CN114630290A - Key agreement method, device, equipment and storage medium for voice encryption communication - Google Patents

Key agreement method, device, equipment and storage medium for voice encryption communication Download PDF

Info

Publication number
CN114630290A
CN114630290A CN202210368018.1A CN202210368018A CN114630290A CN 114630290 A CN114630290 A CN 114630290A CN 202210368018 A CN202210368018 A CN 202210368018A CN 114630290 A CN114630290 A CN 114630290A
Authority
CN
China
Prior art keywords
key
identity
session
called terminal
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210368018.1A
Other languages
Chinese (zh)
Inventor
郭茂文
张�荣
黎艳
卢燕青
刘大方
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210368018.1A priority Critical patent/CN114630290A/en
Publication of CN114630290A publication Critical patent/CN114630290A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/16Communication-related supplementary services, e.g. call-transfer or call-hold
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

The invention provides a key negotiation method, a device, equipment and a storage medium for voice encryption communication, and the method applied to a calling terminal comprises the following steps: generating a session key; calculating an identity public key of the called terminal based on the identity of the called terminal and the public parameters; encrypting the session key by using the identity identification public key of the called terminal; carrying out digital signature by using the identity identification private key of the calling terminal to obtain signature information; sending a session description protocol proposal message to the called terminal; receiving a session description protocol response message sent by the called terminal; and encrypting the voice stream sent to the called terminal through the session key and a determined encryption algorithm, and decrypting the voice stream received from the called terminal. The invention solves the potential safety hazard that the VoLTE voice service of the user is monitored.

Description

Key negotiation method, device, equipment and storage medium for voice encryption communication
Technical Field
The present invention relates to the field of voice communication, and in particular, to a key agreement method, apparatus, device, and storage medium for voice encrypted communication.
Background
Currently, a Voice over Long-Term Evolution (Voice over Long-Term Evolution) Voice service based on an LTE (Long Term Evolution) network has become a main mode for an operator to provide a Voice service. The voice over lte Service based on the IMS (IP Multimedia system) has high bandwidth, high rate, low delay, better QoS (Quality of Service), shorter call connection duration, and the like, and can bring better user experience to users.
VOLTE is based on an IP Multimedia Subsystem (IMS) network, using profiles on LTE that are tailored to the Control plane (Control plane) and the Media plane (Media plane) for voice services, so that voice services (Control and Media plane) are transmitted as data streams in the LTE data bearer network, without the need to maintain and rely on the traditional circuit switched voice network.
VoLTE is essentially a telephony process based on IP data transmission. Due to the problems of the openness of the IP network itself, such as vulnerability, intercepted traffic, etc., the VoLTE voice service of the user may be monitored. Therefore, when people enjoy the convenience of the voice multimedia service, the security problem during the voice call is inevitable, and eavesdropping of the voice call is one of the most common security problems.
Therefore, how to solve the potential safety hazard that the voice over lte service of the user is monitored is a technical problem that needs to be solved urgently by technical personnel in the field.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the invention and therefore may include information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a key negotiation method, a device, equipment and a storage medium for voice encryption communication, overcomes the difficulties in the prior art, and solves the potential safety hazard that the VoLTE voice service of a user is monitored.
The embodiment of the invention provides a key negotiation method for voice encryption communication, which is applied to a calling terminal and comprises the following steps:
generating a session key;
calculating an identity public key of the called terminal based on the identity of the called terminal and the public parameter;
encrypting the session key by using the identity public key of the called terminal;
carrying out digital signature by using the identity identification private key of the calling terminal to obtain signature information;
sending a session description protocol offer message to the called terminal, wherein the session description protocol offer message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, and the session description protocol offer message is used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter;
receiving a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
and encrypting the voice stream sent to the called terminal through the session key and a determined encryption algorithm, and decrypting the voice stream received from the called terminal.
In some embodiments of the present application, the generating a session key previously comprises:
sending an identification private key acquisition request to an identification key server, wherein the identification private key acquisition request comprises an identification of the calling terminal, and the identification is user number information;
and receiving the identity identification private key of the calling terminal and the public parameter sent by the identity identification key server, wherein the identity identification private key is obtained by calculation based on the identity identification of the calling terminal.
According to another aspect of the present application, there is also provided a key agreement method for voice encrypted communication, applied to a called terminal, the key agreement method including:
receiving a session description protocol offer message actively sent by a calling party, wherein the session description protocol offer message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encrypting an identity identification public key of the called terminal, and the signature information is obtained by digitally signing an identity identification private key of the calling terminal;
calculating an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
verifying the signature information based on the identity public key of the calling terminal;
decrypting the encrypted session key based on the identity private key of the called terminal;
determining an encryption algorithm for voice encryption communication according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
sending a session description protocol response message to the calling terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
and encrypting the voice stream sent to the calling terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the calling terminal.
In some embodiments of the present application, the receiving the session description protocol offer message sent by the caller comprises:
sending an identification private key acquisition request to an identification key server, wherein the identification private key acquisition request comprises an identification of the called terminal, and the identification is user number information;
and receiving an identity identification private key of the called terminal and the public parameter sent by the identity identification key server, wherein the identity identification private key is obtained by calculation based on the identity identification of the called terminal.
According to another aspect of the present application, there is also provided a key agreement apparatus for a voice encrypted call, applied to a calling terminal, the key agreement apparatus including:
a session key generation module configured to generate a session key;
the called terminal public key calculation module is configured to calculate an identity public key of the called terminal based on the identity of the called terminal and public parameters;
the session key encryption module is configured to encrypt the session key by using the identity identification public key of the called terminal;
the digital signature module is configured to perform digital signature by using an identity identification private key of the calling terminal to obtain signature information;
a proposal message sending module configured to send a session description protocol proposal message to the called terminal, the session description protocol proposal message including an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session description protocol proposal message being used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter;
a response message receiving module configured to receive a session description protocol response message sent by the called terminal, where the session description protocol response message includes session key confirmation information and encryption algorithm confirmation information;
and the calling voice call encryption and decryption module is configured to encrypt the voice stream sent to the called terminal through the session key and the determined encryption algorithm and decrypt the voice stream received from the called terminal.
According to another aspect of the present application, there is also provided a key agreement apparatus for a voice encrypted call, applied to a called terminal, the key agreement apparatus including:
a proposal message receiving module configured to receive a session description protocol proposal message actively sent by a calling party, wherein the session description protocol proposal message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encrypting an identification public key of the called terminal, and the signature information is obtained by digitally signing an identification private key of the calling terminal;
the calling public key calculation module is configured to calculate an identity public key of the calling terminal based on the identity of the calling terminal and public parameters;
a signature verification module configured to verify the signature information based on an identification public key of the calling terminal;
a session key decryption module configured to decrypt the encrypted session key based on an identification private key of the called terminal;
the encryption algorithm determining module is configured to determine an encryption algorithm for voice encryption communication according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
a response message sending module configured to send a session description protocol response message to the calling terminal, the session description protocol response message including session key confirmation information and encryption algorithm confirmation information;
and the called voice call encryption and decryption module is configured to encrypt the voice stream sent to the calling terminal through the session key and the determined encryption algorithm and decrypt the voice stream received from the calling terminal.
According to another aspect of the present application, there is also provided a key agreement system for voice encrypted call, including:
a calling terminal configured to perform a key agreement method applied to the calling terminal;
a called terminal configured to perform a key agreement method applied to the called terminal;
and the identity identification key server is configured to send an identity identification private key and the public parameters to the calling terminal and the called terminal.
In some embodiments of the present application, the id key server uses SM9 algorithm to send the id private key and the public parameters to the calling terminal and the called terminal.
According to another aspect of the present invention, there is also provided a key agreement processing apparatus for a voice encrypted call, including:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the steps of the key agreement method for voice encrypted calls as described above via execution of the executable instructions.
An embodiment of the present invention further provides a computer-readable storage medium for storing a program, where the program is executed to implement the steps of the key agreement method for voice encrypted communication.
Compared with the prior art, the invention aims to:
on the premise of not changing the existing VoLTE service mode and user experience, the VoLTE terminal realizes key negotiation of end-to-end encrypted call based on the identity, so that encrypted transmission is performed on a VoLTE RTP (Real-time Transport Protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when a VoLTE voice call is initiated every time, and is safely transmitted and synchronized to the called terminal in the call establishment process through the encryption and decryption algorithm based on the identity, the session key does not need to be distributed from the network side every time, the dependence on the network is reduced, and the transmission of the session key is safer and more reliable. Therefore, the original service mode and user experience do not need to be changed, the session key is transmitted in a safer and more reliable mode, and the potential safety hazard that the VoLTE voice service of the user is monitored is solved.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, with reference to the accompanying drawings.
Fig. 1 is a flowchart of an embodiment of a key agreement method applied to a voice encrypted call of a calling terminal according to the present invention.
Fig. 2 is a flowchart of another embodiment of the key agreement method applied to the voice encrypted call of the calling terminal according to the present invention.
Fig. 3 is a flowchart of an embodiment of a key agreement method applied to a voice encrypted call of a called terminal according to the present invention.
Fig. 4 is a flowchart of another embodiment of the key agreement method applied to the voice encrypted call of the called terminal according to the present invention.
Fig. 5 is a block diagram of an embodiment of a key agreement apparatus applied to a voice encrypted call of a calling terminal according to the present invention.
Fig. 6 is a block diagram of another embodiment of the key agreement apparatus applied to the voice encryption call of the calling terminal according to the present invention.
Fig. 7 is a block diagram of an embodiment of a key agreement apparatus applied to a voice encryption call of a called terminal according to the present invention.
Fig. 8 is a block diagram of another embodiment of a key agreement apparatus applied to a voice encryption call of a called terminal of the present invention.
Fig. 9 is a block diagram of a key agreement system for a voice encrypted call of the present invention.
Fig. 10 is a schematic structural diagram of a key agreement device for voice encrypted conversation according to the present invention.
Fig. 11 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus, a repetitive description thereof will be omitted.
Referring to fig. 1, fig. 1 is a flowchart of an embodiment of a key agreement method applied to a voice encrypted call of a calling terminal according to the present invention. The embodiment of the invention provides a key negotiation method applied to voice encryption communication of a calling terminal, which comprises the following steps:
step S110: a session key is generated.
Step S120: and calculating the identity public key of the called terminal based on the identity of the called terminal and the public parameters.
Step S130: and encrypting the session key by using the identity public key of the called terminal.
Step S140: and carrying out digital signature by using the identity identification private key of the calling terminal to obtain signature information.
Step S150: and sending a session description protocol offer message to the called terminal, wherein the session description protocol offer message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, and the session description protocol offer message is used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter.
Specifically, the session description protocol offer message may be an SIP INVITE (SDP offer) message, so that negotiation with the session key may be performed through the original business process.
Step S160: and receiving a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information.
Specifically, the session description protocol answer message may be SIP INVITE 200ok (sdp answer), so that the negotiation with the session key may be performed through the original service flow.
Step S170: and encrypting the voice stream sent to the called terminal through the session key and a determined encryption algorithm, and decrypting the voice stream received from the called terminal.
Specifically, the calling terminal and the called terminal may both be VoLTE terminals.
Therefore, in the conversation process, the calling party and the called party encrypt the transmitted RTP voice streams through the session keys respectively, and decrypt the received RTP voice streams, so that the VoLTE voice safe conversation function of the calling party and the called party is realized.
Referring to fig. 2, fig. 2 is a flowchart of another embodiment of a key agreement method applied to a voice encrypted call of a calling terminal according to the present invention. Steps S110 to S170 in fig. 2 are the same as those in fig. 1, and are not repeated herein. Before step S110 is shown in fig. 2, the following steps may be further included:
step S101: and sending an identification private key acquisition request to an identification private key server, wherein the identification private key acquisition request comprises an identification of the calling terminal, and the identification is user number information.
Step S102: and receiving the identity identification private key of the calling terminal and the public parameter sent by the identity identification key server, wherein the identity identification private key is obtained by calculation based on the identity identification of the calling terminal.
In particular, the identity server may employ the SM9 algorithm to generate the master key and the public parameters. Specifically, the identity server can perform identity authentication on the calling terminal after receiving an identity private key acquisition request sent by the calling terminal. Specifically, when the id server issues the id private key and the public parameter of the calling terminal to the calling terminal, the private key and the public parameter may be protected by an auxiliary secure channel, such as a GBA (generic bootstrapping architecture, generic authentication mechanism) based telecommunications network.
Referring to fig. 3, fig. 3 is a flowchart of an embodiment of a key agreement method applied to a voice encrypted call of a called terminal according to the present invention. Fig. 3 shows the following steps in total:
step S210: receiving a session description protocol offer message actively sent by a calling party, wherein the session description protocol offer message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encrypting an identity public key of the called terminal, and the signature information is obtained by digitally signing an identity private key of the calling terminal.
Specifically, the session description protocol offer message may be an SIP INVITE (SDP offer) message, so that negotiation with the session key may be performed through the original business process.
Step S220: and calculating the identity identification public key of the calling terminal based on the identity identification of the calling terminal and the public parameters.
Step S230: and verifying the signature information based on the identity identification public key of the calling terminal.
Step S240: and decrypting the encrypted session key based on the identity private key of the called terminal.
Step S250: and determining an encryption algorithm for voice encryption communication according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal.
Step S260: and sending a session description protocol response message to the calling terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information.
Specifically, the session description protocol answer message may be SIP INVITE 200ok (sdp answer), so that the negotiation with the session key may be performed through the original service flow.
Step S270: and encrypting the voice stream sent to the calling terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the calling terminal.
Specifically, the calling terminal and the called terminal may both be VoLTE terminals.
Therefore, in the conversation process, the calling party and the called party encrypt the transmitted RTP voice streams through the session keys respectively, and decrypt the received RTP voice streams, so that the VoLTE voice safe conversation function of the calling party and the called party is realized.
Referring to fig. 4, fig. 4 is a flowchart of another embodiment of the key agreement method applied to the voice encrypted call of the called terminal according to the present invention. Steps S210 to S270 in fig. 4 are the same as those in fig. 3, and are not repeated herein. Before step S210 is shown in fig. 4, the following steps may be further included:
step S201: sending an identity identification private key acquisition request to an identity identification key server, wherein the identity identification private key acquisition request comprises an identity identification of the called terminal;
step S202: and receiving an identity identification private key of the called terminal and the public parameter sent by the identity identification key server, wherein the identity identification private key is obtained by calculation based on the identity identification of the called terminal.
In particular, the identity server may employ the SM9 algorithm to generate the master key and the public parameters. Specifically, the identity server may perform identity authentication on the called terminal after receiving an identity private key acquisition request sent by the called terminal. Specifically, when the id server issues the id private key of the called terminal and the public parameter to the called terminal, the private key and the public parameter may be protected by an auxiliary secure channel, such as a GBA (generic bootstrapping architecture, generic authentication mechanism) based telecommunications network.
Therefore, on the premise of not changing the existing VoLTE service mode and user experience, the VoLTE terminal realizes the key negotiation of end-to-end encrypted conversation based on the identity, so that encrypted transmission is carried out on a VoLTE RTP (Real-time Transport Protocol) message. Meanwhile, session keys of VoLTE voice encryption technology are generated and distributed to VoLTE terminals through a password server deployed on a network side according to a request message, so that the requirements on the real-time performance of the network and the performance of the password server are high, and a secure channel is required between the password server and the terminals. The VoLTE voice encryption session key is generated by the calling terminal when a VoLTE voice call is initiated every time, and is safely transmitted and synchronized to the called terminal in the call establishment process through the encryption and decryption algorithm based on the identity, the session key does not need to be distributed from the network side every time, the dependence on the network is reduced, and the transmission of the session key is safer and more reliable. Therefore, the original service mode and user experience do not need to be changed, the session key is transmitted in a safer and more reliable mode, and the potential safety hazard that the VoLTE voice service of the user is monitored is solved.
The above description is only illustrative of specific implementations of the present invention, and the present invention is not limited thereto, and the steps of splitting, merging, changing the execution sequence, splitting, merging, and information transmission are all within the protection scope of the present invention.
Fig. 5 is a block diagram of an embodiment of a key agreement apparatus applied to a voice encrypted call of a calling terminal according to the present invention. The key agreement device 300 for calling voice encrypted call of the present invention, as shown in fig. 5, includes but is not limited to: a session key generating module 310, a called terminal public key calculating module 320, a session key encrypting module 330, a digital signature module 340, a proposal message sending module 350, a response message receiving module 360 and a calling voice call encrypting and decrypting module 370.
The session key generation module 310 is configured to generate a session key;
the called terminal public key calculation module 320 is configured to calculate an identity public key of the called terminal based on the identity of the called terminal and the public parameter;
the session key encryption module 330 is configured to encrypt the session key by using the public identity key of the called terminal;
the digital signature module 340 is configured to obtain signature information by performing digital signature by using an identity private key of the calling terminal;
the offer message sending module 350 is configured to send a session description protocol offer message to the called terminal, the session description protocol offer message including an encrypted session key, signature information, and an encryption algorithm supported by the calling terminal, the session description protocol offer message being for verification of the signature information by the called terminal based on the identity of the calling terminal and the public parameter, and decryption of the session key;
the response message receiving module 360 is configured to receive a session description protocol response message sent by the called terminal, where the session description protocol response message includes session key confirmation information and encryption algorithm confirmation information;
the calling voice call encryption and decryption module 370 is configured to encrypt the voice stream transmitted to the called terminal through the session key and the determined encryption algorithm, and decrypt the voice stream received from the called terminal.
The implementation principle of the above modules is referred to related introduction in the key negotiation method of voice encrypted call, and is not described herein again.
Fig. 6 is a block diagram of another embodiment of the key agreement apparatus for calling voice encrypted call according to the present invention. The key agreement apparatus 300' for the caller encrypted voice call of the present invention includes but is not limited to: a calling private key request module 301, a calling private key receiving module 302, a session key generation module 310, a called terminal public key calculation module 320, a session key encryption module 330, a digital signature module 340, an offer message sending module 350, a response message receiving module 360 and a calling voice call encryption and decryption module 370.
The session key generation module 310, the called terminal public key calculation module 320, the session key encryption module 330, the digital signature module 340, the proposal message transmission module 350, the response message reception module 360, and the calling voice call encryption and decryption module 370 may perform functions corresponding to the corresponding modules in fig. 5.
The calling private key request module 301 is configured to send an identification private key acquisition request to an identification key server, where the identification private key acquisition request includes an identification of the called terminal.
The calling private key receiving module 302 is configured to receive the private identity key of the called terminal and the public parameter sent by the identity key server, where the private identity key is obtained based on identity calculation of the called terminal.
The implementation principle of the above module is described in the key agreement method of voice encrypted call, and is not described herein again.
Fig. 7 is a block diagram of an embodiment of a key agreement apparatus applied to a voice encryption call of a called terminal according to the present invention. The key agreement apparatus 400 for the called voice encrypted call of the present invention, as shown in fig. 7, includes but is not limited to: a proposal message receiving module 410, a caller public key calculation module 420, a signature verification module 430, a session key decryption module 440, an encryption algorithm determination module 450, a reply message sending module 460, and a called voice call encryption and decryption module 470.
The offer message receiving module 410 is configured to receive a session description protocol offer message that is actively sent by the caller, the session description protocol offer message including an encrypted session key obtained by encrypting via an identification public key of the called terminal, signature information obtained by digitally signing with an identification private key of the calling terminal, and an encryption algorithm supported by the calling terminal;
the calling public key calculation module 420 is configured to calculate an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
the signature verification module 430 is configured to verify the signature information based on the public key of the identity of the calling terminal;
the session key decryption module 440 is configured to decrypt the encrypted session key based on the identity private key of the called terminal;
the encryption algorithm determining module 450 is configured to determine an encryption algorithm for the voice encrypted call according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
the response message sending module 460 is configured to send a session description protocol response message to the calling terminal, where the session description protocol response message includes session key confirmation information and encryption algorithm confirmation information;
the called voice call encryption and decryption module 470 is configured to encrypt the voice stream sent to the calling terminal through the session key and the determined encryption algorithm, and decrypt the voice stream received from the calling terminal.
The implementation principle of the above modules is referred to related introduction in the key negotiation method of voice encrypted call, and is not described herein again.
Fig. 8 is a block diagram of another embodiment of the key agreement apparatus for the called voice encrypted call according to the present invention. The key agreement apparatus 400' for the called voice encrypted call of the present invention includes but is not limited to: a called private key request module 401, a called private key receiving module 402, a proposal message receiving module 410, a calling public key calculation module 420, a signature verification module 430, a session key decryption module 440, an encryption algorithm determination module 450, a response message sending module 460 and a called voice call encryption and decryption module 470.
The proposal message receiving module 410, the caller public key calculation module 420, the signature verification module 430, the session key decryption module 440, the encryption algorithm determination module 450, the reply message sending module 460, and the called voice call encryption and decryption module 470 may perform functions corresponding to the corresponding modules in fig. 6.
The called private key request module 401 is configured to send an identification private key obtaining request to the identification key server, where the identification private key obtaining request includes an identification of the called terminal.
The called private key receiving module 402 is configured to receive the identity private key of the called terminal and the public parameter sent by the identity key server, where the identity private key is obtained based on identity calculation of the called terminal.
The implementation principle of the above module is described in the key agreement method of voice encrypted call, and is not described herein again.
The key negotiation device for voice encrypted conversation realizes the key negotiation of end-to-end encrypted conversation by the VoLTE terminal based on the identity identification on the premise of not changing the conventional VoLTE service mode and user experience, thereby encrypting and transmitting a VoLTE RTP (Real-time Transport Protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when a VoLTE voice call is initiated every time, and is safely transmitted and synchronized to the called terminal in the call establishment process through the encryption and decryption algorithm based on the identity, the session key does not need to be distributed from the network side every time, the dependence on the network is reduced, and the transmission of the session key is safer and more reliable. Therefore, the original service mode and user experience do not need to be changed, the session key is transmitted in a safer and more reliable mode, and the potential safety hazard that the VoLTE voice service of the user is monitored is solved.
Fig. 5 to 8 are merely schematic diagrams illustrating key agreement devices 300, 300 ', 400 and 400' for a calling voice encrypted call and a called voice encrypted call provided by the present invention, respectively, and the splitting, combining and adding of modules are within the protection scope of the present invention without departing from the concept of the present invention. The key agreement devices 300, 300 ', 400 and 400' for encrypted voice calls between a calling party and a called party provided by the present invention can be implemented by software, hardware, firmware, plug-in components and any combination thereof, which is not limited by the present invention.
The embodiment of the invention also provides a key negotiation processing system for the voice encryption communication. Referring to fig. 9, fig. 9 is a block diagram of a key agreement system for a voice encryption call according to the present invention. The key agreement system includes a calling terminal 510, a called terminal 520, and an identity key server 530. The calling terminal 510 is configured to perform a key agreement method applied to the calling terminal as shown in fig. 1 or fig. 2. The called terminal 520 is configured to perform a key agreement method applied to the called terminal as shown in fig. 3 or fig. 4. The identity key server 530 is configured to send the private identity key and the public parameters to the calling terminal and the called terminal. The calling terminal 510 and the called terminal 520 communicate through an IMS network. Specifically, the calling terminal 510, the called terminal 520, and the id key server 530 may interact as follows:
the id key server 530 may first generate the master key and public parameters of the cryptographic SM9 elliptic curve algorithm. The calling terminal 510 and the called terminal 520 may request the id-based private key from the id key server 530 to information such as a portable terminal code number. Identity key server 530 may perform: 1. and issuing a secret key and public parameters based on the identity. Specifically, the id key server 530 may generate a private key based on the id for the terminal of the code number after performing the necessary authentication, and send the private key and the system public parameters to the calling terminal 510 and the called terminal 520 through the secure transmission channel. The calling terminal 510 and the called terminal 520 securely store information such as a private key based on the identity and system public parameters.
In the session key negotiation phase:
the calling terminal 510 can dial the called terminal 520 through a dial, and the calling terminal 510 confirms that the called terminal 520 also has the encrypted call function;
the calling terminal 510 performs: 2-1, generating a session key, calculating an identity public key of the called terminal based on the identity of the called terminal and public parameters, encrypting the session key through the identity public key of the called terminal, and digitally signing the encrypted session key through a private key of the called terminal based on the identity.
The calling terminal 510 performs: 2-2, sending SIP INVITE message to called terminal 520, carrying an SDP offer in the request SIP INVITE, containing the following information: encrypted session key, digital signature information, VoLTE voice encryption algorithm supported by the home terminal and other information;
the called terminal 520 performs: 2-3, after receiving the SIP INVITE request message, analyzing the SDP offer, calculating an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter, and verifying the digital signature by using the identity public key of the calling terminal; then the session key is decrypted by the private key based on the identification mark. And then, determining the encryption algorithm of the VoLTE call according to the encryption algorithm supported by the calling party and the encryption algorithm supported by the call, which are provided by the SDP Offer.
The called terminal 520 performs: 2-4, called; and returning 200INVITE response to the calling party, wherein the response carries an SDP offer and contains information such as session key synchronization OK, an encryption algorithm of the VoLTE call and the like.
In the voice encryption conversation stage:
the calling and called terminals execute: 3. encrypting a VoLTE voice stream to be transmitted, and then transmitting the VoLTE voice stream; and decrypting the received VoLTE voice stream and playing the VoLTE voice stream through a loudspeaker.
Therefore, the key negotiation system for voice encrypted call realizes the key negotiation of end-to-end encrypted call based on the identity label by the VoLTE terminal on the premise of not changing the existing VoLTE service mode and user experience, thereby encrypting and transmitting the VoLTE RTP (Real-time Transport Protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when a VoLTE voice call is initiated every time, and is safely transmitted and synchronized to the called terminal in the call establishment process through an encryption and decryption algorithm based on the identity, the session key does not need to be distributed from the network side every time, the dependence on the network is reduced, and the transmission of the session key is safer and more reliable. Therefore, the original service mode and user experience do not need to be changed, the session key is transmitted in a safer and more reliable mode, and the potential safety hazard that the VoLTE voice service of the user is monitored is solved.
The embodiment of the invention also provides a key negotiation processing device for the voice encryption communication, which comprises a processor. A memory having stored therein executable instructions of the processor. Wherein the processor is configured to perform the steps of the key agreement method for voice encrypted sessions via execution of the executable instructions.
As shown above, in the key agreement processing device for voice encrypted session of the embodiment of the present invention, on the premise of not changing the existing VoLTE service mode and user experience, the VoLTE terminal implements key agreement of end-to-end encrypted session based on the identity, so as to perform encrypted transmission on a VoLTE RTP (Real-time Transport Protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when a VoLTE voice call is initiated every time, and is safely transmitted and synchronized to the called terminal in the call establishment process through the encryption and decryption algorithm based on the identity, the session key does not need to be distributed from the network side every time, the dependence on the network is reduced, and the transmission of the session key is safer and more reliable. Therefore, the session key is transmitted in a safer and more reliable mode without changing the original service mode and user experience, and the potential safety hazard that the VoLTE voice service of the user is monitored is solved.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" platform.
Fig. 10 is a schematic structural diagram of a key agreement processing device for voice encrypted conversation according to the present invention. An electronic device 700 according to this embodiment of the invention is described below with reference to fig. 10. The electronic device 700 shown in fig. 10 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 10, electronic device 700 is embodied in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 connecting the different platform components (including memory unit 720 and processing unit 710), a display unit 740, etc.
Wherein the storage unit stores program code that can be executed by the processing unit 710 to cause the processing unit 710 to perform the steps according to various exemplary embodiments of the present invention described in the key agreement method section of voice encrypted call described above in this specification. For example, the processing unit 710 may perform the steps as shown in any of fig. 1 to 4.
The storage unit 720 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)7201 and/or a cache memory unit 7202, and may further include a read only memory unit (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 730 may be any representation of one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 7001 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 700, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 700 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interface 950. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 760. The network adapter 960 may communicate with other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage platforms, to name a few.
The embodiment of the invention also provides a computer readable storage medium for storing a program, and the steps of the key agreement method of the voice encryption communication are realized when the program is executed. In some possible embodiments, the aspects of the present invention may also be implemented in the form of a program product, which includes program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present invention described in the key agreement method section of voice encrypted conversation described above in this specification, when the program product is run on the terminal device.
As shown above, the computer-readable storage medium for performing key agreement of voice encrypted session in this embodiment implements key agreement of end-to-end encrypted session based on the identity without changing the existing VoLTE service mode and user experience, so as to perform encrypted transmission on a VoLTE RTP (Real-time Transport Protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when a VoLTE voice call is initiated every time, and is safely transmitted and synchronized to the called terminal in the call establishment process through the encryption and decryption algorithm based on the identity, the session key does not need to be distributed from the network side every time, the dependence on the network is reduced, and the transmission of the session key is safer and more reliable. Therefore, the original service mode and user experience do not need to be changed, the session key is transmitted in a safer and more reliable mode, and the potential safety hazard that the VoLTE voice service of the user is monitored is solved.
Fig. 11 is a schematic structural diagram of a computer-readable storage medium of the present invention. Referring to fig. 8, a program product 800 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this respect, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In summary, on the premise of not changing the existing VoLTE service mode and user experience, the VoLTE terminal implements end-to-end encrypted call key agreement based on the identity, so as to encrypt and transmit a VoLTE RTP (Real-time Transport Protocol) message. Meanwhile, the VoLTE voice encryption session key is generated by the calling terminal when a VoLTE voice call is initiated every time, and is safely transmitted and synchronized to the called terminal in the call establishment process through the encryption and decryption algorithm based on the identity, the session key does not need to be distributed from the network side every time, the dependence on the network is reduced, and the transmission of the session key is safer and more reliable. Therefore, the session key is transmitted in a safer and more reliable mode without changing the original service mode and user experience, and the potential safety hazard that the VoLTE voice service of the user is monitored is solved.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, numerous simple deductions or substitutions may be made without departing from the spirit of the invention, which shall be deemed to belong to the scope of the invention.

Claims (10)

1. A key agreement method of voice encryption communication is characterized in that the key agreement method is applied to a calling terminal and comprises the following steps:
generating a session key;
calculating an identity public key of the called terminal based on the identity of the called terminal and the public parameter;
encrypting the session key by using the identity identification public key of the called terminal;
carrying out digital signature by using the identity identification private key of the calling terminal to obtain signature information;
sending a session description protocol offer message to the called terminal, wherein the session description protocol offer message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, and the session description protocol offer message is used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter;
receiving a session description protocol response message sent by the called terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
and encrypting the voice stream sent to the called terminal through the session key and a determined encryption algorithm, and decrypting the voice stream received from the called terminal.
2. The method of claim 1, wherein the generating the session key comprises:
sending an identification private key acquisition request to an identification key server, wherein the identification private key acquisition request comprises an identification of the calling terminal, and the identification is user number information;
and receiving the identity private key of the calling terminal and the public parameter sent by the identity key server, wherein the identity private key is obtained by calculation based on the identity of the calling terminal.
3. A key negotiation method for voice encryption communication is characterized in that the key negotiation method is applied to a called terminal and comprises the following steps:
receiving a session description protocol offer message actively sent by a calling party, wherein the session description protocol offer message comprises an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session key is obtained by encrypting an identity identification public key of the called terminal, and the signature information is obtained by digitally signing an identity identification private key of the calling terminal;
calculating an identity public key of the calling terminal based on the identity of the calling terminal and the public parameter;
verifying the signature information based on the identity public key of the calling terminal;
decrypting the encrypted session key based on an identity private key of the called terminal;
determining an encryption algorithm for voice encryption communication according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
sending a session description protocol response message to the calling terminal, wherein the session description protocol response message comprises session key confirmation information and encryption algorithm confirmation information;
and encrypting the voice stream sent to the calling terminal through the session key and the determined encryption algorithm, and decrypting the voice stream received from the calling terminal.
4. The key agreement method for voice encrypted call according to claim 3, wherein the receiving the session description protocol offer message actively sent by the caller comprises:
sending an identification private key acquisition request to an identification key server, wherein the identification private key acquisition request comprises an identification of the called terminal, and the identification is user number information;
and receiving an identity identification private key of the called terminal and the public parameter sent by the identity identification key server, wherein the identity identification private key is obtained by calculation based on the identity identification of the called terminal.
5. A key agreement device for voice encrypted call, which is applied to a calling terminal, the key agreement device comprising:
a session key generation module configured to generate a session key;
the called terminal public key calculation module is configured to calculate an identity public key of the called terminal based on the identity of the called terminal and public parameters;
the session key encryption module is configured to encrypt the session key by using the identity public key of the called terminal;
the digital signature module is configured to perform digital signature by using an identity identification private key of the calling terminal to obtain signature information;
a proposal message sending module configured to send a session description protocol proposal message to the called terminal, the session description protocol proposal message including an encrypted session key, signature information and an encryption algorithm supported by the calling terminal, the session description protocol proposal message being used for the called terminal to verify the signature information and decrypt the session key based on the identity of the calling terminal and the public parameter;
a response message receiving module configured to receive a session description protocol response message sent by the called terminal, where the session description protocol response message includes session key confirmation information and encryption algorithm confirmation information;
and the calling voice call encryption and decryption module is configured to encrypt a voice stream sent to the called terminal through the session key and a determined encryption algorithm and decrypt the voice stream received from the called terminal.
6. A key agreement device for voice encrypted call, which is applied to a called terminal, the key agreement device comprising:
an offer message receiving module configured to receive a session description protocol offer message actively sent by a caller, the session description protocol offer message including an encrypted session key, signature information, and an encryption algorithm supported by the caller terminal, the session key being obtained by encryption via an identification public key of the callee terminal, the signature information being obtained by digital signature of an identification private key of the caller terminal;
the calling public key calculation module is configured to calculate an identity public key of the calling terminal based on the identity of the calling terminal and public parameters;
a signature verification module configured to verify the signature information based on an identification public key of the calling terminal;
a session key decryption module configured to decrypt the encrypted session key based on an identity private key of the called terminal;
the encryption algorithm determining module is configured to determine an encryption algorithm for voice encryption communication according to the encryption algorithm supported by the calling terminal and the encryption algorithm supported by the called terminal;
a response message sending module configured to send a session description protocol response message to the calling terminal, the session description protocol response message including session key confirmation information and encryption algorithm confirmation information;
and the called voice call encryption and decryption module is configured to encrypt the voice stream sent to the calling terminal through the session key and the determined encryption algorithm and decrypt the voice stream received from the calling terminal.
7. A key agreement system for voice encrypted communication, comprising:
a calling terminal configured to perform the key agreement method of claim 1 or 2;
a called terminal configured to perform the key agreement method according to claim 3 or 4;
and the identity identification key server is configured to send an identity identification private key and the public parameters to the calling terminal and the called terminal.
8. The key agreement system of claim 7, wherein the identity key server sends an identity private key and the public parameters to the calling terminal and the called terminal using the SM9 algorithm.
9. A key agreement processing apparatus for a voice encrypted call, comprising:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform, via execution of the executable instructions:
the key agreement method of voice encrypted call in any one of claims 1 to 2; and/or
The key agreement method for voice encrypted communication according to any one of claims 3 to 4.
10. A computer-readable storage medium storing a program, wherein the program when executed implements:
the key agreement method of voice encrypted call in any one of claims 1 to 2; and/or
The key agreement method of voice encrypted communication according to any one of claims 3 to 4.
CN202210368018.1A 2022-04-08 2022-04-08 Key agreement method, device, equipment and storage medium for voice encryption communication Pending CN114630290A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210368018.1A CN114630290A (en) 2022-04-08 2022-04-08 Key agreement method, device, equipment and storage medium for voice encryption communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210368018.1A CN114630290A (en) 2022-04-08 2022-04-08 Key agreement method, device, equipment and storage medium for voice encryption communication

Publications (1)

Publication Number Publication Date
CN114630290A true CN114630290A (en) 2022-06-14

Family

ID=81904987

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210368018.1A Pending CN114630290A (en) 2022-04-08 2022-04-08 Key agreement method, device, equipment and storage medium for voice encryption communication

Country Status (1)

Country Link
CN (1) CN114630290A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114900500A (en) * 2022-06-15 2022-08-12 中国电信股份有限公司 Call control method, application server, communication system, and storage medium
CN115412252A (en) * 2022-07-07 2022-11-29 渔翁信息技术股份有限公司 Data transmission method, transmission initiating terminal and transmission receiving terminal

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030217165A1 (en) * 2002-05-17 2003-11-20 Microsoft Corporation End-to-end authentication of session initiation protocol messages using certificates
US20100166182A1 (en) * 2008-12-31 2010-07-01 Verizon Data Services, Llc Method and system for securing voice over internet protocol transmissions
CN101917711A (en) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 Mobile communication system and voice call encryption method thereof
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system
CN104683291A (en) * 2013-11-27 2015-06-03 北京大唐高鸿数据网络技术有限公司 IMS system based session key negotiating method
CN106982419A (en) * 2016-01-18 2017-07-25 普天信息技术有限公司 A kind of broadband cluster system individual calling End to End Encryption method and system
CN114125824A (en) * 2020-08-31 2022-03-01 中国电信股份有限公司 Voice encryption processing method, server, terminal, system and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030217165A1 (en) * 2002-05-17 2003-11-20 Microsoft Corporation End-to-end authentication of session initiation protocol messages using certificates
US20100166182A1 (en) * 2008-12-31 2010-07-01 Verizon Data Services, Llc Method and system for securing voice over internet protocol transmissions
CN101917711A (en) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 Mobile communication system and voice call encryption method thereof
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system
CN104683291A (en) * 2013-11-27 2015-06-03 北京大唐高鸿数据网络技术有限公司 IMS system based session key negotiating method
CN106982419A (en) * 2016-01-18 2017-07-25 普天信息技术有限公司 A kind of broadband cluster system individual calling End to End Encryption method and system
CN114125824A (en) * 2020-08-31 2022-03-01 中国电信股份有限公司 Voice encryption processing method, server, terminal, system and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘刚等: "基于SIP协议的网络电话安全方案及实现", 计算机工程, 5 June 2008 (2008-06-05) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114900500A (en) * 2022-06-15 2022-08-12 中国电信股份有限公司 Call control method, application server, communication system, and storage medium
CN115412252A (en) * 2022-07-07 2022-11-29 渔翁信息技术股份有限公司 Data transmission method, transmission initiating terminal and transmission receiving terminal

Similar Documents

Publication Publication Date Title
US8452017B2 (en) Methods and systems for secure channel initialization transaction security based on a low entropy shared secret
US8495375B2 (en) Methods and systems for secure channel initialization
US7764945B2 (en) Method and apparatus for token distribution in session for future polling or subscription
EP3178193B1 (en) A method of providing real-time secure communication between end points in a network
US20150089220A1 (en) Technique For Bypassing an IP PBX
KR100862050B1 (en) Secure voip communication method and user agent using the same
EP2073430A1 (en) Methods and systems for secure channel initialization transaction security based on a low entropy shared secret
CN104486077A (en) End-to-end secret key negotiation method for VoIP (Voice Over Internet Protocol) real-time data safety transmission
CN102868665A (en) Method and device for data transmission
EP2426852A1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
CN114630290A (en) Key agreement method, device, equipment and storage medium for voice encryption communication
CN108833943B (en) Code stream encryption negotiation method and device and conference terminal
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN114866234B (en) Voice communication method, device, equipment and storage based on quantum key encryption and decryption
CN101547269A (en) Calling control method and voice terminal
WO2017197968A1 (en) Data transmission method and device
WO2024041498A1 (en) Secret communication processing method, first terminal, and storage medium
CN115589288A (en) Method for realizing end-to-end VoIP encrypted communication based on quantum key pre-charging
CA2646862C (en) Methods and systems for secure channel initialization
CN110574335B (en) Key distribution system, method and recording medium
CN108156112B (en) Data encryption method, electronic equipment and network side equipment
CN110890968B (en) Instant messaging method, device, equipment and computer readable storage medium
CN111953631A (en) Method and system for safely encrypting mobile internet communication instant message
CN112953964B (en) Voice signaling encryption processing system and encryption processing method
CN114900500A (en) Call control method, application server, communication system, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination