code of output is reached.
After the second output module exports the second authorization code, the second reminding module and the second safety chip will perform following behaviour
Make:
Second reminding module, for after the second authorization code is exported, pointing out to read aloud the second authorization code;
Second safety chip, the user for being additionally operable to obtain the second call terminal reads aloud result to the second authorization code, obtains
Second sound information;Second sound information is encrypted using the second call key, the second encryption data is obtained, and lead to
Cross the second communication interface and send the second encryption data.
Wherein, the second reminding module can be the module with playing function, for example, loudspeaker or loudspeaker;It can also be
Module with display function, such as display screen.Second reminding module and the second output module can be same moulds physically
Block or two independent modules, and when the second reminding module and the second output module are two independent modules, can
To be respectively positioned in the second safety means, or in the second call terminal;Can also one of them be located at the second safety means in, separately
One is located in the second call terminal.
Wherein, the prompting of the second reminding module to the second authorization code read aloud and can awarded with the second output module output second
Weighted code is carried out simultaneously, for example, output " authorization code XXX " please be read aloud, wherein, XXX represents the content of the second authorization code.Wherein export
Mode can use broadcast mode or display mode.
Certainly, the prompting of the second reminding module to the second authorization code read aloud and can awarded with the second output module output second
Weighted code is separately carried out, for example, the information of " authorization code please be read aloud " is first exported, then export " information that authorization code is XXX ", or,
First output " information that authorization code is XXX ", then export the information of " authorization code please be read aloud ".The output side of wherein above-mentioned two information
Formula can be exported using broadcast mode or display mode, wherein the way of output of above-mentioned two information can be with identical, can also
It is different.
The second output module on the second call terminal that compares exports the second authorization code and/or the prompting of the second reminding module
The information read aloud the second authorization code, on the second safety means, the second output module exports the second authorization code and/or the
The information that the prompting of two reminding modules is read aloud the second authorization code, it is possible to reduce malware attacks on the second call terminal
May, improve the safety of data transfer.
Wherein, the length of the second authorization code is less than the length of the second call key, and converses close for unique mark second
Key.
When the prompting of the second reminding module is read aloud the second authorization code, because the content read aloud is the second authorization code,
Not the second call key in itself, reduces the possibility that criminal steals the second call key when user reads aloud;In addition, the
Two authorization codes are generated according to the second call key, and the key that can be conversed with unique mark second, therefore communicating pair passes through
Whether the content for comparing authorization code is consistent, to determine whether call key is consistent used in communicating pair;Due to the second call
The digit of key is longer, by the second call key handling into the second authorization code so that the length of the second authorization code is compared with the second call
The length of key is short, reduces the content that user reads aloud, user-friendly.
2nd, the second reminding module is pointed out to carry out confirmation progress to the first ciphertext data played out according to the second authorization code
Explanation:
So the second reminding module, specifically for point out to the authorization code in the first ciphertext data and the second authorization code whether
Unanimously confirmed, and the sound of the sound characteristic of authorization code and the user of the first call terminal are read aloud in the first ciphertext data
Whether feature is unanimously confirmed;
Wherein, second confirms instruction to confirm that the authorization code in the first ciphertext data is consistent with the second authorization code, Yi Ji
The instruction consistent with the sound characteristic of the user of the first call terminal of the sound characteristic of authorization code is read aloud in one ciphertext data.
Similarly, the reality that the prompting of the second reminding module is confirmed according to the second authorization code to the first ciphertext data played out
Existing mode is similar to the implementation that the prompting of the second reminding module is read aloud the second authorization code, and here is omitted.
5th, second sound information is obtained to the second safety chip to illustrate:
Second safety chip, which obtains second sound information, following two ways:
Mode A:System also includes:Second voice acquisition module, the user for gathering the second call terminal awards to second
Weighted code reads aloud result, obtains second sound information, and send second sound information;Wherein, the second voice acquisition module is located at
In second safety means;
Second safety chip, specifically for obtaining the second sound that the second voice acquisition module is sent on the second safety means
Information.
In mode A, the second voice acquisition module can be Mike, gather to the second authorization code when reading aloud result,
It is acquired using the second voice acquisition module on the second safety means, it is possible to reduce Malware is attacked on the second call terminal
The possibility hit, it is ensured that the security of data acquisition.For example, when the second safety means are bluetooth earphone, can directly utilize bluetooth
The Mike of earphone is acquired to reading aloud result.
Mode B:System also includes:Second voice acquisition module, the user for gathering the second call terminal awards to second
Weighted code reads aloud result, obtains second sound information, and send second sound information;Wherein, the second voice acquisition module is located at
In second call terminal;
Second safety chip, specifically for receiving the second voice collecting mould on the second call terminal by the second communication interface
The second sound information that block is sent.
The collection to reading aloud result is realized using the existing Mike of the second call terminal, it is convenient to realize, without pacifying to second
The hardware modification of full equipment is that the acquisition to reading aloud result can be achieved, and reduces the hardware cost of the second safety means.
Wherein, the sound for reading aloud user the second authorization code is acquired, and is obtained second sound information, is actually gathered
Obtain two parts information, one be the output of the second safety means the second authorization code content, another is to read aloud second to award
The sound characteristic of the user of weighted code.
Sound characteristic wherein in the second sound information is that the user of the second call terminal directly reads aloud second mandate
The user sound characteristic of itself during code, the content sources for identifying the second authorization code in the second sound information are conversed in second
The user of terminal;It is not the sound spy that the sounding effect for the user for simulating second call terminal by speech simulation software is obtained
Levy.
Because the sound characteristic obtained when the sound characteristic that speech simulation software is simulated directly is read aloud with user is different, because
This is when playing above-mentioned two sound characteristic, and listener can be according to tone color, tone and the tone entrained by two sound characteristics
Deng customized information etc., the sound for the user for being real second call terminal is recognised that, so as to identify that carrying is authorized
Whether the acoustic information of code comes from the second call terminal.
6th, the operation of the second safety chip encryption and decryption is illustrated:
1st, the implementation that second sound information is encrypted to the second encryption data by the second safety chip is as follows:
Second sound information is sent to the second voice conversion module, the second voice conversion module by the second voice acquisition module
By second sound information processing into data signal, data to be verified are obtained, and data to be verified are sent to the second safety chip,
Data to be verified are encrypted using the second call key for second safety chip, obtain the second encryption data, and pass through
Second communication interface sends the second encryption data.
Wherein, the effect of the second voice conversion module converts analog signals into data signal so that second sound information
It can carry out data transmission in voice encryption passage.Wherein, the second voice acquisition module and the second voice conversion module are physics
On same module or two independent modules, and be in the second voice acquisition module and the second voice conversion module
During independent two modules, it can be respectively positioned in the second safety means, or in the second call terminal;Can also one of position
In the second safety means, another is located in the second call terminal.
Certainly, if the communication network between the second call terminal and the first call terminal supports the direct biography of analog signal
It is defeated, then by second sound information processing into the second encryption data during, the system not include the second voice conversion module.
Wherein, the second safety chip by the second communication interface after the second encryption data is sent, and the second call terminal leads to
Cross the second communication interface and receive the second encryption data, and the first call terminal is sent to by communication network.
2nd, the implementation that the first encryption data is processed into the first ciphertext data and played by the second safety means is as follows:
If the first encryption data is data signal, the second safety chip is using the second call key to the first encryption number
According to being decrypted, the first ciphertext data is obtained;Second safety chip sends the first ciphertext data to the second voice conversion module, the
First ciphertext data is converted into acoustic information by two voice conversion modules, obtains the transformation result of the first ciphertext data, and by
The transformation result of one ciphertext data is sent to the second playing module, and the second playing module plays the Change-over knot of the first ciphertext data
Really;
If the first encryption data is analog signal, the second safety chip is using the second call key to the first encryption number
According to being decrypted, the first ciphertext data is obtained, the first ciphertext data is sent to the second playing module, the second playing module is played
First ciphertext data.
Wherein, the first encryption data is by communication network to be sent to the second call terminal by the first call terminal, and by
Second call terminal is sent to the second safety chip by the second communication interface.
Wherein, the second playing module is played does not have between the first ciphertext data and the second output module the second authorization code of output
Obvious sequencing, can be performed simultaneously, can also successively be performed according to order.
7th, encryption and decryption operation is carried out to voice call to the second safety chip to illustrate:
Add with being encrypted to perform in difference, the present invention using the second call key by the second call terminal in the prior art
The main body of close operation is the second safety chip.Voice call is encrypted by the second safety chip, it is possible to reduce the second call
The possibility of malware attacks in terminal, improves the safety of data transfer.
And, obtained voice messaging is encrypted the second call key that the second safety chip is produced using itself, carries
High call safety.Specifically:
(1) executive agent of voice encryption is the second safety chip, because the second safety chip is in the second safety means
Portion, the second safety means are reduced during voice encryption by malice on the second call terminal independently of the second call terminal
The possibility of software attacks;In addition, carrying out language in the second safety means in the processor for the earphone in the prior art of comparing, the present invention
The executive agent of sound encryption is the second safety chip, because the computing that voice is encrypted and decrypted is in the second safety chip
Portion is completed, simply export encrypted result and decrypted result, it is to avoid data are cracked, therefore, processing more of the prior art
Device, the voice encryption intensity of the second safety chip is higher.
(2) the second call key is that the second safety chip is produced used in voice encryption, and the second safety chip will
Second call key is stored in inside the second safety chip, reduces the possibility of the second call key from stealing, it is ensured that voice
The security of encryption;In addition, in voice encryption, being encrypted inside the second safety chip using the second call key so that
Second call key is called in a security context, it is ensured that the safe handling of the second call key.
(3) encrypted object is the second voice acquisition module collection on the second safety means.The present invention utilizes the second peace
Full equipment carries out voice collecting, and the second safety means are reduced during voice collecting by second independently of the second call terminal
The possibility of malware attacks on call terminal.
As seen from the above, in voice encryption, whole cryptographic operation is all completed by the second safety means, without
Interacted with outside equipment, it is ensured that the security of cryptographic operation.
Certainly, the voice of the second safety means encryption can also be gathered by the second call terminal, and pass through the second communication
Interface obtains the voice collected.
It in summary it can be seen, the second subsystem in embodiment one at least includes following module:Second safety chip, second
Output module, the second reminding module, the second playing module and the second voice acquisition module.
Second output module can be with play or display function module, the second reminding module can also be with broadcasting
Put or display function module, the second playing module be the module with playing function.
If the second output module and the second reminding module use playing function, the second output module and the second prompting
The function of module can be completed by the second playing module, therefore the second output module and the second reminding module are in embodiment one
The second subsystem in be not necessary module, be optional module, i.e., the second subsystem in embodiment one at least includes
Following module:Second safety chip, the second playing module and the second voice acquisition module, wherein the second playing module is corresponding hard
Part can be loudspeaker or loudspeaker, the second voice acquisition module can be Mikes.Because the second playing module and the second voice are adopted
Collecting module can be located in the second safety means, or, the second playing module and the second voice acquisition module are respectively positioned on second
In call terminal, it can be located at one of module in the second safety means, another module is located at the second call terminal
In, therefore the structure of the second subsystem in embodiment one can have following several realizations:
S1:Second safety means include the second safety chip;Second call terminal includes the second playing module and the second language
Sound acquisition module;Referring specifically to the system architecture shown in Fig. 4.Fig. 4 is the schematic diagram of the second subsystem of the embodiment of the present invention one.
Second subsystem shown in the Fig. 4 can be completed directly when realizing using the Mike of the second call terminal and loudspeaker, without to the
The hardware of two safety means and the second call terminal makees any change, and hardware cost is relatively low, realizes simple.
S2:Second safety means include the second safety chip, the second playing module and the second voice acquisition module;Specific ginseng
System architecture as shown in Figure 5.Fig. 5 is another schematic diagram of the second subsystem of the embodiment of the present invention one.Shown in the Fig. 5
Two subsystems are when realizing, because the voice and the first ciphertext data of broadcasting of the user of the second call terminal of collection are in independence
In being performed on the second safety means of the second call terminal, the attack of Malware on the second call terminal is reduced, is improved
The security of data;
S3:Second safety means include the second safety chip and the second playing module;Second call terminal includes the second language
Sound acquisition module.
S4:Second safety means include the second safety chip and the second voice acquisition module;Second call terminal includes the
Two playing modules.
If at least one in the second output module and the second reminding module uses display function, display function is used
Second subsystem of the module in embodiment one is essential, without using second son of the module of display function in embodiment one
System is optional.For example, the second reminding module uses display function, then at least include in the second subsystem in embodiment one
Second safety chip, the second reminding module, the second playing module and the second voice acquisition module;Second output module and second is carried
Show that module uses display function, then at least include the second safety chip, the second output in the second subsystem in embodiment one
Module, the second reminding module, the second playing module and the second voice acquisition module.
Compared with call key is the mode generated on TF cards in the prior art, the second son in the embodiment of the present invention one
System is reduced and conversed during voice encryption by generating call key on the safety means independently of the second call terminal
The possibility of malware attacks in terminal;And be the second safety chip in the second safety means to generate, based on safety
The high security of chip, reduces the possibility of call key from stealing, it is ensured that the security of voice encryption;In addition, in voice
During encryption, encrypted inside the second safety chip using call key so that call key is adjusted in a security context
With, it is ensured that the safe handling of call key.
In addition, in voice encryption communication process, the second safety means are by playing first from the first call terminal
Ciphertext data, points out to confirm the first ciphertext data played out according to the second authorization code, realizes to the first call terminal
Identity information confirmation so that user determine this call whether someone monitor, improve and the third party recognized in voice call
The success rate of monitoring, so as to reduce the monitored possibility of voice call, and determines that this voice call has the third party in user
During monitoring, user can take the safety measure of anti-monitoring to prevent information leakage in time, improve data transfer in voice call
Safety.
Further, the first ciphertext data from the first call terminal is played on the second safety means, is reduced
The attack of Malware on two call terminals, it is ensured that voice call safety.
Because there are two kinds of situations in the acquisition modes and receiving time of the first confirmation instruction, therefore in actual applications,
The system provided based on embodiment one, it is possible that following different application scenarios:
C1:Authorization code of first safety chip in the second ciphertext data is confirmed is consistent with the first authorization code, and second
Read aloud in ciphertext data authorization code sound characteristic it is consistent with the sound characteristic of the user of the second call terminal when, obtain first true
Recognize instruction, confirm that instruction starts the voice call to the user of the first call terminal and carries out encryption and decryption operation according to first;And,
Second safety chip confirm the first ciphertext data in authorization code it is consistent with the second authorization code, and in the first ciphertext data it is bright
When the sound characteristic of read authority code is consistent with the sound characteristic of the user of the first call terminal, the second confirmation instruction is obtained, according to
Second confirms that instruction starts the voice call to the user of the second call terminal and carries out encryption and decryption operation;
C2:Authorization code of second safety chip in the first ciphertext data is confirmed is consistent with the second authorization code, and first
Read aloud in ciphertext data authorization code sound characteristic it is consistent with the sound characteristic of the user of the first call terminal when, obtain second true
Recognize instruction, confirm that instruction starts the voice call to the user of the second call terminal and carries out encryption and decryption operation according to second, concurrently
The second confirmation is sent to instruct to the first safety chip;First safety chip confirms after the second confirmation instruction is received according to second
Instruction obtains the first confirmation instruction, confirms that the voice call that instruction starts to the user of the first call terminal is added according to first
Decryption oprerations;
C3:First safety chip starts and the voice of the user of the first call terminal is led to after the first call key is obtained
Words carry out encryption and decryption operation;After the progress encryption and decryption operation of the voice call to the user of the first call terminal is started, point out simultaneously
Confirm that the authorization code in the second ciphertext data is consistent with the first authorization code, and the sound of authorization code is read aloud in the second ciphertext data
When feature is consistent with the sound characteristic of the user of the second call terminal, the first confirmation instruction is obtained, instruction pair is confirmed according to first
The voice call of the user of first call terminal proceeds encryption and decryption operation;And, the second safety chip is confirming that first solves
Authorization code in ciphertext data is consistent with the second authorization code, and the sound characteristic and first of authorization code is read aloud in the first ciphertext data
When the sound characteristic of the user of call terminal is consistent, the second confirmation instruction is obtained, it is logical to second to confirm that instruction starts according to second
The voice call of the user of telephone terminal carries out encryption and decryption operation;
C4:Authorization code of second safety chip in the first ciphertext data is confirmed is consistent with the second authorization code, and first
Read aloud in ciphertext data authorization code sound characteristic it is consistent with the sound characteristic of the user of the first call terminal when, obtain second true
Recognize instruction, confirm that instruction starts the voice call to the user of the second call terminal and carries out encryption and decryption operation according to second, concurrently
The second confirmation is sent to instruct to the first safety chip;First safety chip starts and conversed first after the first call key is obtained
The voice call of the user of terminal carries out encryption and decryption operation;Added starting the voice call to the user of the first call terminal
After decryption oprerations, the first safety chip obtains the first confirmation after the second confirmation instruction is received, according to the second confirmation instruction and referred to
Order, confirms that voice call of the instruction to the user of the first call terminal proceeds encryption and decryption operation according to first;
C5:Authorization code of first safety chip in the second ciphertext data is confirmed is consistent with the first authorization code, and second
Read aloud in ciphertext data authorization code sound characteristic it is consistent with the sound characteristic of the user of the second call terminal when, obtain first true
Recognize instruction, confirm that instruction starts the voice call to the user of the first call terminal and carries out encryption and decryption operation according to first;And,
Second safety chip starts the voice call to the user of the second call terminal and carries out encryption and decryption after the second call key is obtained
Operation;After the progress encryption and decryption operation of the voice call to the user of the second call terminal is started, the first ciphertext data is being confirmed
In authorization code it is consistent with the second authorization code, and read aloud in the first ciphertext data authorization code sound characteristic and first call eventually
When the sound characteristic of the user at end is consistent, the second confirmation instruction is obtained, use of the instruction to the second call terminal is confirmed according to second
The voice call at family proceeds encryption and decryption operation;
C6:Second safety chip is starting after the voice call to the user of the second call terminal carries out encryption and decryption operation,
Authorization code in the first ciphertext data is confirmed is consistent with the second authorization code, and the sound of authorization code is read aloud in the first ciphertext data
When sound feature is consistent with the sound characteristic of the user of the first call terminal, the second confirmation instruction is obtained, confirms to instruct according to second
Voice call to the user of the second call terminal proceeds encryption and decryption operation, and sends the second confirmation instruction to the first safety
Chip;First safety chip obtains the first confirmation instruction after the second confirmation instruction is received according to the second confirmation instruction, according to
First confirms that instruction starts the voice call to the user of the first call terminal and carries out encryption and decryption operation;
C7:First safety chip starts and the voice of the user of the first call terminal is led to after the first call key is obtained
Words carry out encryption and decryption operation;After the progress encryption and decryption operation of the voice call to the user of the first call terminal is started, point out simultaneously
Confirm that the authorization code in the second ciphertext data is consistent with the first authorization code, and the sound of authorization code is read aloud in the second ciphertext data
When feature is consistent with the sound characteristic of the user of the second call terminal, the first confirmation instruction is obtained, instruction pair is confirmed according to first
The voice call of the user of first call terminal proceeds encryption and decryption operation;And, the second safety chip is starting to second
The voice call of the user of call terminal is carried out after encryption and decryption operation, and the authorization code in the first ciphertext data is confirmed is awarded with second
Weighted code is consistent, and the sound characteristic of the sound characteristic of authorization code and the user of the first call terminal are read aloud in the first ciphertext data
When consistent, obtain the second confirmation instruction, according to second confirm voice call of the instruction to the user of the second call terminal continue into
Row encryption and decryption is operated;
C8:Second safety chip is starting after the voice call to the user of the second call terminal carries out encryption and decryption operation,
Authorization code in the first ciphertext data is confirmed is consistent with the second authorization code, and the sound of authorization code is read aloud in the first ciphertext data
When sound feature is consistent with the sound characteristic of the user of the first call terminal, the second confirmation instruction is obtained, confirms to instruct according to second
Voice call to the user of the second call terminal proceeds encryption and decryption operation, and sends the second confirmation instruction to the first safety
Chip;First safety chip starts the voice call to the user of the first call terminal and carried out after the first call key is obtained
Encryption and decryption is operated;After the progress encryption and decryption operation of the voice call to the user of the first call terminal is started, the first safety chip
After the second confirmation instruction is received, the first confirmation instruction is obtained according to the second confirmation instruction, confirms instruction to the according to first
The voice call of the user of one call terminal proceeds encryption and decryption operation.
The first safety chip is confirming the content of authorization code and is reading aloud the sound of authorization code in the system that embodiment one is described
The consistent rear encryption and decryption operation for performing voice call of sound feature, certainly, embodiment one also provides the first safety chip in confirmation
Processing scheme when at least one in the content of authorization code and the sound characteristic for reading aloud authorization code is inconsistent, is specifically included:
When the authorization code and the first authorization code that the user of the first call terminal is judged in the second ciphertext data are inconsistent, and/
Or, second read aloud in ciphertext data authorization code sound characteristic and the sound characteristic of the user of the second call terminal it is inconsistent, then
The user of first call terminal can terminate this voice call on the first call terminal or the first safety means.
Similarly, in embodiment one second safety chip in confirming the content of authorization code and reading aloud the sound characteristic of authorization code
Processing scheme when at least one is inconsistent is similar to the processing scheme of the first safety chip in embodiment one, with identical behaviour
Make, here is omitted.
First call key described above, the second call key, the first authorization code and the second authorization code are carried out
Supplementary notes, it is specific as follows:
It is not present in the first call terminal and the second call terminal on the premise of the third party monitors, the first call key and the
Two call keys are identical.On the contrary, when the first call terminal and the second call terminal have third party's monitoring, the first call terminal
User used in the first call key and the second call terminal user used in the second call key it is different.Why
First call key and the second call key are different, and reason is:First call key is the first call terminal and the third party
Call terminal consults what is obtained, and the second call key is that the call terminal negotiation of the second call terminal and the third party is obtained, and
It is not that the first call terminal and the second call terminal are directly consulted to obtain.
On the premise of third party's monitoring is not present in the first call terminal and the second call terminal, the first authorization code and second
Authorization code is identical.On the contrary, when the first call terminal and the second call terminal have third party's monitoring, the use of the first call terminal
The second call key is different used in the user of first call key and the second call terminal used in family, therefore, according to
First authorization code of the first call key generation and the second authorization code generated according to the second call key are also different.User passes through
Compare the content of the first authorization code and the content of the second authorization code, it can be determined that go out and monitored with the presence or absence of the third party.
The second encryption data can be decrypted using the first call key for first safety chip, obtain the second decryption number
According to be due between the first call terminal and the second call terminal be not present the third party monitor when, first call key and second
Key of conversing is identical, therefore can be using the first call key to being carried out by the encrypted result after the second call key encryption
Successful decryption.
But, although can be using the first call key to being succeeded by the encrypted result after the second call key encryption
Decryption, but can not judge that, with the presence or absence of third party's monitoring between the first call terminal and the second call terminal, reason is accordingly
Since when there is third party's monitoring in the first call terminal and the second call terminal, the call terminal of the first call terminal and the third party
The call terminal of the first call key that negotiation is obtained, the second call terminal and the third party consult the second obtained call key,
First call key and the second call key are different.The data that the third party can send the first call terminal utilize the first call
After secret key decryption, reuse the second call key and be encrypted, and be sent to the second call terminal, now the second call terminal is still
It can so use the second call key that the encryption data received is successfully decrypted, but now, in the first call eventually
End and the second call terminal exist the third party monitoring, therefore can not according to the encryption data to receiving whether successful decryption
To judge whether that the third party monitors.
To solve the concept that authorization code is introduced in above-mentioned technological deficiency, the embodiment that the present invention is provided, and by awarding
Weighted code is read aloud, and acquisition is read aloud after result, and transmission reads aloud the mode of result to judge whether that the third party monitors, tool
The associated description that body implementation detail is seen above, is explained further below explanation herein.
In the present embodiment, the second ciphertext data is exported to user by the way of playing, is because the second decryption
Include two parts information in data, a part is the tool of the authorization code for the second safety means generation for representing the second call terminal
Hold in vivo, another part is the sound characteristic for the user for representing the second call terminal, by playing the second ciphertext data, can be made
The user for obtaining the first call terminal is directly obtained above-mentioned two parts information, and then so that the side of user one of the first call terminal
Whether face can be unanimously confirmed in the second ciphertext data by the authorization code and the first authorization code judged in the second ciphertext data
The authenticity of the content of carrying, on the other hand can be by judging to read aloud the sound characteristic and of authorization code in the second ciphertext data
The sound characteristic of the user of two call terminals whether unanimously come the legitimacy in the source that confirms the second ciphertext data, that is, can be with
Judge to whether there is the third party.
And, if the mode of the above-mentioned ciphertext data of broadcasting second to be substituted for the mode of the second ciphertext data of display, the
The user of one call terminal is received after the second ciphertext data, only can be by judging the authorization code in the second ciphertext data and
Whether one authorization code unanimously confirms the authenticity of content carried in the second ciphertext data, and can not confirm the second ciphertext data
Source legitimacy, that is, can not judge to whether there is the third party.
Due to being not present in the first call terminal and the second call terminal on the premise of the third party monitors, the first authorization code and
Second authorization code is identical, and the first authorization code can be marked uniquely with the call key of unique mark first, the second authorization code
Show the second call key, thus, when the user of the first call terminal judges the first authorization code and the second authorization code is identical, i.e.,
It can learn that the first call key and the second call key are identicals.
Illustrated below by taking a concrete application scene as an example:
User A and user B carries out normal talking, and during in the absence of being monitored by third party, user A and user B are directly led to
The negotiation of key is talked about, the key X that converses is obtained, the voice call between user A and user B is also directly carried out using call key X
Encryption and decryption.
Carry out in communication process, monitored if there is third party user C between user A and user B, user A and user B
Call key will be consulted with third party user C respectively, after the completion of negotiation, the call key that user C and user A consults to obtain is M,
The call key that user C and user B consults to obtain is N.During user A is sent to user B call voice, user C is cut
The call voice A that user A is sent to user B is received, plaintext A is obtained after being decrypted using call key M to call voice A, then make
User B is sent to after plaintext A is encrypted with call key N.Because user B can be sent using the key N that converses to user C
Carry out ciphertext to be decrypted, so that user B can get user A voice, similarly, user A call language is sent in user B
During sound, user C intercepts the call voice B that user B is sent to user A, and call voice B is decrypted using call key N
After obtain plaintext B, reuse call key M plaintext B is encrypted after be sent to user A.Because user A can utilize call
Key M sends ciphertext to user C and is decrypted, so that user A can get user B voice.Due to user A and user
B can get the voice of call opposite end, therefore, voice call can be carried out between user A and user B, but actually use
Family A and user B Correspondent Node user is user C, that is, user A and user B this call voice by user C
Monitor.
Corresponding, when carrying out voice call using system provided in an embodiment of the present invention, if there is user C prison
Listen, then user A safety means utilize the call key M that the user C with Correspondent Node consults, and obtain an authorization code m, and
Authorization code m is read aloud by user A, audio files m is obtained, then include in audio files m user A sound and authorization code m it is interior
Hold, after user C is decrypted to audio files m, audio files m is encrypted using the key N that converses and issues user B, when user B listens
To after audio files m, hear be user A sound, the source that specify that audio files m is user A, but user B safety is set
Standby also to utilize the call password N with the user C negotiations of Correspondent Node to obtain an authorization code n, user B compares the sound heard
The authorization code m of the file m carryings and authorization code n locally generated, it is found that authorization code m and authorization code n is differed, you can learn this
There is third party's monitoring in call.
Certainly, user C, which is cracked, obtains audio files m, and audio files is substituted for and (given birth to including authorization code n by call key N
Into authorization code) audio files, but be due to that audio files is not to be read aloud by user A, the sound not including user A is special
Levy, audio files is referred to as into audio files m ', i.e. audio files m ' includes authorization code n content and from the sound for not being user A
Sound feature;User B is after the audio files m ' heard, it is found that authorization code is exported with the safety means of oneself in audio files m '
It is consistent, but sound characteristic in audio files m ' is not user A sound characteristic, therefore user B just can determine that this is conversed
In there is third party's monitoring.
It can thus be seen that audio files includes the content for the sound characteristic and authorization code for reading aloud authorization code so that use
Family can judge whether there is third party's monitoring in communication process according to the two information, it is ensured that the safety of call.
The mode for obtaining call key and authorization code to the key agreement based on ZRTP below is described further, specifically
Flow is as follows:
First, the generation of call key:
F1:First safety means send Hello message to the second safety means, and Hello message includes the first safety means
Used ZRTP version number, key agreement type, the session identification of the user of key algorithm and the first call terminal
ID1;Wherein the key agreement type of ZRTP agreements includes pre-share pattern, media stream pattern and Diffie-Hellman (DH)
Pattern;
F2:Second safety means send the response message of Hello message to the first safety means;
F3:Second safety means send Hello message to the first safety means, and Hello message includes the second safety means
Used ZRTP version number, key agreement type, the session identification of the user of key algorithm and the second call terminal
ID2;Wherein the key agreement type of ZRTP agreements includes pre-share pattern, media stream pattern and Diffie-Hellman (DH)
Pattern;
F4:First safety means send the response message of Hello message to the second safety means;
F5:Second safety means send both sides after the response message of Hello message is received, to the first safety means and all propped up
The key agreement type and key algorithm held, this sentences key agreement type of selection for exemplified by DH patterns;
F6, the first safety means send the first function information locally generated, wherein first function to the second safety means
Information is a power function, and wherein power function can be g^x, and wherein x=svrmodp, wherein svr represent that the secret of respondent takes
Value, mod is rounds algorithm, and p is integer;
F7, the second safety means send the second function information locally generated, wherein second function to the first safety means
Information is also a power function, and wherein power function can be g^y, and wherein y=svimodp, wherein svi represent the secret of promoter
Value, mod is rounds algorithm, and p is integer;
Wherein, g^x is the first negotiation information mentioned above, and g^y is the second negotiation information mentioned above.
And in this example, the first safety chip can obtain the first call key g^xy according to g^x and g^y;, the second peace
Full chip can obtain the second call key g^xy according to g^x and g^y.
F8, the first safety means send the first verification message to the second safety means, and the first check information is to following letter
Obtained after breath verification, including:Locally whether disclose the first call key, the first call key whether is locally destroyed after call
Deng;Key used in wherein verifying is obtained according to the first call key, specifically, the key g^xy that converses first,
Session identification ID1, session identification ID2 and a string of character strings are handled, and obtain a key S0, wherein character string is one section of public affairs
Open the character string for representation function;Recycle the key derivation algorithm in ZRTP agreements to key S0 processing, used
The key calculated in verification;Wherein, key derivation algorithm can be hmac algorithm;
F9, the second safety means send the second verification after having been verified to the first verification message, to the first safety means and disappeared
Breath, the second verification message be to being obtained after following information checking, including:It is local whether to disclose the second call key, locally logical
Whether second call key etc. is destroyed after words;Key used in wherein verifying is obtained according to the second call key, specifically
For, the second call key g^xy, session identification ID1, session identification ID2 and a string of character strings are handled, one is obtained
Key S0, wherein character string are that one section of disclosure is used for the character string of representation function;The key derivation in ZRTP agreements is recycled to calculate
Method is obtained for verifying the key calculated to key S0 processing;Wherein, key derivation algorithm can be hmac algorithm;
F10, the first safety means send confirmation after the completion of being verified to the second verification message, to the second safety means and disappeared
Breath, has completed key agreement.
Two:The producing method of authorization code:
This sentences the first safety means and illustrated to generate exemplified by the first authorization code:
After key S0 is obtained, using key derivation algorithm to S0 processing, one section of character string M is obtained;
Preceding 32 bits are taken to obtain a string of character string m from character string M;
Coded treatment is carried out to character string m, character string m is encoded into visualization character, visualization character is regard as first
Authorization code.
Compared with call key is the mode generated on TF cards in the prior art, the system embodiment that the present invention is provided is led to
Generation call key is crossed on the safety means independently of call terminal, is reduced during voice encryption by malice on call terminal
The possibility of software attacks;And be the safety chip in safety means to generate, the high security based on safety chip, reduce
The possibility of call key from stealing, it is ensured that the security of voice encryption;In addition, in voice encryption, in safety chip
Encrypted using call key in portion so that call key is called in a security context, it is ensured that the safety of call key makes
With.
In voice encryption communication process, safety means point out basis by playing the ciphertext data from call opposite end
Authorization code confirms to the ciphertext data played out, realizes the confirmation of the identity information to opposite end of conversing so that user determines
Whether someone monitors for this call, improves and the success rate that the third party monitors is recognized in voice call, so as to reduce voice call
Monitored possibility, and when user determines that this voice call has third party's monitoring, user can take anti-monitoring in time
Safety measure prevent information leakage, improve the safety of data transfer in voice call.
Further, the ciphertext data from call opposite end is played on a security device, reduces malice on call terminal
The attack of software, it is ensured that voice call safety.
Any process described otherwise above or method description are construed as in flow chart or herein, represent to include
Module, fragment or the portion of the code of one or more executable instructions for the step of realizing specific logical function or process
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not be by shown or discussion suitable
Sequence, including according to involved function by it is basic simultaneously in the way of or in the opposite order, carry out perform function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, the software that multiple steps or method can in memory and by suitable instruction execution system be performed with storage
Or firmware is realized.If, and in another embodiment, can be with well known in the art for example, realized with hardware
Any one of row technology or their combination are realized:With the logic gates for realizing logic function to data-signal
Discrete logic, the application specific integrated circuit with suitable combinational logic gate circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that to realize all or part of step that above-described embodiment method is carried
Rapid to can be by program to instruct the hardware of correlation to complete, described program can be stored in a kind of computer-readable storage medium
In matter, described program upon execution, including one or a combination set of the step of embodiment of the method.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing module, can also
That unit is individually physically present, can also two or more units be integrated in a module.Above-mentioned integrated mould
Block can both be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.The integrated module is such as
Fruit is realized using in the form of software function module and as independent production marketing or in use, can also be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only storage, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
Specific features that the description of example " or " some examples " etc. means to describe with reference to the embodiment or example, structure, material or
Feature is contained at least one embodiment of the present invention or example.In this manual, to the schematic representation of above-mentioned term
It is not necessarily referring to identical embodiment or example.Moreover, specific features, structure, material or the feature of description can be with office
What combined in an appropriate manner in one or more embodiments or example.
Although embodiments of the invention have been shown and described above, it is to be understood that above-described embodiment is example
Property, it is impossible to limitation of the present invention is interpreted as, one of ordinary skill in the art is not departing from the principle and objective of the present invention
In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.The scope of the present invention
By appended claims and its equivalent limit.
Claims (15)
1. a kind of data handling system of voice call, it is characterised in that the system includes:
First safety chip, first negotiation information is sent for generating the first negotiation information, and by the first communication interface
To the first call terminal;Wherein, the first safety chip is located in the first safety means, first safety means and described first
Call terminal is connected, and independently of first call terminal;
Second safety chip, second negotiation information is sent for generating the second negotiation information, and by the second communication interface
To the second call terminal;Wherein, the second safety chip is located in the second safety means, second safety means and described second
Call terminal is connected, and independently of second call terminal;
First safety chip, is additionally operable to receive described in the first call terminal transmission by first communication interface
Second negotiation information;
Second safety chip, is additionally operable to receive described in the second call terminal transmission by second communication interface
First negotiation information;
First safety chip, is additionally operable to calculate first negotiation information and second negotiation information, obtains
First call key;Wherein, the first call key is used for the progress of the voice call to the user of first call terminal
Encryption and decryption is operated;
Second safety chip, is additionally operable to calculate first negotiation information and second negotiation information, obtains
Second call key;Wherein, the second call key is used for the progress of the voice call to the user of second call terminal
Encryption and decryption is operated;
First output module, for exporting the first authorization code;Wherein, wherein first authorization code is first safety chip
Generated according to the described first call key, first output module is located in first safety means, or, positioned at institute
State in the first call terminal;
First reminding module, for pointing out to read aloud first authorization code;Wherein, first reminding module is located at institute
State in the first safety means, or, in first call terminal;
First safety chip, the user for being additionally operable to obtain first call terminal reads aloud knot to first authorization code
Really, the first acoustic information is obtained;First acoustic information is encrypted using the described first call key, the is obtained
One encryption data, and first encryption data is sent by first communication interface;
Second output module, for exporting the second authorization code;Wherein, second authorization code be second safety chip according to
The second call key generation, second output module is located in second safety means, or, positioned at described the
In two call terminals;
Second reminding module, for pointing out to read aloud second authorization code;Wherein, second reminding module is located at institute
State in the second safety means, or, in second call terminal;
Second safety chip, the user for being additionally operable to obtain second call terminal reads aloud knot to second authorization code
Really, second sound information is obtained;The second sound information is encrypted using the described second call key, the is obtained
Two encryption datas, and second encryption data is sent by second communication interface;
First safety chip, is additionally operable to after second encryption data is received by first communication interface, profit
Second encryption data is decrypted with the described first call key, the second ciphertext data is obtained;
First playing module, for playing second ciphertext data;Wherein, first playing module is located at the described first peace
In full equipment, or, in first call terminal;
First reminding module, is additionally operable to prompting and second ciphertext data played out is entered according to first authorization code
Row confirms;
First safety chip, is additionally operable to point out according to first authorization code to playing out in first reminding module
After second ciphertext data is confirmed, if first safety chip receives the first confirmation instruction, startup utilizes institute
State voice call of the first call key to the user of first call terminal and carry out encryption and decryption operation;Or, starting profit
Voice call with the described first call key to the user of first call terminal is carried out after encryption and decryption operation, if described
First safety chip receives the first confirmation instruction, using the described first call key to the user's of first call terminal
Voice call proceeds encryption and decryption operation;
Second safety chip, is additionally operable to after first encryption data is received by second communication interface, profit
First encryption data is decrypted with the described second call key, the first ciphertext data is obtained;
Second playing module, for playing first ciphertext data;Wherein, second playing module is located at the described second peace
In full equipment, or, in second call terminal;
Second reminding module, is additionally operable to export the second authorization code and second playing module in second output module
Play after first ciphertext data, point out to carry out really first ciphertext data played out according to second authorization code
Recognize;
Second safety chip, is additionally operable to point out according to second authorization code to playing out in second reminding module
After first ciphertext data is confirmed, if second safety chip receives the second confirmation instruction, startup utilizes institute
State voice call of the second call key to the user of second call terminal and carry out encryption and decryption operation;Or, starting profit
Voice call with the described second call key to the user of second call terminal is carried out after encryption and decryption operation, if described
Second safety chip receives the second confirmation instruction, using the described second call key to the user's of second call terminal
Voice call proceeds encryption and decryption operation.
2. system according to claim 1, it is characterised in that
First output module, specifically for first authorization code is converted into acoustic information, obtains described first and authorizes
The acoustic information of code, and play the acoustic information of first authorization code;Or, show first authorization code.
3. system according to claim 1 or 2, it is characterised in that
Second output module, specifically for second authorization code is converted into acoustic information, obtains described second and authorizes
The acoustic information of code, and play the acoustic information of second authorization code;Or, show second authorization code.
4. system according to claim 1 or 2, it is characterised in that
First safety chip, is additionally operable to detect the language of the user of first call terminal in first safety chip
During sound end of conversation, the first call key is deleted;And/or,
Second safety chip, is additionally operable to detect the language of the user of second call terminal in second safety chip
During sound end of conversation, the second call key is deleted.
5. system according to claim 3, it is characterised in that
First safety chip, is additionally operable to detect the language of the user of first call terminal in first safety chip
During sound end of conversation, the first call key is deleted;And/or,
Second safety chip, is additionally operable to detect the language of the user of second call terminal in second safety chip
During sound end of conversation, the second call key is deleted.
6. system according to claim 1 or 2, it is characterised in that
The system also includes:
First voice acquisition module, the user for gathering first call terminal reads aloud knot to first authorization code
Really, the first acoustic information is obtained, and sends first acoustic information;Wherein, first voice acquisition module is located at described
In first safety means, or, in first call terminal;
First safety chip, specifically for obtaining first acoustic information that first voice acquisition module is sent.
7. system according to claim 1 or 2, it is characterised in that
The system also includes:
Second voice acquisition module, the user for gathering second call terminal reads aloud knot to second authorization code
Really, second sound information is obtained, and sends the second sound information;Wherein, second voice acquisition module is located at described
In second safety means, or, in second call terminal;
Second safety chip, specifically for obtaining the second sound information that second voice acquisition module is sent.
8. system according to claim 1 or 2, it is characterised in that the length of first authorization code is less than described first
The length of call key, and/or, the length of second authorization code is less than the length of the described second call key.
9. system according to claim 3, it is characterised in that the length of first authorization code is less than the described first call
The length of key, and/or, the length of second authorization code is less than the length of the described second call key.
10. the system according to claim 1,2 or 9, it is characterised in that first authorization code is used for described in unique mark
First call key, and/or, second authorization code is used for the second call key described in unique mark.
11. system according to claim 3, it is characterised in that first authorization code is used for first described in unique mark
Call key, and/or, second authorization code is used for the second call key described in unique mark.
12. system according to claim 1 or 2, it is characterised in that
First reminding module, specifically for pointing out to the authorization code in second ciphertext data and first authorization code
Whether unanimously confirmed, and the sound characteristic and second call terminal of authorization code are read aloud in second ciphertext data
The sound characteristic of user whether unanimously confirmed;
Wherein, described first confirms instruction to confirm the authorization code in second ciphertext data and first authorization code one
Cause, and the sound characteristic of authorization code and the sound spy of the user of second call terminal are read aloud in second ciphertext data
Levy consistent instruction.
13. system according to claim 3, it is characterised in that
First reminding module, specifically for pointing out to the authorization code in second ciphertext data and first authorization code
Whether unanimously confirmed, and the sound characteristic and second call terminal of authorization code are read aloud in second ciphertext data
The sound characteristic of user whether unanimously confirmed;
Wherein, described first confirms instruction to confirm the authorization code in second ciphertext data and first authorization code one
Cause, and the sound characteristic of authorization code and the sound spy of the user of second call terminal are read aloud in second ciphertext data
Levy consistent instruction.
14. system according to claim 1 or 2, it is characterised in that
Second reminding module, specifically for pointing out to the authorization code in first ciphertext data and second authorization code
Whether unanimously confirmed, and the sound characteristic and first call terminal of authorization code are read aloud in first ciphertext data
The sound characteristic of user whether unanimously confirmed;
Wherein, described second confirms instruction to confirm the authorization code in first ciphertext data and second authorization code one
Cause, and the sound characteristic of authorization code and the sound spy of the user of first call terminal are read aloud in first ciphertext data
Levy consistent instruction.
15. system according to claim 3, it is characterised in that
Second reminding module, specifically for pointing out to the authorization code in first ciphertext data and second authorization code
Whether unanimously confirmed, and the sound characteristic and first call terminal of authorization code are read aloud in first ciphertext data
The sound characteristic of user whether unanimously confirmed;
Wherein, described second confirms instruction to confirm the authorization code in first ciphertext data and second authorization code one
Cause, and the sound characteristic of authorization code and the sound spy of the user of first call terminal are read aloud in first ciphertext data
Levy consistent instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410208562.5A CN103986579B (en) | 2014-05-16 | 2014-05-16 | A kind of data handling system of voice call |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410208562.5A CN103986579B (en) | 2014-05-16 | 2014-05-16 | A kind of data handling system of voice call |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103986579A CN103986579A (en) | 2014-08-13 |
| CN103986579B true CN103986579B (en) | 2017-07-21 |
Family
ID=51278406
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410208562.5A Active CN103986579B (en) | 2014-05-16 | 2014-05-16 | A kind of data handling system of voice call |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103986579B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1183685A (en) * | 1996-06-28 | 1998-06-03 | 株式会社东芝 | Encryption decoding method. record reproduction device and record medium |
| CN101228770A (en) * | 2005-07-27 | 2008-07-23 | 国际商业机器公司 | Systems and method for secure delivery of files to authorized recipients |
| CN101236581A (en) * | 2007-02-01 | 2008-08-06 | 北京华大信安科技有限公司 | Information safety apparatus and its processing method |
| CN101420303A (en) * | 2008-12-12 | 2009-04-29 | 广州杰赛科技股份有限公司 | Communication method for audio data and apparatus thereof |
| CN102098159A (en) * | 2010-07-28 | 2011-06-15 | 胡旭光 | Secret key device and method for mobile phone |
| CN202231733U (en) * | 2011-09-06 | 2012-05-23 | 信雅达***工程股份有限公司 | Earphone shield with earphone function |
| CN102497465A (en) * | 2011-10-26 | 2012-06-13 | 潘铁军 | High-secrecy mobile information safety system and safety method for distributed secret keys |
| CN102592091A (en) * | 2011-12-28 | 2012-07-18 | 潘铁军 | Digital rights management system and security method based on distributed key |
| CN102609641A (en) * | 2011-12-28 | 2012-07-25 | 潘铁军 | DRM (digital rights management) system based on distributed keys |
| CN102647275A (en) * | 2011-02-22 | 2012-08-22 | 深圳市文鼎创数据科技有限公司 | KEY for mobile terminal |
| CN103457729A (en) * | 2012-05-31 | 2013-12-18 | 阿里巴巴集团控股有限公司 | Safety equipment, service terminal and encryption method |
-
2014
- 2014-05-16 CN CN201410208562.5A patent/CN103986579B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1183685A (en) * | 1996-06-28 | 1998-06-03 | 株式会社东芝 | Encryption decoding method. record reproduction device and record medium |
| CN101228770A (en) * | 2005-07-27 | 2008-07-23 | 国际商业机器公司 | Systems and method for secure delivery of files to authorized recipients |
| CN101236581A (en) * | 2007-02-01 | 2008-08-06 | 北京华大信安科技有限公司 | Information safety apparatus and its processing method |
| CN101420303A (en) * | 2008-12-12 | 2009-04-29 | 广州杰赛科技股份有限公司 | Communication method for audio data and apparatus thereof |
| CN102098159A (en) * | 2010-07-28 | 2011-06-15 | 胡旭光 | Secret key device and method for mobile phone |
| CN102647275A (en) * | 2011-02-22 | 2012-08-22 | 深圳市文鼎创数据科技有限公司 | KEY for mobile terminal |
| CN202231733U (en) * | 2011-09-06 | 2012-05-23 | 信雅达***工程股份有限公司 | Earphone shield with earphone function |
| CN102497465A (en) * | 2011-10-26 | 2012-06-13 | 潘铁军 | High-secrecy mobile information safety system and safety method for distributed secret keys |
| CN102592091A (en) * | 2011-12-28 | 2012-07-18 | 潘铁军 | Digital rights management system and security method based on distributed key |
| CN102609641A (en) * | 2011-12-28 | 2012-07-25 | 潘铁军 | DRM (digital rights management) system based on distributed keys |
| CN103457729A (en) * | 2012-05-31 | 2013-12-18 | 阿里巴巴集团控股有限公司 | Safety equipment, service terminal and encryption method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103986579A (en) | 2014-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102547502B (en) | Headset, headset use control method and terminal | |
| US20100227549A1 (en) | Apparatus and Method for Pairing Bluetooth Devices by Acoustic Pin Transfer | |
| CN103973696B (en) | A kind of data processing method of voice call | |
| CN101809955B (en) | Flash pairing between bluetooth devices | |
| US20110217950A1 (en) | Apparatus & method to improve pairing security in Bluetooth™ headsets & earbuds | |
| CN202309734U (en) | Dynamic password generating device | |
| EP3226585B1 (en) | Bluetooth voice pairing apparatus and method | |
| CN202260046U (en) | Audio-data interface adapter device and audio-data signal conversion system | |
| CN104065648B (en) | A kind of data processing method of voice call | |
| CN103974243B (en) | A kind of data handling system of voice call | |
| CN103974242B (en) | A kind of data processing method of voice call | |
| CN103986711B (en) | A kind of data processing method of voice call | |
| CN104468979A (en) | Number password input method resistant to peeping and attacking based on voice prompt | |
| CN204761537U (en) | Implement mobile communication anti -eavesdrop system of encryption and decryption in bluetooth headset end | |
| CN103986579B (en) | A kind of data handling system of voice call | |
| CN103987036B (en) | A kind of data handling system of voice call | |
| CN104765538B (en) | A kind of information processing method and terminal | |
| CN103997732B (en) | A kind of data handling system of voice call | |
| CN106331282A (en) | Mobile phone communication anti-eavesdropping system for implementing encryption and decryption on Bluetooth earphone side | |
| CN105610580A (en) | External speech encryption device based on smart phone and implementation method thereof | |
| WO2013012401A1 (en) | Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds | |
| CN104038932B (en) | A kind of safety equipment | |
| CN103986712B (en) | A kind of data processing method of voice call | |
| CN104065649B (en) | A kind of data processing method of voice call | |
| CN104080080B (en) | A kind of data handling system of voice call |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |