WO2010069102A1 - Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method - Google Patents

Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method Download PDF

Info

Publication number
WO2010069102A1
WO2010069102A1 PCT/CN2008/073537 CN2008073537W WO2010069102A1 WO 2010069102 A1 WO2010069102 A1 WO 2010069102A1 CN 2008073537 W CN2008073537 W CN 2008073537W WO 2010069102 A1 WO2010069102 A1 WO 2010069102A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
shared key
unit
ciphertext
mobile terminal
Prior art date
Application number
PCT/CN2008/073537
Other languages
French (fr)
Chinese (zh)
Inventor
邓方民
郭红星
薛涛
闫海清
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to PCT/CN2008/073537 priority Critical patent/WO2010069102A1/en
Publication of WO2010069102A1 publication Critical patent/WO2010069102A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to the field of communications, and in particular to a key transmission method, a decryption method, a method for implementing secure communication, and a mobile terminal.
  • BACKGROUND OF THE INVENTION When a communication content is transmitted by a signal in a communication network, there is a problem that communication content may be illegally eavesdropped. Based on this, a secret communication technique between mobile terminals occurs.
  • Method 1 Add an encryption/decryption device on the interface of the terminal device, and use the device to perform encryption/decryption processing on the signal of the communication content to implement secure communication.
  • the method generally includes the following steps: Step 1: Convert the voice into the audio signal A by the microphone; Step 2, encrypt the audio signal A to make the encrypted audio signal B, And sending to a communication terminal 1; Step 3, the encrypted audio electrical signal B output by the communication terminal 1 is transmitted to another communication terminal 2 through the public communication network; Step 4, decrypting the encrypted audio electrical signal B output by the communication terminal 2 , making it an unencrypted audio electrical signal C, and sending it to the receiver; Step 5, converting the audio electrical signal C to voice by the receiver.
  • the receiving end generates a key, and uses the short message technology to perform key negotiation between the receiving end and the transmitting end, and then uses the generated key to encrypt the signal of the communication content, thereby implementing secure communication.
  • a typical method of the solution may include the following steps: Between the mobile terminal and the application server (the mobile terminal and the application server have been authenticated by the trusted certificate authority), the use is included in the short message
  • the identity information in the middle and the last value of the hash chain encrypted by the trusted certificate authority public key are used as the session key of both parties for the first authentication and the call.
  • only the mobile terminal includes If the length of the hash chain is greater than 0, the application server can perform a hash operation on the hash value contained in the sent short message, and compare with the currently saved hash value of the application server to verify the identity of the mobile terminal. And the hash value in the received short message is used as the new call key of both parties to inform the other party for verification identity.
  • the encryption/decryption device used is relatively fixed and easily obtained by an illegal user. Once the illegal user obtains the same encryption/decryption device, the communication of all the same mobile terminals is no longer secure; The key used for each communication is a fixed same key, and the security level is not high.
  • the second method first, the implementation process is complicated and inconvenient to use, and each time before the call, the short message must be sent first. Key negotiation is not efficient; secondly, the real-time performance of short messages is not strong, which is easy to cause delays, and the specific implementation process will increase the cost of additional short message communication.
  • the present invention has been made in view of the problems of low security and inconvenient implementation in the currently used secure communication technology existing in the related art, and the present invention aims to provide an improved secure communication technology. To solve at least one of the above problems.
  • a key transmission method is provided.
  • the transmitting end generates a shared key, obtains a pre-stored public key of the receiving end, and encrypts the shared key by using the public key to obtain a ciphertext; the transmitting end carries the ciphertext in the Including a message with a field with a network transparent transmission attribute, and sending the message to the receiving end.
  • the generating a shared key by the sending end includes: The sending end generates a shared key after starting the call establishing process.
  • the method further includes: receiving, by the receiving end, the message, obtaining the ciphertext in the field included in the message, and decrypting the ciphertext by using the private key of the receiving end to obtain the shared key.
  • the method further includes: after the call is successfully established, the sending end encrypts the communication content to be transmitted by using the shared key, and sends the encrypted communication content to the receiving end.
  • the above method further includes: the receiving end decrypting the received encrypted communication content by using the shared key.
  • the foregoing method further includes: the receiving end uses the shared key to perform the communication content to be transmitted. Encrypt, and send the encrypted communication content to the sender.
  • the field having the network transparent transmission attribute includes: a user information unit field in the call setup message.
  • a decryption method is provided.
  • the decryption method according to the present invention includes: the receiving end receives the message from the transmitting end including the field having the network transparent transmission attribute, and acquires the ciphertext carried in the field, where the ciphertext is the transmitting end using the public key pair of the receiving end to share the secret
  • the key is generated by the key encryption; the receiving end decrypts the ciphertext using its own private key to obtain the shared key generated by the transmitting end; the receiving end receives the communication content encrypted by the shared key from the transmitting end, and uses the decrypted shared key.
  • the encrypted communication content is decrypted to obtain the communication content.
  • the foregoing method further includes: the receiving end encrypts the communication content to be transmitted by using the shared key, and sends the encrypted communication content to the sending end.
  • a method of implementing secure communication includes: the calling terminal generates a shared key while establishing a call with the called terminal, and transmits the shared key to the called terminal; after the call is established, the calling terminal And the called terminal uses the shared key to force the communication content. Secret or decrypted.
  • a mobile terminal is provided.
  • the mobile terminal includes: a storage unit configured to store a public key of the opposite mobile terminal; a key generation unit configured to generate a shared key; and a ciphertext generating unit configured to acquire the public key from the storage unit, The key generation unit acquires the shared key, and uses the public key to force the shared key.
  • the ciphertext is obtained by the ciphertext generating unit, and the ciphertext generated by the ciphertext generating unit is carried in a field having a network transparent transmission attribute, and the field is carried in the message; the notification unit is configured to use the message constructed by the constructing unit Notifying the shared mobile terminal of the shared key.
  • the mobile terminal further includes: an encryption unit, configured to encrypt the communication content to be transmitted by using the shared key; and a sending unit, configured to send the communication content encrypted by the encryption unit to the opposite mobile terminal.
  • an encryption unit configured to encrypt the communication content to be transmitted by using the shared key
  • a sending unit configured to send the communication content encrypted by the encryption unit to the opposite mobile terminal.
  • the mobile terminal includes: a first receiving unit, configured to receive a message from a remote mobile terminal, where a field having a network transparent transmission attribute of the message carries a ciphertext, and the ciphertext is a mobile terminal by using the mobile terminal
  • the public key of the terminal is obtained by encrypting the shared key
  • the parsing unit is configured to parse the message received by the first receiving unit to obtain the ciphertext
  • the first decrypting unit is configured to parse the private key pair of the stored mobile terminal
  • the ciphertext obtained by the unit is decrypted to obtain a shared key.
  • the mobile terminal further includes: a second receiving unit, configured to receive communication content from the opposite mobile terminal, where the communication content is encrypted by the opposite mobile terminal using a shared key; and the second decryption unit is configured to use The shared key obtained by a decryption unit decrypts the communication content received by the second receiving unit.
  • the secret end is obtained by using the public key of the receiving end to encrypt the shared key generated by the transmitting end to obtain the ciphertext and transmitting the ciphertext, and encrypting the communication content by using the shared key, thereby realizing the confidentiality between the mobile terminals.
  • FIG. 1 is a flow chart of a key transmission method according to a first embodiment of the method of the present invention
  • FIG. 2 is a signaling flow chart of a key transmission method according to a preferred embodiment of the present invention
  • Is a flowchart of a decryption method according to a second embodiment of the method of the present invention
  • FIG. 4 is a signaling flow chart of a decryption method according to a preferred embodiment of the present invention
  • FIG. 5 is a structure of a mobile terminal according to a first embodiment of the apparatus of the present invention.
  • Figure 6 is a block diagram showing a preferred structure of a mobile terminal according to a first embodiment of the apparatus of the present invention
  • Figure 7 is a block diagram showing the structure of a mobile terminal according to a second embodiment of the present invention
  • Figure 8 is a block diagram showing a preferred structure of a mobile terminal according to a second embodiment of the present invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention proposes an improved secure communication technique, in which the present invention provides an improved secure communication technique, in view of the problem of the inability of the related art to implement secure communication between mobile terminals.
  • the communication content can be encrypted and the corresponding decryption operation can be performed using the shared key, thereby enabling secure communication between the mobile terminals.
  • FIG. 1 is a flowchart of a key transmission method according to Embodiment 1 of the method of the present invention. As shown in FIG. 1, the key transmission method according to Embodiment 1 of the present invention includes the following steps S102 to S104.
  • Step S102 The sending end generates a shared key, obtains a pre-stored public key of the receiving end, and encrypts the shared key by using the public key to obtain a ciphertext.
  • the sending end Preferably, the sending end generates the shared key immediately after starting the call establishing process.
  • the sender can carry the ciphertext in the network with transparent transmission. (ie, the network does not do anything with the contents of the field)
  • a message including the field is sent to the receiving end.
  • the shared key can be carried and transmitted through a field having a network transparent transmission attribute, so that the key can be easily and securely transmitted to the receiving end.
  • the shared key mentioned in this embodiment may be one-time, that is, the shared key generated by the sender is different each time; thus, since the sender starts the call setup process, The shared key is generated, and the shared key is not stolen in advance; in addition, since the shared key is one-time, the key is not leaked due to repeated use of the same key, and the security of communication encryption can be improved.
  • the public key of the pre-stored receiving end it may be permanently transmitted by the receiving end to the transmitting end and stored locally at the transmitting end, or may be sent by the transmitting end before starting the call establishing process. Obtained from the receiving end and stored locally by a suitable method (for example, SMS mode, Bluetooth mode, etc.).
  • Step S104 For the above-mentioned field having the network transparent transmission attribute, it may be a User-User Information Element (UUIE) field of a call setup message (ie, a SETUP message), which is easy to understand, UUIE here.
  • UUIE User-User Information Element
  • a field is an instance of a field with properties that are transparent to the network.
  • the present invention is not limited thereto, and may be carried in other fields having similar attributes according to the needs of implementation, including currently existing fields and fields that may appear in the future as the technology is improved. It is intended that the invention can be used without departing from the scope of the invention.
  • the process of key agreement is implemented by a complete communication process (for example, short message communication), and in this embodiment, after the call setup process is initiated by the sender
  • the shared key is generated immediately, and the ciphertext is transmitted to the receiving end before the communication content is transmitted.
  • the present invention can undoubtedly save system overhead, and can save the user's communication cost from the user's point of view.
  • Method embodiment two The above describes the key transmission process. Based on the above key transmission process, the mobile terminal that is the opposite end of the transmitting end and the receiving end can implement the secure transmission of the mobile communication.
  • the receiving end decrypts the received ciphertext by using a private key to obtain a shared key of the transmitting end; after the call is successfully established, the sending end uses the shared key.
  • the communication content to be transmitted is encrypted, and the encrypted communication content is sent to the receiving end.
  • the receiving end can decrypt the encrypted communication content by using the decrypted shared key to obtain communication that can be recognized by the user. content.
  • the receiving end may further encrypt the communication content to be transmitted by using the shared key, and send the encrypted communication content to the transmitting end.
  • the public key and the private key of the receiving end are a pair of authenticated key pairs.
  • the communication content mentioned herein may include, but is not limited to, data in the form of audio data, video data, and the like generated during communication.
  • the communication content is encrypted by the encryption device, and the method provided by the embodiment is used to encrypt the communication content by software technology while communicating, which can save cost, is easy to use, and can be Improve the security of confidential communications.
  • the mobile terminal carries the ciphertext in the UUIE field of the SETUP message as an example to describe the mobile communication secure transmission process according to the embodiment of the present invention, and FIG. 2 shows the signaling for performing the secure communication using the method shown in FIG. The process, as shown in FIG.
  • Step 202 The sender initiates a call setup process. (In a specific implementation process, after the sender user sends the number of the receiver user, it can be regarded as starting.
  • Step 204 the sending end generates a shared key;
  • Step 206 the sending end obtains the pre-stored public key of the receiving end locally;
  • Step 208 The sending end encrypts the shared key by using the public key to generate The cipher text;
  • Step 202 to Step 208 may correspond to the foregoing Step S102;
  • Step 210 the transmitting end encodes the ciphertext, and writes the encoded ciphertext into the UUIE field of the SETUP message, and sets a flag bit in the field.
  • step 212 the sending end sends the SETUP message carrying the ciphertext to the receiving end.
  • Step 21 0 to step 212 may correspond to the above step S104;
  • the sending end can transmit the shared key to the receiving end, and can encrypt the communication content by using the shared key, so that the transmission process is highly secure and saves system overhead.
  • FIG. 3 is a flowchart showing a mobile communication decryption method according to Embodiment 3 of the method of the present invention, as shown in FIG.
  • the mobile communication decryption method in the third embodiment of the method of the present invention includes the following steps S302 to S306.
  • Step S302 The receiving end receives the message carrying the ciphertext from the sending end, and obtains the ciphertext carried in the field.
  • the ciphertext may be carried in a field with a network transparent transmission attribute of the message, for example,
  • the messages used in the embodiments of the present invention may include, but are not limited to, a call setup message (SETUP message), and the fields used herein may include, but are not limited to, a UUIE field.
  • Step S304 the receiving end decrypts the ciphertext by using its own private key to obtain a shared key generated by the transmitting end.
  • the private key and the public key used by the transmitting end to encrypt the shared key are used.
  • the specific method may refer to the foregoing method embodiment. b), and decrypt the encrypted communication content using the shared key to obtain the communication content.
  • the receiving end can obtain the shared key provided by the sending end, and decrypt the received encrypted communication content by using the shared key to obtain the communication content identifiable by the user, thereby achieving confidentiality. Communication.
  • FIG. 4 shows a signaling flow of a mobile communication decryption method according to a preferred embodiment of the present invention, such as As shown in FIG. 4, the process may be implemented in the following manner: Step 402: The receiving end receives the SETUP message from the sending end. Step 404: The receiving end parses the SETUP message. Step 406: The receiving end detects from the UUIE field of the SETUP message. Indicates that the cipher text is carried, and the ciphertext is obtained from the UUIE field according to the flag. Steps 402 to 406 may correspond to step S302.
  • Step 408 The receiving end invokes its own private key pair ciphertext. Decrypting, obtaining a shared key generated by the sender, and saving the shared key; Step 408 may correspond to step S304 above; Step 410, after the call is successfully established, the receiving end receives the encrypted communication content from the sending end; 412. The receiving end decrypts the received encrypted communication content by using the shared key to obtain communication content that can be recognized by the user. Step 410 to step 412 may correspond to the foregoing step S306. Through the above processing, the receiving end may acquire the shared key from the field having the network transparent transmission attribute from the transmitting end, and decrypt the received encrypted communication content using the shared key to obtain the communication content.
  • a method for implementing secure communication including the following processing: First, a calling terminal generates a shared key A in a process of establishing a call with a called terminal, and shares the same. The key A is sent to the called terminal; wherein, after the calling terminal generates the shared key A in the process of establishing the call with the called terminal, the calling terminal performs the shared key A using the pre-saved public key K1.
  • Encrypting and generating ciphertext B (encrypted shared key A), after encoding ciphertext B to a predetermined field of the predetermined message, transmitting the predetermined message to the called terminal through the network (corresponding to the key in the first embodiment of the method)
  • the called terminal After the called terminal receives the predetermined message through the network, the called terminal decodes the ciphertext B from the predetermined field of the predetermined message; and decrypts the ciphertext B using the pre-saved private key K2 to obtain the shared key A.
  • the calling terminal and the called terminal encrypt or decrypt the communication content using the shared key.
  • Embodiment 1 of the device a mobile terminal is provided.
  • the mobile terminal provided in this embodiment can be used as a transmitting end in secure communication.
  • the key transmission method of the mobile communication provided in the first embodiment of the method is implemented by using the mobile terminal.
  • the mobile terminal according to the first embodiment of the present invention includes a storage unit 1, a key generation unit 3, and a secret.
  • the text generation unit 5, the construction unit 7, and the notification unit 9. The function of the above unit will be described in detail below.
  • the storage unit 1 is configured to store a public key of the opposite mobile terminal; preferably, as above, the public key herein may be permanently authorized by the opposite mobile terminal as the receiving end to the mobile terminal as the transmitting end and stored locally at the transmitting end.
  • the method may also be obtained from the receiving end and stored locally at the transmitting end by using multiple methods (for example, MMS mode, email mode, and Bluetooth mode) before the sending end initiates the call setup process.
  • the key generation unit 3 is configured to generate a shared key.
  • the shared key may be generated immediately after the sending end initiates the call setup process.
  • the ciphertext generating unit 5 is connected to the storage unit 1 and the key generating unit 3 for acquiring the public key from the storage unit 1, acquiring the shared key from the key generating unit 3, and using the public key to force the shared key
  • the secret is obtained, and the ciphertext is obtained.
  • the above step S102 can be completed by using the storage unit 1, the key generation unit 3, and the ciphertext generation unit 5.
  • the shared key is first generated by the key generation unit 3, and then the ciphertext generation unit 5 acquires the public key of the peer mobile terminal stored in advance from the storage unit 1, and acquires the shared key from the key generation unit 3. And use the public key to encrypt the shared key to obtain the ciphertext.
  • the construction unit 7 is connected to the ciphertext generation unit 5, and the ciphertext generated by the ciphertext generation unit 5 is carried in a field having a network transparent transmission attribute, and the field is carried in the message.
  • the notification unit 9 is connected to the construction unit 7 for notifying the shared mobile terminal of the shared key by the message constructed by the construction unit 7.
  • the above-described step S104 can be completed using the construction unit 7 and the notification unit 9.
  • the constructing unit 7 acquires the ciphertext from the ciphertext generating unit 5, and carries the ciphertext in a field having a network transparent transmission attribute.
  • the field includes a UUIE field, and the field is carried in the message.
  • the message may be a SETUP message, and then the notification unit 9 obtains the above message from the construction unit 7, and sends the message to the opposite mobile terminal.
  • the mobile terminal provided by the embodiment, by setting a storage unit, a key generation unit, a ciphertext generation unit, a construction unit, and a notification unit, the shared key can be carried and transmitted through a field having a network transparent transmission attribute, thereby enabling Transfer the key easily and securely to the opposite end of the secure communication
  • FIG. 6 further shows a preferred structure of the mobile terminal according to the first embodiment of the apparatus according to the present invention.
  • the preferred structure of the mobile terminal according to the first embodiment of the apparatus according to the present invention includes: a unit 1, a key generation unit 3, a ciphertext generation unit 5, a construction unit 7, a notification unit 9, and an encryption unit 11 and a transmission unit 13, wherein the storage unit 1, the key generation unit 3, the ciphertext generation unit 5,
  • the construction unit 7 and the notification unit 9 are similar in function to the corresponding units in FIG. 5, and are not described herein again.
  • the functions of the compact unit 11 and the transmission unit 13 are described in detail below.
  • the power density unit 11 is connected to the key generation unit 3 for encrypting the communication content to be transmitted using the shared key generated by the key generation unit 3; the sending unit 13 is connected to the encryption unit 11 for passing The communication content encrypted by the encryption unit 11 is sent to the opposite mobile terminal.
  • the apparatus shown in FIG. 6 it is possible to generate a shared key at the transmitting end, encrypt the content of the secure communication, and transmit the key to the receiving end in a simple and secure manner, thereby realizing the transmitting end and the receiving end. Confidential communication between.
  • Apparatus Embodiment 2 According to this embodiment, another mobile terminal is provided.
  • FIG. 7 is a diagram showing the structure of a mobile terminal according to Embodiment 2 of the apparatus of the present invention, as shown in FIG.
  • the mobile terminal according to the second embodiment of the present invention includes a first receiving unit 2, a parsing unit 4, and a first decrypting unit 6. The function of the above unit will be described in detail below.
  • the first receiving unit 2 is configured to receive a message from the peer mobile terminal, where the field having the network transparent transmission attribute of the message carries the ciphertext, and the ciphertext is the peer mobile terminal that is the transmitting end, by using the local terminal as the receiving end
  • the public key of the mobile terminal is obtained by encrypting the shared key; preferably, the first receiving unit 2 is used to complete the above step S302; the parsing unit 4 is connected to the first receiving unit 2 for receiving the first receiving unit 2
  • the message is parsed to get the ciphertext.
  • the first decryption unit 6 is connected to the parsing unit 4 for decrypting the ciphertext using the stored private key of the mobile terminal to obtain a shared key.
  • the above step S304 can be completed using the parsing unit 4 and the first decrypting unit 6.
  • the parsing unit 4 acquires a message from the first receiving unit 2, and parses the ciphertext from the message, and then the first decrypting unit 6 acquires the ciphertext from the parsing unit 4, and decrypts the ciphertext using its own private key. , get the shared secret.
  • the shared key sent by the peer mobile terminal as the transmitting end can be parsed.
  • FIG. 8 shows a preferred structure of a mobile terminal according to the second embodiment of the present invention. As shown in FIG. 8, the preferred structure of the mobile terminal according to the second embodiment of the present invention includes a first receiving unit 2 and a parsing unit 4.
  • the functions of the first unit, the parsing unit 4, and the first decrypting unit 6 are similar to those of the corresponding unit in FIG. 7, and are not mentioned here.
  • the functions of the second receiving unit 8 and the second decrypting unit 10 will be described in detail below.
  • a second receiving unit 8 configured to receive communication content from the opposite mobile terminal, where the communication content is encrypted at the opposite mobile terminal using a shared key
  • the second decryption unit 10 is connected to the second receiving unit 8 and the first
  • the decryption unit 6 is configured to decrypt the communication content received by the second receiving unit 8 using the shared key obtained by the first decryption unit 6.
  • the above step S306 can be completed using the second receiving unit 8 and the second decrypting unit 10.
  • the receiving terminal can decrypt the received ciphertext to obtain a shared key, and decrypt the received confidential communication content using the shared key, thereby implementing secure communication.
  • the shared key can be obtained from the field having the network transparent transmission attribute from the peer end of the secure communication (ie, the transmitting end), and the The shared key decrypts the encrypted communication content from the sender, and the communication content recognizable by the user can be obtained.
  • the mobile terminal provided in Embodiment 1 of the foregoing apparatus is used at the transmitting end, and the mobile terminal provided by Embodiment 2 of the foregoing apparatus is used at the receiving end, and the method is used at the transmitting end.
  • a method for transmitting a key of a mobile communication using the mobile communication decryption method provided by the second embodiment of the method, that is, the sender uses the public key of the receiving end to encrypt the shared key generated by the sender to obtain the ciphertext
  • the use of a field with network transparent transmission properties to carry and transmit ciphertext, and the use of a shared key to encrypt communication content enables secure communication between mobile terminals, and the encryption is highly secure, saves system overhead, is easy to use, and is easy to implement. Therefore, it is possible to solve the problem in the related art that the secure communication between the mobile terminals cannot be realized safely and simply, and the purpose of improving the degree of confidentiality can be achieved.

Abstract

A cipher key transmission method, a decrypting method, a secrecy communication realizing method and a mobile terminal. The cipher key transmission method comprises sending terminal generating a share key, obtaining the public key of receiving terminal stored beforehand, encrypting the share key by the public key to obtain cryptograph (S102), sending terminal carrying the cryptograph in the message which includes a field with network transmission attribute and sending the message to the receiving terminal (S104). The secrecy communication can be realized between the mobile terminals by the invention schemes, high security and low system cost can be reached.

Description

移动终端及其密钥传输、 解密方法、 保密通信的实现方法 技术领域 本发明涉及通信领域, 具体地, 涉及一种密钥传输方法、 解密方法、 保 密通信的实现方法、 以及移动终端。 背景技术 在通讯网络中以信号的方式传输通信内容时,存在着通信内容可能会被 非法窃听的问题, 基于此, 出现了移动终端间的保密通信技术。 在相关技术中, 目前主要有如下两种保密通信的方法。 方法一: 在终端设备的接口上添加加 /解密装置, 并使用该装置对通信 内容的信号进行加密 /解密处理来实现保密通信。 具体地, 该种方法一般包括 以下几个步骤: 步骤一, 由送话器将语音转换为音频电信号 A; 步骤二, 对 音频电信号 A进行加密处理, 使其成为加密音频电信号 B , 并送入一个通信 终端 1; 步骤三, 通信终端 1输出的加密音频电信号 B通过公共通信网络传 输到另一通信终端 2; 步骤四, 对通信终端 2输出的加密音频电信号 B进行 解密处理, 使其成为不加密的音频电信号 C, 并送至受话器; 步骤五, 由受 话器将上述音频电信号 C转换还原为语音。 方法二, 由接收端生成密钥, 并利用短消息技术在接收端和发送端之间 进行密钥协商, 然后利用生成的密钥对通信内容的信号进行加密, 从而实现 保密通信。 其中, 该种方案的一个典型方法可以包括如下步骤: 在移动终端 和应用月艮务器(移动终端和应用月艮务器均已经过可信认证中心的认证 )之间, 利用包含在短消息中的身份信息和经过可信认证中心公钥加密的哈希链的最 后一个值作为双方的通话密钥, 来进行首次认证和通话, 在以后的再次通信 过程中, 只需移动终端中包含的哈希链的长度大于 0, 便可由应用服务器对 发来的短消息中包含的哈希值再作一次哈希运算, 并与应用服务器当前保存 的哈希值进行比较, 来验证移动终端的身份, 并将收到的短消息中的哈希值 作为双方新的通话密钥告知对方, 以作验证身份用。 通过这样使用短消息进 行密码协商的过程后, 就可以进行保密通信了。 但是, 上述的方法中均存在不足之处。 在方法一中, 首先, 所釆用的加 /解密装置相对比较固定, 容易被非法用户获得, 一旦非法用户获得了同样的 加 /解密装置, 则所有同类移动终端的通信都不再安全; 其次, 每次通信使用 的密钥都是固定的同一密钥, 安全程度不高; 在方法二中, 首先, 实施过程 比较复杂, 使用不方便, 每次通话前都要首先要通过发送短消息来进行密钥 协商, 效率不高; 其次, 短消息的实时性不强, 容易造成延误, 而且具体实 施的过程会增加额外的短消息通信费用。 针对相关技术的保密通信技术中存在的安全性不高以及实现过程不简 便的问题, 需要一种改进的保密通信技术。 发明内容 考虑到相关技术中存在的目前釆用的保密通信技术中存在的安全性不 高以及实现过程不简便的问题而提出本发明, 为此, 本发明旨在提供一种改 进的保密通信技术, 以解决上述问题至少之一。 为了实现上述目的,才艮据本发明的一个方面,提供了一种密钥传输方法。 才艮据本发明的密钥传输方法包括: 发送端生成共享密钥, 获取预先存储 的接收端的公钥, 并使用公钥对共享密钥进行加密, 得到密文; 发送端将密 文携带在包括具有网络透传属性的字段的消息中, 并将消息发送给接收端。 其中, 发送端生成共享密钥包括: 发送端在启动呼叫建立进程后生成共 享密钥。 此外,在将消息发送给接收端之后,上述方法还包括:接收端接收消息, 获取消息包括的字段中的密文, 使用接收端的私钥对密文进行解密, 获得共 享密钥。 此外, 在将消息发送给接收端之后, 上述方法还包括: 在呼叫建立成功 后, 发送端使用共享密钥对待传输的通信内容进行加密, 并将加密后的通信 内容发送给接收端。 此外, 上述方法还包括: 接收端使用共享密钥对接收到的加密后的通信 内容进行解密。 此外, 上述方法还包括: 接收端使用共享密钥对待传输的通信内容进行 加密, 并将加密后的通信内容发送给发送端。 其中, 具有网络透传属性的字段包括: 呼叫建立消息中的用户信息单元 字段。 为了实现上述目的, 才艮据本发明的另一方面, 提供了一种解密方法。 根据本发明的解密方法包括:接收端接收到来自发送端的包括具有网络 透传属性的字段的消息, 并获取字段中携带的密文, 其中, 密文为发送端使 用接收端的公钥对共享密钥加密而生成; 接收端使用自身的私钥对密文进行 解密, 得到由发送端生成的共享密钥; 接收端接收来自发送端的使用共享密 钥加密的通信内容,使用解密得到的共享密钥对加密后的通信内容进行解密, 得到通信内容。 此外, 上述方法还包括: 接收端使用共享密钥对待传输的通信内容进行 加密, 并将加密后的通信内容发送给发送端。 为了实现上述目的, 才艮据本发明的再一方面, 提供了一种保密通信的实 现方法。 才艮据本发明的保密通信实现方法包括:主叫终端在与被叫终端进行呼叫 建立的同时生成共享密钥, 并将共享密钥发送到被叫终端; 在进行呼叫建立 后, 主叫终端和被叫终端使用共享密钥对通信内容进行力。密或解密。 为了实现上述目的, 才艮据本发明的再一方面, 提供了一种移动终端。 根据本发明的移动终端包括:存储单元,用于存储对端移动终端的公钥; 密钥生成单元, 用于生成共享密钥; 密文生成单元, 用于从存储单元中获取 公钥, 从密钥生成单元中获取共享密钥, 使用公钥对共享密钥进行力。密, 得 到密文; 构造单元, 用于将密文生成单元生成的密文携带在具有网络透传属 性的字段中, 并将字段携带在消息中; 通知单元, 用于通过构造单元构造的 消息将共享密钥通知给对端移动终端。 此外, 上述移动终端还包括: 加密单元, 用于使用共享密钥将待传输的 通信内容进行加密; 发送单元, 用于将经过加密单元加密的通信内容发送给 对端移动终端。 为了实现上述目的, 才艮据本发明的再一方面, 提供了一种移动终端。 根据本发明的移动终端包括: 第一接收单元, 用于接收来自对端移动终 端的消息, 其中, 消息的具有网络透传属性的字段中携带有密文, 密文为端 移动终端通过使用移动终端的公钥对共享密钥加密而获得; 解析单元, 用于 对第一接收单元接收到的消息进行解析, 获取密文; 第一解密单元, 用于使 用存储的移动终端的私钥对解析单元获取的密文进行解密, 获得共享密钥。 此外, 上述移动终端还包括: 第二接收单元, 用于接收来自对端移动终 端的通信内容, 其中, 通信内容在对端移动终端使用共享密钥被加密; 第二 解密单元, 用于使用第一解密单元获得的共享密钥对第二接收单元接收到的 通信内容进行解密。 通过本发明的上述技术方案,通过发送端使用接收端的公钥来加密发送 端生成的共享密钥获得密文并传输密文, 以及使用共享密钥加密通信内容, 能够实现移动终端之间的保密通信, 并且可以解决相关技术中存在的无法安 全简便地实现移动终端间的保密通信的问题, 安全程度高、 且系统开销小。 本发明的其它特征和优点将在随后的说明书中阐述, 并且, 部分地从说 明书中变得显而易见, 或者通过实施本发明而了解。 本发明的目的和其他优 点可通过在所写的说明书、 权利要求书、 以及附图中所特别指出的结构来实 现和获得。 附图说明 此处所说明的附图用来提供对本发明的进一步理解 ,构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1是才艮据本发明方法实施例一的密钥传输方法的流程图; 图 2是才艮据本发明优选实施例的密钥传输方法的信令流程图; 图 3是根据本发明方法实施例二的解密方法的流程图; 图 4是根据本发明优选实施例的解密方法的信令流程图; 图 5是才艮据本发明装置实施例一的移动终端的结构框图; 图 6是才艮据本发明装置实施例一的移动终端的优选结构框图; 图 7是才艮据本发明装置实施例二的移动终端的结构框图; 图 8是才艮据本发明装置实施例二的移动终端的优选结构框图。 具体实施方式 功能相无述 考虑到相关技术中存在的无法安全简便地实现移动终端间的保密通信 的问题, 本发明提出了一种改进的保密通信技术, 在本发明实施例中, 通过 发送端使用接收端的公钥来加密发送端生成的共享密钥获得密文, 并优选地 使用具有网络透传属性的字段来携带并将密文传输到对端的移动终端, 在呼 叫建立后进行通信时, 可以使用共享密钥对通信内容进行加密和相应的解密 操作, 从而能够实现移动终端之间的保密通信。 需要说明的是, 如果不冲突, 本发明实施例以及实施例中的各个特征可 以相互结合, 均在本发明的保护范围之内。 下面结合附图对本发明的实施例进行说明, 应当理解, 此处所描述的优 选实施例仅用于说明和解释本发明, 并不用于限定本发明。 需要说明的是, 在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统 中执行, 并且, 虽然在流程图中示出了逻辑顺序, 但是在某些情况下, 可以 以不同于此处的顺序执行所示出或描述的步骤。 方法实施例一 根据本实施例, 提供了一种基于移动通信的密钥传输方法。 图 1 示出了根据本发明方法实施例一的密钥传输方法的流程, 如图 1 所示, 根据本发明方法实施例一的密钥传输方法包括如下的步骤 S102 至步 骤 S104。 步骤 S102, 发送端生成共享密钥, 获取预先存储的接收端的公钥, 并 使用公钥对共享密钥进行加密, 得到密文; 优选地, 发送端在启动呼叫建立 进程后立即生成共享密钥; 步骤 S104, 发送端将密文发送给所述接收端。 优选地, 为了增强密文 传递的安全性, 以及节省系统开销, 发送端可以将密文携带在具有网络透传 (即, 网络不对该字段的内容进行任何处理) 属性的字段中, 并将包括该字 段的消息发送给接收端。 借助于本实施例提供的方法,能够通过具有网络透传属性的字段来携带 并传输共享密钥, 从而能够将密钥简便、 安全地传输给接收端。 下面详细说明上述处理的细节。 The present invention relates to the field of communications, and in particular to a key transmission method, a decryption method, a method for implementing secure communication, and a mobile terminal. BACKGROUND OF THE INVENTION When a communication content is transmitted by a signal in a communication network, there is a problem that communication content may be illegally eavesdropped. Based on this, a secret communication technique between mobile terminals occurs. In the related art, there are mainly two methods of secure communication as follows. Method 1: Add an encryption/decryption device on the interface of the terminal device, and use the device to perform encryption/decryption processing on the signal of the communication content to implement secure communication. Specifically, the method generally includes the following steps: Step 1: Convert the voice into the audio signal A by the microphone; Step 2, encrypt the audio signal A to make the encrypted audio signal B, And sending to a communication terminal 1; Step 3, the encrypted audio electrical signal B output by the communication terminal 1 is transmitted to another communication terminal 2 through the public communication network; Step 4, decrypting the encrypted audio electrical signal B output by the communication terminal 2 , making it an unencrypted audio electrical signal C, and sending it to the receiver; Step 5, converting the audio electrical signal C to voice by the receiver. In the second method, the receiving end generates a key, and uses the short message technology to perform key negotiation between the receiving end and the transmitting end, and then uses the generated key to encrypt the signal of the communication content, thereby implementing secure communication. Wherein, a typical method of the solution may include the following steps: Between the mobile terminal and the application server (the mobile terminal and the application server have been authenticated by the trusted certificate authority), the use is included in the short message The identity information in the middle and the last value of the hash chain encrypted by the trusted certificate authority public key are used as the session key of both parties for the first authentication and the call. In the subsequent communication process, only the mobile terminal includes If the length of the hash chain is greater than 0, the application server can perform a hash operation on the hash value contained in the sent short message, and compare with the currently saved hash value of the application server to verify the identity of the mobile terminal. And the hash value in the received short message is used as the new call key of both parties to inform the other party for verification identity. By performing the process of password negotiation using the short message in this way, secure communication can be performed. However, there are deficiencies in the above methods. In the first method, first, the encryption/decryption device used is relatively fixed and easily obtained by an illegal user. Once the illegal user obtains the same encryption/decryption device, the communication of all the same mobile terminals is no longer secure; The key used for each communication is a fixed same key, and the security level is not high. In the second method, first, the implementation process is complicated and inconvenient to use, and each time before the call, the short message must be sent first. Key negotiation is not efficient; secondly, the real-time performance of short messages is not strong, which is easy to cause delays, and the specific implementation process will increase the cost of additional short message communication. In view of the problem of low security and inconvenient implementation in the related art secure communication technology, an improved secure communication technology is needed. SUMMARY OF THE INVENTION The present invention has been made in view of the problems of low security and inconvenient implementation in the currently used secure communication technology existing in the related art, and the present invention aims to provide an improved secure communication technology. To solve at least one of the above problems. In order to achieve the above object, according to an aspect of the present invention, a key transmission method is provided. According to the key transmission method of the present invention, the transmitting end generates a shared key, obtains a pre-stored public key of the receiving end, and encrypts the shared key by using the public key to obtain a ciphertext; the transmitting end carries the ciphertext in the Including a message with a field with a network transparent transmission attribute, and sending the message to the receiving end. The generating a shared key by the sending end includes: The sending end generates a shared key after starting the call establishing process. In addition, after the message is sent to the receiving end, the method further includes: receiving, by the receiving end, the message, obtaining the ciphertext in the field included in the message, and decrypting the ciphertext by using the private key of the receiving end to obtain the shared key. In addition, after the message is sent to the receiving end, the method further includes: after the call is successfully established, the sending end encrypts the communication content to be transmitted by using the shared key, and sends the encrypted communication content to the receiving end. In addition, the above method further includes: the receiving end decrypting the received encrypted communication content by using the shared key. In addition, the foregoing method further includes: the receiving end uses the shared key to perform the communication content to be transmitted. Encrypt, and send the encrypted communication content to the sender. The field having the network transparent transmission attribute includes: a user information unit field in the call setup message. In order to achieve the above object, according to another aspect of the present invention, a decryption method is provided. The decryption method according to the present invention includes: the receiving end receives the message from the transmitting end including the field having the network transparent transmission attribute, and acquires the ciphertext carried in the field, where the ciphertext is the transmitting end using the public key pair of the receiving end to share the secret The key is generated by the key encryption; the receiving end decrypts the ciphertext using its own private key to obtain the shared key generated by the transmitting end; the receiving end receives the communication content encrypted by the shared key from the transmitting end, and uses the decrypted shared key. The encrypted communication content is decrypted to obtain the communication content. In addition, the foregoing method further includes: the receiving end encrypts the communication content to be transmitted by using the shared key, and sends the encrypted communication content to the sending end. In order to achieve the above object, according to still another aspect of the present invention, a method of implementing secure communication is provided. The method for implementing secure communication according to the present invention includes: the calling terminal generates a shared key while establishing a call with the called terminal, and transmits the shared key to the called terminal; after the call is established, the calling terminal And the called terminal uses the shared key to force the communication content. Secret or decrypted. In order to achieve the above object, according to still another aspect of the present invention, a mobile terminal is provided. The mobile terminal according to the present invention includes: a storage unit configured to store a public key of the opposite mobile terminal; a key generation unit configured to generate a shared key; and a ciphertext generating unit configured to acquire the public key from the storage unit, The key generation unit acquires the shared key, and uses the public key to force the shared key. The ciphertext is obtained by the ciphertext generating unit, and the ciphertext generated by the ciphertext generating unit is carried in a field having a network transparent transmission attribute, and the field is carried in the message; the notification unit is configured to use the message constructed by the constructing unit Notifying the shared mobile terminal of the shared key. In addition, the mobile terminal further includes: an encryption unit, configured to encrypt the communication content to be transmitted by using the shared key; and a sending unit, configured to send the communication content encrypted by the encryption unit to the opposite mobile terminal. In order to achieve the above object, according to still another aspect of the present invention, a mobile terminal is provided. The mobile terminal according to the present invention includes: a first receiving unit, configured to receive a message from a remote mobile terminal, where a field having a network transparent transmission attribute of the message carries a ciphertext, and the ciphertext is a mobile terminal by using the mobile terminal The public key of the terminal is obtained by encrypting the shared key; the parsing unit is configured to parse the message received by the first receiving unit to obtain the ciphertext; and the first decrypting unit is configured to parse the private key pair of the stored mobile terminal The ciphertext obtained by the unit is decrypted to obtain a shared key. In addition, the mobile terminal further includes: a second receiving unit, configured to receive communication content from the opposite mobile terminal, where the communication content is encrypted by the opposite mobile terminal using a shared key; and the second decryption unit is configured to use The shared key obtained by a decryption unit decrypts the communication content received by the second receiving unit. According to the above technical solution of the present invention, the secret end is obtained by using the public key of the receiving end to encrypt the shared key generated by the transmitting end to obtain the ciphertext and transmitting the ciphertext, and encrypting the communication content by using the shared key, thereby realizing the confidentiality between the mobile terminals. The communication can solve the problem that the related art cannot safely and easily implement the secure communication between the mobile terminals, and the security is high and the system overhead is small. Other features and advantages of the invention will be set forth in the description which follows, and The objectives and other advantages of the invention will be realized and attained by the <RTI BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a flow chart of a key transmission method according to a first embodiment of the method of the present invention; FIG. 2 is a signaling flow chart of a key transmission method according to a preferred embodiment of the present invention; Is a flowchart of a decryption method according to a second embodiment of the method of the present invention; FIG. 4 is a signaling flow chart of a decryption method according to a preferred embodiment of the present invention; FIG. 5 is a structure of a mobile terminal according to a first embodiment of the apparatus of the present invention. Figure 6 is a block diagram showing a preferred structure of a mobile terminal according to a first embodiment of the apparatus of the present invention; Figure 7 is a block diagram showing the structure of a mobile terminal according to a second embodiment of the present invention. Figure 8 is a block diagram showing a preferred structure of a mobile terminal according to a second embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention proposes an improved secure communication technique, in which the present invention provides an improved secure communication technique, in view of the problem of the inability of the related art to implement secure communication between mobile terminals. Using the public key of the receiving end to encrypt the shared key generated by the transmitting end to obtain the ciphertext, and preferably using the field with the network transparent transmission attribute to carry and transmit the ciphertext to the mobile terminal of the opposite end, when communicating after the call is established, The communication content can be encrypted and the corresponding decryption operation can be performed using the shared key, thereby enabling secure communication between the mobile terminals. It should be noted that, if not conflicting, the embodiments of the present invention and the various features in the embodiments may be combined with each other, and are all within the protection scope of the present invention. The embodiments of the present invention are described in the following with reference to the drawings, and the preferred embodiments described herein are intended to illustrate and explain the invention. It should be noted that the steps shown in the flowchart of the accompanying drawings may be performed in a computer system such as a set of computer executable instructions, and, although the logical order is shown in the flowchart, in some cases, The steps shown or described may be performed in an order different than that herein. Method Embodiment 1 According to this embodiment, a key transmission method based on mobile communication is provided. FIG. 1 is a flowchart of a key transmission method according to Embodiment 1 of the method of the present invention. As shown in FIG. 1, the key transmission method according to Embodiment 1 of the present invention includes the following steps S102 to S104. Step S102: The sending end generates a shared key, obtains a pre-stored public key of the receiving end, and encrypts the shared key by using the public key to obtain a ciphertext. Preferably, the sending end generates the shared key immediately after starting the call establishing process. Step S104: The sending end sends the ciphertext to the receiving end. Preferably, in order to enhance the security of the ciphertext delivery and save the system overhead, the sender can carry the ciphertext in the network with transparent transmission. (ie, the network does not do anything with the contents of the field) In the field of the attribute, a message including the field is sent to the receiving end. By means of the method provided in this embodiment, the shared key can be carried and transmitted through a field having a network transparent transmission attribute, so that the key can be easily and securely transmitted to the receiving end. The details of the above processing will be described in detail below.
(一) 步骤 S102 在本实施例中所提到的共享密钥可以是一次性的, 即, 发送端每次生成 的共享密钥都不相同; 这样, 由于发送端在启动呼叫建立进程后才生成共享 密钥, 该共享密钥不会被事先窃取; 此外, 由于该共享密钥是一次性的, 因 此不会因为重复使用同一密钥而造成密钥泄漏, 能够提高通信加密的安全程 度。 优选地, 对于上述预先存储的接收端的公钥而言, 其可以是由接收端永 久 4曼权给发送端并存储在发送端本地的, 也可以是发送端在启动此次呼叫建 立进程之前, 通过合适的方式 (例如, 短信方式、 蓝牙方式等) 从接收端获 得并存储在本地的。 (1) Step S102 The shared key mentioned in this embodiment may be one-time, that is, the shared key generated by the sender is different each time; thus, since the sender starts the call setup process, The shared key is generated, and the shared key is not stolen in advance; in addition, since the shared key is one-time, the key is not leaked due to repeated use of the same key, and the security of communication encryption can be improved. Preferably, for the public key of the pre-stored receiving end, it may be permanently transmitted by the receiving end to the transmitting end and stored locally at the transmitting end, or may be sent by the transmitting end before starting the call establishing process. Obtained from the receiving end and stored locally by a suitable method (for example, SMS mode, Bluetooth mode, etc.).
(二) 步骤 S104 对于上述的具有网络透传属性的字段,可以是呼叫建立消息(即, SETUP 消息)的用户信息单元 ( User-User Information Element, 简称为 UUIE )字段, 容易理解, 这里的 UUIE字段就是具有网络透传的属性的字段的一个实例。 当然, 本发明不限于此, 才艮据实施的需要, 也可以携带在其他具有类似属性 的字段中, 包括目前已有的字段和未来随着技术的完善可能出现的字段等, 本发明对此没有限制, 均能用于实现本发明的目的, 均落入本发明的保护范 围 内。 通过以上描述可以看出, 在相关技术中, 密钥协商的过程是通过一次完 整的通信过程 (例如, 短消息通信) 来实现的, 而在本实施例中, 发送端在 启动呼叫建立过程后立即生成共享密钥, 并且在传输通信内容之前, 将密文 传递给接收端, 显然, 相比于现有技术, 本发明无疑能够节省系统开销, 从 用户角度考虑, 也能节省用户的通信费用。 方法实施例二 以上描述的是密钥传输过程, 基于上述的密钥传输过程, 后续作为发送 端和接收端的互为对端的移动终端可以实现移动通信的保密传输。 具体地, 在完成了上述密钥传输的过程后, 优选地, 接收端使用私钥对 接收到的密文进行解密, 得到发送端的共享密钥; 在呼叫建立成功后, 发送 端使用共享密钥对待传输的通信内容进行加密, 并将加密后的通信内容发送 给接收端, 此时, 接收端即可使用解密得到的共享密钥对加密后的通信内容 进行解密, 得到能够被用户识别的通信内容。 此外, 接收端还可以使用共享 密钥对待传输的通信内容进行加密, 并将加密后的通信内容发送给发送端。 优选地, 接收端的公钥和私钥是一对经过认证的密钥对。 另外, 需要说明的 是, 此处提到的通信内容可以包括但不限于通信过程中产生的音频数据、 视 频数据等形式的数据。 可以看出, 相比于相关技术中通过加密装置对通信内容进行加密,使用 本实施例提供的方法,在通信的同时通过软件技术对通信内容进行加密处理, 能够节省成本、 使用简便, 并且能够提高保密通信的安全程度。 以下将以发送端在 SETUP消息的 UUIE字段中携带密文为例来描述才艮 据本发明实施例的移动通信保密传输过程, 图 2示出了使用图 1所示方法进 行保密通信的信令流程, 如图 2所示, 该保密传输过程可以如下实现: 步骤 202, 发送端启动呼叫建立进程(在具体实施过程中, 发送端用户 将接收端用户的号码进行发送之后, 即可视为启动了呼叫建立进程;); 步骤 204, 发送端生成共享密钥; 步骤 206 , 发送端从本地获取预先存储的接收端的公钥; 步骤 208 ,发送端使用该公钥对共享密钥进行加密,生成密文; 步骤 202 至步骤 208可对应于上述步骤 S102; 步骤 210, 发送端对密文进行编码, 并将编码后的密文写入 SETUP消 息 UUIE字段中, 并在该字段中设置标志位, 用以表明 UUIE字段此次携带 的是用于保密通信的密文; 步骤 212,发送端将携带有密文的 SETUP消息发送给接收端; 步骤 210 至步骤 212可以对应于上述步骤 S104; 步骤 214, 发送端使用共享密钥对待传输的通信内容进行加密; 步骤 216, 发送端将加密后的通信内容发送给接收端。 通过上述处理流程, 发送端能够将共享密钥传输给接收端, 并且可以使 用共享密钥对通信内容进行加密,使得传输过程安全程度高、节省系统开销。 以上描述的是在保密通信中发送端(即, 加密过程)的处理, 本发明不 限于此, 在以下的实施例中, 对接收端 (即, 解密过程) 的处理进行了详细 描述。 方法实施例三 才艮据本实施例, 提供了一种移动通信解密方法。 图 3示出了才艮据本发明方法实施例三的移动通信解密方法的流程,如图(2) Step S104 For the above-mentioned field having the network transparent transmission attribute, it may be a User-User Information Element (UUIE) field of a call setup message (ie, a SETUP message), which is easy to understand, UUIE here. A field is an instance of a field with properties that are transparent to the network. Of course, the present invention is not limited thereto, and may be carried in other fields having similar attributes according to the needs of implementation, including currently existing fields and fields that may appear in the future as the technology is improved. It is intended that the invention can be used without departing from the scope of the invention. As can be seen from the above description, in the related art, the process of key agreement is implemented by a complete communication process (for example, short message communication), and in this embodiment, after the call setup process is initiated by the sender The shared key is generated immediately, and the ciphertext is transmitted to the receiving end before the communication content is transmitted. Obviously, compared with the prior art, the present invention can undoubtedly save system overhead, and can save the user's communication cost from the user's point of view. . Method embodiment two The above describes the key transmission process. Based on the above key transmission process, the mobile terminal that is the opposite end of the transmitting end and the receiving end can implement the secure transmission of the mobile communication. Specifically, after the process of the key transmission is completed, preferably, the receiving end decrypts the received ciphertext by using a private key to obtain a shared key of the transmitting end; after the call is successfully established, the sending end uses the shared key. The communication content to be transmitted is encrypted, and the encrypted communication content is sent to the receiving end. At this time, the receiving end can decrypt the encrypted communication content by using the decrypted shared key to obtain communication that can be recognized by the user. content. In addition, the receiving end may further encrypt the communication content to be transmitted by using the shared key, and send the encrypted communication content to the transmitting end. Preferably, the public key and the private key of the receiving end are a pair of authenticated key pairs. In addition, it should be noted that the communication content mentioned herein may include, but is not limited to, data in the form of audio data, video data, and the like generated during communication. It can be seen that, compared with the related art, the communication content is encrypted by the encryption device, and the method provided by the embodiment is used to encrypt the communication content by software technology while communicating, which can save cost, is easy to use, and can be Improve the security of confidential communications. In the following, the mobile terminal carries the ciphertext in the UUIE field of the SETUP message as an example to describe the mobile communication secure transmission process according to the embodiment of the present invention, and FIG. 2 shows the signaling for performing the secure communication using the method shown in FIG. The process, as shown in FIG. 2, the secure transmission process can be implemented as follows: Step 202: The sender initiates a call setup process. (In a specific implementation process, after the sender user sends the number of the receiver user, it can be regarded as starting. Step 204, the sending end generates a shared key; Step 206, the sending end obtains the pre-stored public key of the receiving end locally; Step 208: The sending end encrypts the shared key by using the public key to generate The cipher text; Step 202 to Step 208 may correspond to the foregoing Step S102; Step 210, the transmitting end encodes the ciphertext, and writes the encoded ciphertext into the UUIE field of the SETUP message, and sets a flag bit in the field. To indicate that the UUIE field carries the ciphertext for the secure communication. In step 212, the sending end sends the SETUP message carrying the ciphertext to the receiving end. Step 21 0 to step 212 may correspond to the above step S104; Step 214: The sending end encrypts the communication content to be transmitted by using the shared key. Step 216: The sending end sends the encrypted communication content to the receiving end. Through the foregoing processing procedure, the sending end can transmit the shared key to the receiving end, and can encrypt the communication content by using the shared key, so that the transmission process is highly secure and saves system overhead. Described above is the processing of the transmitting end (i.e., the encryption process) in the secure communication, and the present invention is not limited thereto, and in the following embodiments, the processing of the receiving end (i.e., the decryption process) is described in detail. Method Embodiment 3 According to this embodiment, a mobile communication decryption method is provided. FIG. 3 is a flowchart showing a mobile communication decryption method according to Embodiment 3 of the method of the present invention, as shown in FIG.
3所示, #居本发明方法实施例三的移动通信解密方法包括如下的步骤 S302 至步骤 S306。 步骤 S302, 接收端接收到来自发送端的携带有密文的消息, 并获取该 字段中携带的密文; 优选地, 该密文可以携带在该消息的具有网络透传属性 的字段中, 例如, 本发明实施例中使用的消息可以包括但不限于呼叫建立消 息 ( SETUP消息), 这里使用的字段可以包括但不限于 UUIE字段。 步骤 S304, 接收端使用自身的私钥对密文进行解密, 得到由发送端生 成的共享密钥; 优选地, 如上所述, 此处的私钥与发送端用来加密共享密钥 的公钥是一对经过认证的密钥对; 步骤 S306 , 接收端接收到来自发送端的经过加密的通信内容 (在发送 端,使用共享密钥对通信内容进行力。密,具体可以参照上述的方法实施例二), 并使用共享密钥对加密后的通信内容进行解密, 得到通信内容。 借助于本实施例提供的方法, 接收端能够获取发送端提供的共享密钥, 并使用该共享密钥对接收到的加密的通信内容进行解密, 得到用户可识别的 通信内容, 从而能够实现保密通信。 以下以包括 UUIE字段的 SETUP消息为例来描述本发明的方法实施例 三, 图 4示出了根据本发明优选实施例的移动通信解密方法的信令流程, 如 图 4所示, 该处理可以 口下实现: 步骤 402 , 接收端接收到来自发送端的 SETUP消息; 步骤 404, 接收端对 SETUP消息进行解析; 步骤 406, 接收端从 SETUP消息的 UUIE字段中检测到表示携带有密 文的标志, 才艮据该标志从 UUIE字段中获取并优选地保存密文; 步骤 402至 步骤 406可以对应于上述步骤 S302; 步骤 408 , 接收端调用自身的私钥对密文进行解密, 得到发送端生成的 共享密钥, 并保存该共享密钥; 步骤 408可以对应于上述步骤 S304; 步骤 410, 在呼叫建立成功后, 接收端接收到来自发送端的加密的通信 内容; 步骤 412, 接收端使用共享密钥对接收到的加密的通信内容进行解密, 得到用户可以识别的通信内容; 步骤 410 至步骤 412 可以对应于上述步骤 S306。 通过上述处理过程,接收端可以从来自发送端的具有网络透传属性的字 段中获取共享密钥, 并使用该共享密钥对接收到的加密的通信内容进行解密 获取通信内容。 方法实施例四 根据本发明的实施例,提供了一种保密通信的实现方法,包括以下处理: 首先, 主叫终端在与被叫终端进行呼叫建立的过程中生成共享密钥 A, 并将共享密钥 A发送到被叫终端; 其中,在主叫终端在与被叫终端进行呼叫建立的过程中生成共享密钥 A 之后, 主叫终端会使用预先保存的公钥 K1将共享密钥 A进行加密并生成密 文 B (加密后的共享密钥 A ), 在编码密文 B到预定消息的预定字段后, 通 过网络向被叫终端发送上述预定消息 (对应于方法实施例一中的密钥传输过 程, 具体细节可以参见方法实施例一, 在此不再赘述)。 在被叫终端通过网络 接收预定消息后, 被叫终端从预定消息的预定字段中解码出密文 B; 并使用 预先保存的私钥 K2对密文 B进行解密, 获取共享密钥 A。 后, 在进行呼叫建立后, 主叫终端和被叫终端使用共享密钥 Α对通 信内容进行加密或解密。 也就是说, 发送端可以通过共享密钥对通信内容进 行加密, 并将加密后的通信内容发送到接收端, 接收端使用共享密钥进行解 密, 并且, 接收端还可以使用共享密钥对要发送到发送端的通信内容进行加 密, 并将加密后的通信内容发送给发送端。 发送端在接收加密后的通信内容 后, 会使用共享密钥对其进行解密。 通过上述的处理, 就能够有效地提高移 动终端通信过程中端到端的安全性。 装置实施例一 根据本实施例, 提供了一种移动终端, 优选地, 本实施例提供的移动终 端可以作为保密通信中的发送端。 并且可以使用该移动终端来实现方法实施 例一中提供的移动通信的密钥传输方法。 图 5示出了才艮据本发明装置实施例一的移动终端的结构, 如图 5所示, 才艮据本发明装置实施例一的移动终端包括存储单元 1、 密钥生成单元 3、 密 文生成单元 5、 构造单元 7、 通知单元 9。 下面详细说明上述单元的功能。 存储单元 1 , 用于存储对端移动终端的的公钥; 优选地, 如上, 这里的 公钥可以是由作为接收端的对端移动终端永久授权给作为发送端的本移动终 端并存储在发送端本地的, 也可以是在发送端启动此次呼叫建立进程之前, 通过多种方式(例如, 彩信方式、 email方式、 蓝牙方式)从接收端获得并存 储在发送端本地的。 密钥生成单元 3 , 用于生成共享密钥; 优选地, 可以在发送端启动此次 呼叫建立进程后立即生成共享密钥。 密文生成单元 5 , 连接至存储单元 1和密钥生成单元 3 , 用于从存储单 元 1中获取公钥, 从密钥生成单元 3中获取共享密钥, 使用公钥对共享密钥 进行力口密, 得到密文; 优选地, 可以使用存储单元 1、 密钥生成单元 3、 密 文生成单元 5完成上述步骤 S102。 具体地, 首先由密钥生成单元 3生成共享 密钥, 然后, 密文生成单元 5从存储单元 1中获取预先存储的对端移动终端 的公钥,从密钥生成单元 3中获取共享密钥, 并使用该公钥对共享密钥加密, 获得密文。 构造单元 7 , 连接至密文生成单元 5 , 用于夸密文生成单元 5生成的密 文携带在具有网络透传属性的字段中, 并将字段携带在消息中。 通知单元 9 , 连接至构造单元 7 , 用于通过构造单元 7构造的消息将共 享密钥通知给对端移动终端。 优选地, 可以使用构造单元 7和通知单元 9完 成上述的步骤 S104。 具体地, 首先, 构造单元 7从密文生成单元 5中获取密 文, 将密文携带在具有网络透传属性的字段中, 优选地, 该字段包括 UUIE 字段, 并且将该字段携带在消息中, 优选地, 该消息可以是 SETUP 消息, 然后通知单元 9从构造单元 7中获取上述消息, 将该消息发送给对端移动终 端。 借助于本实施例提供的移动终端, 通过设置存储单元、 密钥生成单元、 密文生成单元、 构造单元、 通知单元, 能够通过具有网络透传属性的字段来 携带并传输共享密钥, 从而能够将密钥简便、 安全地传输给保密通信的对端As shown in FIG. 3, the mobile communication decryption method in the third embodiment of the method of the present invention includes the following steps S302 to S306. Step S302: The receiving end receives the message carrying the ciphertext from the sending end, and obtains the ciphertext carried in the field. Preferably, the ciphertext may be carried in a field with a network transparent transmission attribute of the message, for example, The messages used in the embodiments of the present invention may include, but are not limited to, a call setup message (SETUP message), and the fields used herein may include, but are not limited to, a UUIE field. Step S304, the receiving end decrypts the ciphertext by using its own private key to obtain a shared key generated by the transmitting end. Preferably, as described above, the private key and the public key used by the transmitting end to encrypt the shared key are used. A pair of authenticated key pairs; in step S306, the receiving end receives the encrypted communication content from the transmitting end (at the transmitting end, using the shared key to force the communication content. The specific method may refer to the foregoing method embodiment. b), and decrypt the encrypted communication content using the shared key to obtain the communication content. With the method provided in this embodiment, the receiving end can obtain the shared key provided by the sending end, and decrypt the received encrypted communication content by using the shared key to obtain the communication content identifiable by the user, thereby achieving confidentiality. Communication. The following describes the third embodiment of the method of the present invention by taking a SETUP message including a UUIE field as an example. FIG. 4 shows a signaling flow of a mobile communication decryption method according to a preferred embodiment of the present invention, such as As shown in FIG. 4, the process may be implemented in the following manner: Step 402: The receiving end receives the SETUP message from the sending end. Step 404: The receiving end parses the SETUP message. Step 406: The receiving end detects from the UUIE field of the SETUP message. Indicates that the cipher text is carried, and the ciphertext is obtained from the UUIE field according to the flag. Steps 402 to 406 may correspond to step S302. Step 408: The receiving end invokes its own private key pair ciphertext. Decrypting, obtaining a shared key generated by the sender, and saving the shared key; Step 408 may correspond to step S304 above; Step 410, after the call is successfully established, the receiving end receives the encrypted communication content from the sending end; 412. The receiving end decrypts the received encrypted communication content by using the shared key to obtain communication content that can be recognized by the user. Step 410 to step 412 may correspond to the foregoing step S306. Through the above processing, the receiving end may acquire the shared key from the field having the network transparent transmission attribute from the transmitting end, and decrypt the received encrypted communication content using the shared key to obtain the communication content. Method Embodiment 4 According to an embodiment of the present invention, a method for implementing secure communication is provided, including the following processing: First, a calling terminal generates a shared key A in a process of establishing a call with a called terminal, and shares the same. The key A is sent to the called terminal; wherein, after the calling terminal generates the shared key A in the process of establishing the call with the called terminal, the calling terminal performs the shared key A using the pre-saved public key K1. Encrypting and generating ciphertext B (encrypted shared key A), after encoding ciphertext B to a predetermined field of the predetermined message, transmitting the predetermined message to the called terminal through the network (corresponding to the key in the first embodiment of the method) For details of the transmission process, refer to the method embodiment 1 and no further details are provided herein. After the called terminal receives the predetermined message through the network, the called terminal decodes the ciphertext B from the predetermined field of the predetermined message; and decrypts the ciphertext B using the pre-saved private key K2 to obtain the shared key A. After the call is established, the calling terminal and the called terminal encrypt or decrypt the communication content using the shared key. That is to say, the sender can encrypt the communication content through the shared key, and send the encrypted communication content to the receiving end, the receiving end decrypts using the shared key, and the receiving end can also use the shared key to The communication content sent to the sender is encrypted, and the encrypted communication content is sent to the sender. After receiving the encrypted communication content, the sender decrypts it using the shared key. Through the above processing, the end-to-end security of the mobile terminal communication process can be effectively improved. Embodiment 1 of the device According to the embodiment, a mobile terminal is provided. Preferably, the mobile terminal provided in this embodiment can be used as a transmitting end in secure communication. And the key transmission method of the mobile communication provided in the first embodiment of the method is implemented by using the mobile terminal. FIG. 5 is a diagram showing the structure of a mobile terminal according to the first embodiment of the present invention. As shown in FIG. 5, the mobile terminal according to the first embodiment of the present invention includes a storage unit 1, a key generation unit 3, and a secret. The text generation unit 5, the construction unit 7, and the notification unit 9. The function of the above unit will be described in detail below. The storage unit 1 is configured to store a public key of the opposite mobile terminal; preferably, as above, the public key herein may be permanently authorized by the opposite mobile terminal as the receiving end to the mobile terminal as the transmitting end and stored locally at the transmitting end. The method may also be obtained from the receiving end and stored locally at the transmitting end by using multiple methods (for example, MMS mode, email mode, and Bluetooth mode) before the sending end initiates the call setup process. The key generation unit 3 is configured to generate a shared key. Preferably, the shared key may be generated immediately after the sending end initiates the call setup process. The ciphertext generating unit 5 is connected to the storage unit 1 and the key generating unit 3 for acquiring the public key from the storage unit 1, acquiring the shared key from the key generating unit 3, and using the public key to force the shared key The secret is obtained, and the ciphertext is obtained. Preferably, the above step S102 can be completed by using the storage unit 1, the key generation unit 3, and the ciphertext generation unit 5. Specifically, the shared key is first generated by the key generation unit 3, and then the ciphertext generation unit 5 acquires the public key of the peer mobile terminal stored in advance from the storage unit 1, and acquires the shared key from the key generation unit 3. And use the public key to encrypt the shared key to obtain the ciphertext. The construction unit 7 is connected to the ciphertext generation unit 5, and the ciphertext generated by the ciphertext generation unit 5 is carried in a field having a network transparent transmission attribute, and the field is carried in the message. The notification unit 9 is connected to the construction unit 7 for notifying the shared mobile terminal of the shared key by the message constructed by the construction unit 7. Preferably, the above-described step S104 can be completed using the construction unit 7 and the notification unit 9. Specifically, first, the constructing unit 7 acquires the ciphertext from the ciphertext generating unit 5, and carries the ciphertext in a field having a network transparent transmission attribute. Preferably, the field includes a UUIE field, and the field is carried in the message. Preferably, the message may be a SETUP message, and then the notification unit 9 obtains the above message from the construction unit 7, and sends the message to the opposite mobile terminal. With the mobile terminal provided by the embodiment, by setting a storage unit, a key generation unit, a ciphertext generation unit, a construction unit, and a notification unit, the shared key can be carried and transmitted through a field having a network transparent transmission attribute, thereby enabling Transfer the key easily and securely to the opposite end of the secure communication
(即, 接收端), 并且安全程度高、 易于实现。 基于以上的描述,图 6进一步地示出了根据本发明装置实施例一的移动 终端的优选结构, 如图 6所示, 才艮据本发明装置实施例一的移动终端的优选 结构包括: 存储单元 1、 密钥生成单元 3、 密文生成单元 5、 构造单元 7、 通 知单元 9、 以及加密单元 11和发送单元 13 , 其中, 存储单元 1、 密钥生成单 元 3、 密文生成单元 5、 构造单元 7、 通知单元 9与图 5中相对应的单元的功 能类似, 这里不再赘述, 下面详细描述密单元 11和发送单元 13的功能。 力口密单元 11 , 连接至密钥生成单元 3 , 用于使用密钥生成单元 3生成的 共享密钥将待传输的通信内容进行加密; 发送单元 13 , 连接至加密单元 11 , 用于将经过加密单元 11加密的通信 内容发送给对端移动终端。 使用图 6所示的装置, 能够在发送端生成共享密钥, 对保密通信的内容 进行加密, 并且, 能够以简便、 安全的方式将密钥传输给接收端, 从而实现 发送端和接收端之间的保密通信。 装置实施例二 根据本实施例, 提供了另一种移动终端。 优选地, 本实施例提供的移动 终端可以作为保密通信中的接收端, 并且, 可以使用该移动终端实现上述方 法实施例二提供的移动通信解密方法。 图 7示出了才艮据本发明装置实施例二的移动终端的结构, 如图 7所示 , 才艮据本发明装置实施例二的移动终端包括第一接收单元 2、 解析单元 4、 第 一解密单元 6。 下面详细描述上述单元的功能。 第一接收单元 2, 用于接收来自对端移动终端的消息, 其中, 消息的具 有网络透传属性的字段中携带有密文, 密文为作为发送端的对端移动终端通 过使用作为接收端的本移动终端的公钥对共享密钥加密而获得; 优选地, 使 用第一接收单元 2能够完成上述步骤 S302; 解析单元 4, 连接至第一接收单元 2, 用于对第一接收单元 2接收到的 消息进行解析, 获取密文。 第一解密单元 6, 连接至解析单元 4, 用于使用存储的本移动终端的私 钥对密文进行解密, 获得共享密钥。 使用解析单元 4和第一解密单元 6能够 完成上述步骤 S304。 具体地, 解析单元 4从第一接收单元 2中获取消息, 并 从消息中解析出密文, 然后第一解密单元 6从解析单元 4中获取密文, 使用 自身的私钥对密文进行解密, 获得共享密钥。 借助于本实施例提供的装置,能够解析出作为发送端的对端移动终端发 送的共享密钥。 图 8 示出了才艮据本发明装置实施例二的移动终端的优选结构, 如图 8 所示,根据本发明装置实施例二的移动终端的优选结构包括第一接收单元 2、 解析单元 4、 第一解密单元 6、 以及第二接收单元 8、 第二解密单元 10。 其 中, 第一接》 单元 2、 解析单元 4、 第一解密单元 6与图 7 中相对应的单元 的功能类似, 这里不再赞述。 下面详细说明第二接收单元 8、 第二解密单元 10的功能。 第二接收单元 8 , 用于接收来自对端移动终端的通信内容, 其中, 通信 内容在对端移动终端使用共享密钥被加密; 第二解密单元 10, 连接至第二接收单元 8和第一解密单元 6, 用于使用 第一解密单元 6获得的共享密钥对第二接收单元 8接收到的通信内容进行解 密。优选地,使用第二接收单元 8和第二解密单元 10能够完成上述步骤 S306。 使用图 8所示的装置,在接收端能够对接收到密文进行解密获得共享密 钥, 并且使用共享密钥对接收到的机密的通信内容进行解密, 从而实现保密 通信。 借助于本实施例提供的移动终端, 通过设置第二接收单元和解密单元, 能够从来自保密通信对端 (即, 发送端) 的具有网络透传属性的字段中获取 共享密钥, 并使用该共享密钥对来自发送端的加密的通信内容进行解密, 能 够得到用户可识别的通信内容。 综上所述, 借助于本发明的技术方案, 在发送端使用上述装置实施例一 中提供的移动终端, 在接收端使用上述装置实施例二提供的移动终端, 并且 在发送端使用方法实施例一提供的移动通信的密钥传输方法, 在接收端使用 方法实施例二提供的移动通信解密方法, 即, 通过发送端使用接收端的公钥 来加密发送端生成的共享密钥获得密文, 并使用具有网络透传属性的字段来 携带并传输密文, 以及使用共享密钥加密通信内容, 能够实现移动终端之间 的保密通信, 并且加密的安全程度高、 节省系统开销、 使用简便、 易于实现, 从而能够解决相关技术中存在的无法安全简便地实现移动终端间的保密通信 的问题, 进而能够达到提高保密程度的目的。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变^^ 凡在本发明的 4青申和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。 (ie, the receiving end), and is highly secure and easy to implement. Based on the above description, FIG. 6 further shows a preferred structure of the mobile terminal according to the first embodiment of the apparatus according to the present invention. As shown in FIG. 6, the preferred structure of the mobile terminal according to the first embodiment of the apparatus according to the present invention includes: a unit 1, a key generation unit 3, a ciphertext generation unit 5, a construction unit 7, a notification unit 9, and an encryption unit 11 and a transmission unit 13, wherein the storage unit 1, the key generation unit 3, the ciphertext generation unit 5, The construction unit 7 and the notification unit 9 are similar in function to the corresponding units in FIG. 5, and are not described herein again. The functions of the compact unit 11 and the transmission unit 13 are described in detail below. The power density unit 11 is connected to the key generation unit 3 for encrypting the communication content to be transmitted using the shared key generated by the key generation unit 3; the sending unit 13 is connected to the encryption unit 11 for passing The communication content encrypted by the encryption unit 11 is sent to the opposite mobile terminal. By using the apparatus shown in FIG. 6, it is possible to generate a shared key at the transmitting end, encrypt the content of the secure communication, and transmit the key to the receiving end in a simple and secure manner, thereby realizing the transmitting end and the receiving end. Confidential communication between. Apparatus Embodiment 2 According to this embodiment, another mobile terminal is provided. Preferably, the mobile terminal provided in this embodiment can be used as a receiving end in the secure communication, and the mobile communication decryption method provided in the second embodiment of the foregoing method can be implemented by using the mobile terminal. FIG. 7 is a diagram showing the structure of a mobile terminal according to Embodiment 2 of the apparatus of the present invention, as shown in FIG. The mobile terminal according to the second embodiment of the present invention includes a first receiving unit 2, a parsing unit 4, and a first decrypting unit 6. The function of the above unit will be described in detail below. The first receiving unit 2 is configured to receive a message from the peer mobile terminal, where the field having the network transparent transmission attribute of the message carries the ciphertext, and the ciphertext is the peer mobile terminal that is the transmitting end, by using the local terminal as the receiving end The public key of the mobile terminal is obtained by encrypting the shared key; preferably, the first receiving unit 2 is used to complete the above step S302; the parsing unit 4 is connected to the first receiving unit 2 for receiving the first receiving unit 2 The message is parsed to get the ciphertext. The first decryption unit 6 is connected to the parsing unit 4 for decrypting the ciphertext using the stored private key of the mobile terminal to obtain a shared key. The above step S304 can be completed using the parsing unit 4 and the first decrypting unit 6. Specifically, the parsing unit 4 acquires a message from the first receiving unit 2, and parses the ciphertext from the message, and then the first decrypting unit 6 acquires the ciphertext from the parsing unit 4, and decrypts the ciphertext using its own private key. , get the shared secret. With the device provided in this embodiment, the shared key sent by the peer mobile terminal as the transmitting end can be parsed. FIG. 8 shows a preferred structure of a mobile terminal according to the second embodiment of the present invention. As shown in FIG. 8, the preferred structure of the mobile terminal according to the second embodiment of the present invention includes a first receiving unit 2 and a parsing unit 4. The first decryption unit 6, the second receiving unit 8, and the second decryption unit 10. The functions of the first unit, the parsing unit 4, and the first decrypting unit 6 are similar to those of the corresponding unit in FIG. 7, and are not mentioned here. The functions of the second receiving unit 8 and the second decrypting unit 10 will be described in detail below. a second receiving unit 8 configured to receive communication content from the opposite mobile terminal, where the communication content is encrypted at the opposite mobile terminal using a shared key; the second decryption unit 10 is connected to the second receiving unit 8 and the first The decryption unit 6 is configured to decrypt the communication content received by the second receiving unit 8 using the shared key obtained by the first decryption unit 6. Preferably, the above step S306 can be completed using the second receiving unit 8 and the second decrypting unit 10. Using the apparatus shown in FIG. 8, the receiving terminal can decrypt the received ciphertext to obtain a shared key, and decrypt the received confidential communication content using the shared key, thereby implementing secure communication. With the mobile terminal provided by the embodiment, by setting the second receiving unit and the decrypting unit, the shared key can be obtained from the field having the network transparent transmission attribute from the peer end of the secure communication (ie, the transmitting end), and the The shared key decrypts the encrypted communication content from the sender, and the communication content recognizable by the user can be obtained. As described above, with the technical solution of the present invention, the mobile terminal provided in Embodiment 1 of the foregoing apparatus is used at the transmitting end, and the mobile terminal provided by Embodiment 2 of the foregoing apparatus is used at the receiving end, and the method is used at the transmitting end. a method for transmitting a key of a mobile communication, using the mobile communication decryption method provided by the second embodiment of the method, that is, the sender uses the public key of the receiving end to encrypt the shared key generated by the sender to obtain the ciphertext, and The use of a field with network transparent transmission properties to carry and transmit ciphertext, and the use of a shared key to encrypt communication content enables secure communication between mobile terminals, and the encryption is highly secure, saves system overhead, is easy to use, and is easy to implement. Therefore, it is possible to solve the problem in the related art that the secure communication between the mobile terminals cannot be realized safely and simply, and the purpose of improving the degree of confidentiality can be achieved. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. For those skilled in the art, various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made therein are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种密钥传输方法, 其特征在于, 包括: A key transmission method, comprising:
发送端生成共享密钥, 获取预先存储的接收端的公钥, 并使用所述 公钥对所述共享密钥进行加密, 得到密文;  The sending end generates a shared key, obtains a pre-stored public key of the receiving end, and encrypts the shared key by using the public key to obtain a ciphertext;
所述发送端将所述密文携带在包括具有网络透传属性的字段的消 息中, 并将所述消息发送给所述接收端。  The transmitting end carries the ciphertext in a message including a field having a network transparent transmission attribute, and sends the message to the receiving end.
2. 才艮据权利要求 1所述的方法, 其特征在于, 所述发送端生成共享密钥包 括: 2. The method according to claim 1, wherein the generating a shared key by the transmitting end comprises:
所述发送端在启动呼叫建立进程后生成所述共享密钥。  The sending end generates the shared key after starting the call setup process.
3. 根据权利要求 1所述的方法, 其特征在于, 在将所述消息发送给所述接 收端之后, 所述方法还包括: The method according to claim 1, wherein after the sending the message to the receiving end, the method further comprises:
所述接收端接收所述消息,获取所述消息包括的所述字段中的所述 密文, 使用所述接收端的私钥对所述密文进行解密, 获得所述共享密钥。  The receiving end receives the message, obtains the ciphertext in the field included in the message, and decrypts the ciphertext by using the private key of the receiving end to obtain the shared key.
4. 才艮据权利要求 1至 3中任一项所述的方法, 其特征在于, 在将所述消息 发送给所述接收端之后, 所述方法还包括: The method according to any one of claims 1 to 3, wherein, after the message is sent to the receiving end, the method further comprises:
在呼叫建立成功后,所述发送端使用所述共享密钥对待传输的通信 内容进行加密, 并将加密后的通信内容发送给所述接收端。  After the call is successfully established, the transmitting end encrypts the communication content to be transmitted by using the shared key, and sends the encrypted communication content to the receiving end.
5. 根据权利要求 4所述的方法, 其特征在于, 还包括: 5. The method according to claim 4, further comprising:
所述接收端使用所述共享密钥对接收到的所述加密后的通信内容 进行解密。  The receiving end decrypts the received encrypted communication content using the shared key.
6. 根据权利要求 5所述的方法, 其特征在于, 还包括: The method according to claim 5, further comprising:
所述接收端使用所述共享密钥对待传输的通信内容进行加密,并将 加密后的通信内容发送给所述发送端。  The receiving end encrypts the communication content to be transmitted by using the shared key, and sends the encrypted communication content to the sending end.
7. 根据权利要求 1所述的方法, 其特征在于, 所述具有网络透传属性的字 段包括: 呼叫建立消息中的用户信息单元字段。 The method according to claim 1, wherein the field having a network transparent transmission attribute comprises: a user information unit field in a call setup message.
8. 一种解密方法, 其特征在于, 包括: 8. A decryption method, comprising:
接收端接收到来自发送端的包括具有网络透传属性的字段的消息, 并获取所述字段中携带的密文, 其中, 所述密文为所述发送端使用所述 接收端的公钥对共享密钥加密而生成;  Receiving, by the receiving end, a message including a field having a network transparent transmission attribute from the transmitting end, and acquiring a ciphertext carried in the field, where the ciphertext is used by the sending end to use the public key pair of the receiving end to share the secret Generated by key encryption;
所述接收端使用自身的私钥对所述密文进行解密,得到由所述发送 端生成的所述共享密钥;  The receiving end decrypts the ciphertext by using its own private key to obtain the shared key generated by the sending end;
所述接收端接收来自所述发送端的使用所述共享密钥加密的通信 内容,使用解密得到的所述共享密钥对所述加密后的通信内容进行解密, 得到通信内容。  The receiving end receives the communication content encrypted by the shared key from the transmitting end, and decrypts the encrypted communication content by using the decrypted shared key to obtain a communication content.
9. 根据权利要求 8所述的方法, 其特征在于, 还包括: 9. The method according to claim 8, further comprising:
所述接收端使用所述共享密钥对待传输的通信内容进行加密,并将 加密后的通信内容发送给所述发送端。  The receiving end encrypts the communication content to be transmitted by using the shared key, and sends the encrypted communication content to the sending end.
10. 一种保密通信的实现方法, 其特征在于, 包括: 10. A method for implementing secure communication, comprising:
主叫终端在与被叫终端进行呼叫建立的同时生成共享密钥,并将所 述共享密钥发送到所述被叫终端;  The calling terminal generates a shared key while performing call setup with the called terminal, and sends the shared key to the called terminal;
在进行呼叫建立后,所述主叫终端和所述被叫终端使用所述共享密 钥对通信内容进行加密或解密。  After the call setup is made, the calling terminal and the called terminal encrypt or decrypt the communication content using the shared key.
11. 一种移动终端, 其特征在于, 包括: A mobile terminal, comprising:
存储单元, 用于存储对端移动终端的公钥;  a storage unit, configured to store a public key of the peer mobile terminal;
密钥生成单元, 用于生成共享密钥;  a key generation unit, configured to generate a shared key;
密文生成单元, 用于从所述存储单元中获取所述公钥, 从所述密钥 生成单元中获取所述共享密钥,使用所述公钥对所述共享密钥进行加密, 得到密文;  a ciphertext generating unit, configured to acquire the public key from the storage unit, obtain the shared key from the key generating unit, and encrypt the shared key by using the public key to obtain a secret Text
构造单元,用于将所述密文生成单元生成的所述密文携带在具有网 络透传属性的字段中, 并将所述字段携带在消息中;  a constructing unit, configured to carry the ciphertext generated by the ciphertext generating unit in a field having a network transparent transmission attribute, and carry the field in a message;
通知单元,用于通过所述构造单元构造的所述消息将所述共享密钥 通知给所述对端移动终端。 a notification unit, configured to notify the peer mobile terminal of the shared key by using the message constructed by the constructing unit.
12. 根据权利要求 11所述的移动终端, 其特征在于, 还包括: 加密单元, 用于使用所述共享密钥将待传输的通信内容进行加密; 发送单元,用于将经过所述加密单元加密的所述通信内容发送给所 述对端移动终端。 The mobile terminal according to claim 11, further comprising: an encryption unit, configured to encrypt the communication content to be transmitted by using the shared key; and a sending unit, configured to pass the encryption unit The encrypted communication content is sent to the opposite mobile terminal.
13. 一种移动终端, 其特征在于, 包括: A mobile terminal, comprising:
第一接收单元, 用于接收来自对端移动终端的消息, 其中, 所述消 息的具有网络透传属性的字段中携带有密文, 所述密文为所述端移动终 端通过使用所述移动终端的公钥对共享密钥加密而获得;  a first receiving unit, configured to receive a message from the peer mobile terminal, where a field having a network transparent transmission attribute of the message carries a ciphertext, where the ciphertext is used by the mobile terminal by using the mobile terminal The public key of the terminal is obtained by encrypting the shared key;
解析单元, 用于对所述第一接收单元接收到的所述消息进行解析, 获取所述密文; 第一解密单元,用于使用存储的所述移动终端的私钥对所述解析单 元获取的所述密文进行解密, 获得所述共享密钥。  a parsing unit, configured to parse the message received by the first receiving unit, to obtain the ciphertext; a first decrypting unit, configured to acquire, by using the stored private key of the mobile terminal, the parsing unit The ciphertext is decrypted to obtain the shared key.
14. 根据权利要求 13所述的移动终端, 其特征在于, 还包括: The mobile terminal according to claim 13, further comprising:
第二接收单元,用于接收来自所述对端移动终端的通信内容,其中, 所述通信内容在所述对端移动终端使用所述共享密钥被加密;  a second receiving unit, configured to receive communication content from the peer mobile terminal, where the communication content is encrypted by the peer mobile terminal by using the shared key;
第二解密单元,用于使用所述第一解密单元获得的所述共享密钥对 所述第二接收单元接收到的所述通信内容进行解密。  And a second decryption unit, configured to decrypt the communication content received by the second receiving unit by using the shared key obtained by the first decryption unit.
PCT/CN2008/073537 2008-12-16 2008-12-16 Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method WO2010069102A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2008/073537 WO2010069102A1 (en) 2008-12-16 2008-12-16 Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2008/073537 WO2010069102A1 (en) 2008-12-16 2008-12-16 Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method

Publications (1)

Publication Number Publication Date
WO2010069102A1 true WO2010069102A1 (en) 2010-06-24

Family

ID=42268249

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073537 WO2010069102A1 (en) 2008-12-16 2008-12-16 Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method

Country Status (1)

Country Link
WO (1) WO2010069102A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112737774A (en) * 2020-12-28 2021-04-30 苏州科达科技股份有限公司 Data transmission method, device and storage medium in network conference
CN114362950A (en) * 2020-09-29 2022-04-15 中国移动通信有限公司研究院 Information transmission method, device and terminal
CN114884939A (en) * 2022-05-07 2022-08-09 中国银行股份有限公司 Screen sharing method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060021066A1 (en) * 2004-07-26 2006-01-26 Ray Clayton Data encryption system and method
CN1801705A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Pre-authentication method
CN101183938A (en) * 2007-10-22 2008-05-21 华中科技大学 Wireless network security transmission method, system and equipment
US20080133917A1 (en) * 2006-12-04 2008-06-05 Electronics And Telecommunications Research Institute Ring authentication method for concurrency environment
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A mixed encryption method in session system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060021066A1 (en) * 2004-07-26 2006-01-26 Ray Clayton Data encryption system and method
CN1801705A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Pre-authentication method
US20080133917A1 (en) * 2006-12-04 2008-06-05 Electronics And Telecommunications Research Institute Ring authentication method for concurrency environment
CN101183938A (en) * 2007-10-22 2008-05-21 华中科技大学 Wireless network security transmission method, system and equipment
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A mixed encryption method in session system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114362950A (en) * 2020-09-29 2022-04-15 中国移动通信有限公司研究院 Information transmission method, device and terminal
CN112737774A (en) * 2020-12-28 2021-04-30 苏州科达科技股份有限公司 Data transmission method, device and storage medium in network conference
CN114884939A (en) * 2022-05-07 2022-08-09 中国银行股份有限公司 Screen sharing method, device and system

Similar Documents

Publication Publication Date Title
US9055047B2 (en) Method and device for negotiating encryption information
CN102572817B (en) Method and intelligent memory card for realizing mobile communication confidentiality
WO2010078755A1 (en) Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof
JP2012019511A (en) System and method of safety transaction between wireless communication apparatus and server
WO2009155781A1 (en) Method and system of transmitting the encrypted information
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
TW201417546A (en) Instant messaging method and system
CN104683291B (en) Session key negotiation method based on IMS system
WO2012024903A1 (en) Method for encrypting voice calls in mobile communication network, and system, terminal, and network side thereof
CN107682152B (en) Group key negotiation method based on symmetric cipher
WO2012071846A1 (en) Method and system for encrypting short message
CN112332986B (en) Private encryption communication method and system based on authority control
WO2012129929A1 (en) Method, system and appararus for secure transmission of media message
CN113779619A (en) Encryption and decryption method for ceph distributed object storage system based on state cryptographic algorithm
WO2016082401A1 (en) Conversation method and apparatus, user terminal and computer storage medium
CN112702332B (en) Chain key exchange method, client, server and system
CN108337089B (en) Signaling transmission encryption and decryption method, device and terminal
WO2017197968A1 (en) Data transmission method and device
WO2010069102A1 (en) Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method
WO2012075761A1 (en) Method and system for encrypting multimedia message service
JP4615128B2 (en) Voice and data encryption method using encryption key split combiner
WO2009094812A1 (en) Method and apparatus for implementing the security of point to point media stream
CN114826659A (en) Encryption communication method and system
CN114650173A (en) Encryption communication method and system
JP2009065226A (en) Authenticated key exchange system, authenticated key exchange method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08878846

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08878846

Country of ref document: EP

Kind code of ref document: A1