CN1881869B - Method for realizing encryption communication - Google Patents
Method for realizing encryption communication Download PDFInfo
- Publication number
- CN1881869B CN1881869B CN200510117145A CN200510117145A CN1881869B CN 1881869 B CN1881869 B CN 1881869B CN 200510117145 A CN200510117145 A CN 200510117145A CN 200510117145 A CN200510117145 A CN 200510117145A CN 1881869 B CN1881869 B CN 1881869B
- Authority
- CN
- China
- Prior art keywords
- communication
- communication node
- encryption
- node
- ability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 title claims abstract description 506
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000000977 initiatory effect Effects 0.000 claims description 5
- 230000003993 interaction Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 description 4
- 230000002411 adverse Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000011664 signaling Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000005194 fractionation Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Images
Abstract
The invention relates to a method for realizing encrypted communication, wherein when two communication nodes communicate, the first node sends itself media ability information and the communication encrypt ability information to the second node; the media ability information represents said node has media ability and the communication encrypt ability represents the node has encrypted communication ability; the second node based on the media ability and communication encrypt ability information, judges if it has the communication encrypt ability and the media ability crossed with the first communication node; if it has, the first and second nodes confirm the same data encrypted key, and use said media ability and the data encrypted key to process encrypted communication. The invention can avoid the communication information between the first and second communication nodes to be obtained illegally, and the illegal user can not analyze or read the content of obtained message, to improve the communication safety.
Description
Technical field
The present invention relates to the communications field, be specifically related to a kind of method that realizes coded communication.
Background technology
At present, RFC 2833 protocol descriptions how in the real-time transport protocol (rtp) packet, to transmit touch-tone signal (DTMF) and other network signal and incident.
In the above-mentioned information that application RFC 2833 is transmitted, there is quite a few information higher to security requirement.As: the transaction data of commercial departments such as bank, userspersonal information etc.These should be encrypted during to the higher information of security requirement in transmission, can't correctly be resolved even make information transmitted be illegally accessed also.
Yet, information transmitted not to be encrypted when using RFC 2833 transmission information at present, the fail safe of using RFC2833 communication is lower.In this case, if information is illegally accessed when transmission, illegally obtains information person and can directly read the content of obtaining that information comprised, this causes adverse effect to the lawful owner of this information probably, and then reduces user satisfaction.
In fact, the communication protocol of in addition a lot of other kinds can't realize the coded communication of information at present, it is equally very low to use the fail safe that these communication protocols communicate, and this causes adverse effect to the lawful owner of information probably, and then reduces user satisfaction.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method that realizes coded communication, to improve communications security.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention discloses a kind of method that realizes coded communication, this method is used for encrypting at RFC 2833 protocol data bags, may further comprise the steps:
When a. two communication nodes were communicated by letter, first communication node sent to the second communication node with self media capability information and communication encryption ability information;
B. the second communication node is according to media capability information and communication encryption ability information from first communication node, judge self whether to have the communication encryption ability and have the media capability that occurs simultaneously with first communication node, if have, first, second communication node is determined identical data encryption key, and application exists the described media capability and the established data encryption key that occur simultaneously to carry out coded communication.
Among the step b, described determination methods comprises:
The second communication node obtains the media capability that self has, and the media capability that relatively obtains with whether have common factor from the pairing media capability of media capability information of first communication node, occur simultaneously if exist, the second communication node determines self to have the media capability that has common factor with first communication node;
The communication configuration parameter of relevant communication encryption ability in second communication querying node self communication configuration parameter, if the communication configuration parameter that inquires is supported communication encryption, the second communication node determines self to have the communication encryption ability.
Described media capability information is the communication protocol title, and whether then described second communication node is determined self to have with first communication node exists the method for the media capability that occurs simultaneously to be:
The second communication node obtains the communication protocol that self supports, and the title of the communication protocol of relatively obtaining with whether have common factor from the communication protocol title of first communication node, occur simultaneously if exist, the second communication node determines self to have the media capability that has common factor with first communication node.
The communication configuration parameter of described relevant communication encryption ability is to encrypt to enable, and then among the step b, the second communication node judges that the method that self whether has the communication encryption ability is:
Encryption in second communication querying node self communication configuration parameter enables, if the encryption that inquires enables to be arranged at enabled state, the second communication node determines self to have the communication encryption ability.
Described communication encryption ability information is the random number of first communication node generation or the public keys that sets in advance, and then among the step b, the method for described first, second communication node specified data encryption key comprises:
The second communication node is used the encryption policy set in advance to random number or public-key encryption from first communication node, and with encrypted result as follow-up data encryption key of communicating by letter with first communication node; First communication node is used the encryption policy set in advance to random number that self generates or the public-key encryption that sends to the second communication node, and with encrypted result as follow-up and the data encryption key second communication node communication.
Described communication encryption ability information be first communication node use the encryption policy set in advance to the random number of its generation and the public-key encryption that sets in advance after the encrypted result of gained, then among the step b, the method for described first, second communication node specified data encryption key comprises:
The second communication node is used encryption policy and the public keys set in advance the communication encryption ability information from first communication node is decrypted, and with decrypted result as follow-up data encryption key of communicating by letter with first communication node; First communication node with described encrypted result as follow-up and the data encryption key second communication node communication.
Described communication encryption ability information is the random number of first communication node generation or the public keys that sets in advance, and then among the step b, the method for described first, second communication node specified data encryption key comprises:
The second communication node directly will be from the random number of first communication node or public keys as follow-up data encryption key of communicating by letter with first communication node; Random number that first communication node directly generates self or the public keys that sends to the second communication node are as follow-up and the data encryption key second communication node communication.
Among the step b, describedly carry out coded communication and comprise:
First/second communication node is used described data encryption key and with the encryption policy that sets in advance the data that send to the second/the first communication node is encrypted, and the enciphered data after will encrypting sends to the second/the first communication node; The second/the first communication node uses described data encryption key and described encryption policy is decrypted the enciphered data from first/second communication node.
Before step b or among the step b, further foundation is used for the communicating medium passage between first communication node and second communication node.
Described first communication node, second communication node are communication terminal, gateway or media controller unit MCU.
First communication node and second communication node utility cession initiation protocol SIP or H323 protocol interaction.
Compared with prior art, the method for realization coded communication provided by the present invention is consulted to be identified for supporting the media capability and the coded communication ability of coded communication by first communication node and second communication node; All have the communication encryption ability and during the media capability that exist to occur simultaneously, determine identical data encryption key at first, second communication node, and use described media capability and the established data encryption key carries out coded communication by first, second communication node.
As seen, even information transmitted is illegally accessed between first, second communication node, the inventive method also can guarantee illegally to obtain information person can't correctly resolve or directly read the content of obtaining that information comprised, the adverse effect of avoiding the lawful owner to this information to cause has improved communications security and user satisfaction.
Description of drawings
Fig. 1 realizes the flow chart of coded communication for the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments to the detailed description of the invention.
The method of realization coded communication provided by the invention sends to the second communication node by first communication node with self media capability information and communication encryption ability information; The media capability that on behalf of communication node, described media capability information have, on behalf of communication node, described communication encryption ability information have the coded communication ability; The second communication node is according to media capability information and communication encryption ability information from first communication node, judge self whether to have the communication encryption ability and have the media capability that occurs simultaneously with first communication node, if have, first, second communication node is determined identical data encryption key, and uses described media capability and the established data encryption key carries out coded communication.Wherein, first communication node can be the caller communication node, and the second communication node can be called communication node.
Referring to Fig. 1, Fig. 1 realizes the flow chart of coded communication for the present invention, and this flow process may further comprise the steps:
Step 101: set in advance identical public keys and encryption policy in the calling and called communication node.The caller communication node sends setup requests to called communication node, and this setup requests can be realized by the Setup message of Q931 agreement.
Step 102: after called communication node is received setup requests from the caller communication node, send the call treatment response to the caller communication node, notice caller communication node is called out present.Described call treatment response can be realized by the CallProceeding message of Q931 agreement.
Step 103: called communication node sends ALERTING message to the caller communication node, and the called communication node of notice caller communication node is just in ring.Described ALERTING message can be realized by the Alerting message of Q931 agreement.
Step 104: when called communication node was accepted calling from the caller communication node in modes such as off-hooks, called communication node sent the call answering response to the caller communication node.
Step 105: connect the process of foundation between the calling and called communication node, with communicating to connect that foundation is used to support to communicate by letter between the calling and called communication node.
Concrete connection is set up process and generally included: called communication node sends the connection that comprises called communication node communication identifier at least to the caller communication node and sets up request; After the caller communication node is received and is set up request from the connection of called communication node, determine that being connected the pairing communication node of communication identifier that comprises in the request of foundation with this communicates by letter, and send the connection establishment response that comprises caller communication node communication identifier to called communication node; After called communication node is received connection establishment response from the caller communication node, determine to communicate by letter with the pairing communication node of communication identifier that comprises in this connection establishment response.Certainly, if carry caller communication node communication identifier in the setup requests in the step 101, called communication node is then determined to communicate by letter with the pairing communication node of this communication identifier after receiving this communication identifier, and the caller communication node need not carry described communication identifier in above-mentioned connection establishment response.
Above-mentioned connection is set up process and can be realized by the Connect message of Q931 agreement, also can be realized by the H245 agreement.If realized by the H245 agreement, described communication identifier then comprises listening port that H245 Internet protocol (IP) address and H245 agreement support number.
Step 106: when the caller communication node has the communication encryption ability, the communication encryption capability negotiation process between initiation of caller communication node and the called communication node.The operation that this negotiations process comprised is mainly: the caller communication node sends the request of communication encryption capability negotiation to called communication node, comprises the media capability information and the communication encryption ability information of caller communication node in this communication encryption capability negotiation request at least.Wherein, the media capability that on behalf of the caller communication node, media capability information had, particularly, the medium coding/decoding capability that described media capability information is had when representing the caller communication node to carry out data communication; On behalf of the caller communication node, the communication encryption ability information have the coded communication ability.Described communication encryption ability information can be represented with an extended field.
After called communication node is received communication encryption capability negotiation request from the caller communication node, judge self whether to have the communication encryption ability and have the media capability that occurs simultaneously with the caller communication node, if have, called communication node sends the response of communication encryption capability negotiation to the caller communication node, can carry the media capability information and the communication encryption ability information of called communication node in this communication encryption capability negotiation response; Otherwise called communication node send to be consulted failed message to the caller communication node, and the caller communication node is received the operation that stops to carry out with called communication node follow-up relevant coded communication behind this negotiation failed message.Usually the media capability that sets in advance the communication encryption ability and have separately in the calling and called communication node.
As seen, flow process shown in Figure 1 successfully is an example with the communication encryption capability negotiation.
It is multiple that described called communication node judges that the method that self whether has the communication encryption ability has, as: in the communication configuration parameter of called communication node, add to encrypt enabling, and this encryption is enabled to be set to enable or forbid in advance by operating personnel.So, when called communication node was inquired about the communication configuration parameter of self, if knowing to encrypt enables the current enabled state that is, called communication node determined self to have the communication encryption ability; Otherwise called communication node determines that self does not have the communication encryption ability.
If the main operation of above-mentioned communication encryption capability negotiation process is specialized, then the caller communication node initiate and called communication node between communication encryption capability negotiation process can have multiplely, first kind of communication encryption capability negotiation process is:
The caller communication node sends the communication encryption capability negotiation request that comprises media capability information and communication encryption ability information to called communication node, and described communication encryption ability information represents that with public keys that is: on behalf of the caller communication node, the public keys that comprises in the request of described communication encryption capability negotiation have the communication encryption ability.After called communication node is received communication encryption capability negotiation request from the caller communication node, use prior art and obtain the media capability that self has, and whether the media capability of the media capability information representative that comprises in media capability that relatively obtains and the request of described communication encryption capability negotiation exists common factor, occur simultaneously if exist, called communication node determines self to have the media capability that has common factor with the caller communication node; Otherwise called communication node determines self not have the media capability that has common factor with the caller communication node.
Called communication node also determines self whether to have the communication encryption ability, if have, called communication node is used the described encryption policy that sets in advance the public keys that comprises in the request of described communication encryption capability negotiation is encrypted, and with encrypted result as follow-up callee side data encryption key when communicating by letter with the caller communication node.Afterwards, called communication node sends the response of communication encryption capability negotiation to the caller communication node, and the called communication node of notice caller communication node has the communication encryption ability and has the media capability that occurs simultaneously with the caller communication node; The caller communication node is received from after the response of the communication encryption capability negotiation of called communication node, determine and to carry out coded communication with the caller communication node, and use the described encryption policy set in advance described public keys is encrypted, and the Calling Side data encryption key when encrypted result communicated by letter as follow-up and called communication node.
Certainly, the calling and called communication node also can not used described encryption policy described public keys is encrypted, but the calling and called side data encryption key during directly as subsequent communications with described public keys respectively.
In actual applications, can carry described callee side data encryption key in the described communication encryption capability negotiation response, the caller communication node is then used described encryption policy the callee side data encryption key that comprises in the communication encryption capability negotiation response of receiving is decrypted, and judge whether deciphering gained result is identical with described public keys, if identical, the caller communication node sends acknowledge message to called communication node; Otherwise the caller communication node sends to called communication node and consults failed message.
Certainly, after the caller communication node is received described communication encryption capability negotiation response, also can not carry out described decryption oprerations, but judge directly whether the callee side data encryption key that comprises in the response of receiving is identical with the Calling Side data encryption key that self generates, if identical, the caller communication node sends acknowledge message to called communication node; Otherwise the caller communication node sends to called communication node and consults failed message.
What can also carry further in the response of described communication encryption capability negotiation that called communication node has exists the pairing media capability information of media capability of occuring simultaneously with the caller communication node.
Second kind of communication encryption capability negotiation process is: the caller communication node sends the communication encryption capability negotiation request that comprises media capability information and communication encryption ability information to called communication node, and described communication encryption ability information represents that with the random number that the caller communication node generates arbitrarily that is: on behalf of the caller communication node, the random number that comprises in the request of described communication encryption capability negotiation have the communication encryption ability.Whether called communication node is determined self to have with the caller communication node and is had the media capability that occurs simultaneously, and concrete definite method is identical with corresponding definite method in first kind of communication encryption capability negotiation process.
Called communication node also determines self whether to have the communication encryption ability, after determining to have the communication encryption ability, generate the callee side data encryption key and carry out the follow-up operation such as communication encryption capability negotiation response that sends to the caller communication node, correlation method in concrete method of operation and the first kind of communication encryption capability negotiation process is identical substantially, and the operation that difference is to carry out is no longer at described public keys but at described random number.
Using random number carries out the benefit of coded communication and is: carry out new session etc. between the calling and called communication node when newly once communicating by letter at every turn, all can generate new random number at random, and use this random number and generate described data encryption key.As seen, when the calling and called communication node is newly once communicated by letter, the described data encryption key that generates is different with last time all, even the flexibility that this data encryption key generates makes that illegally obtaining information person is once decoding data encryption key in the communication, also can't use same procedure and decode employed data encryption key in each communication, this can further improve communications security.
Certainly, Calling Side data encryption key when the caller communication node can be communicated by letter described random number as follow-up and called communication node, and the described public keys that use to be provided with and encryption policy are to this random number encryption, encrypted result is carried in the request of described communication encryption capability negotiation as the communication encryption ability information, sends to called communication node.After called communication node is received this communication encryption capability negotiation request and is determined self cryptographic capabilities is arranged, the communication encryption ability information deciphering of described public keys that use to be provided with and encryption policy to comprising in the communication encryption capability negotiation request of receiving, and with decrypted result as follow-up callee side data encryption key when communicating by letter with the caller communication node.As seen, this callee side data encryption key is identical with the described random number that the caller communication node sends.
The third communication encryption capability negotiation process is: the caller communication node sends the pre-negotiation request that comprises media capability information and communication encryption ability information to called communication node, and described communication encryption ability information represents that with communication encryption ability mark this communication encryption ability mark is used to notify called communication node caller communication node to have the communication encryption ability.Such as: the communication encryption ability that the caller communication node sends was labeled as 1 o'clock, represented the caller communication node to have the communication encryption ability.
After called communication node is received pre-negotiation request from the caller communication node, determine self whether to have with the caller communication node and have the media capability that occurs simultaneously, concrete definite method is identical with corresponding definite method cardinal principle in first kind of communication encryption capability negotiation process, difference be current definite method of carrying out at be the pre-request of consulting. called communication node also determines self whether to have the communication encryption ability, and after determining self to have the communication encryption ability, send pre-negotiate response to the caller communication node. after the caller communication node is received pre-negotiate response from called communication node, carry out and second or the essentially identical operation of the third communication encryption capability negotiation process with called communication node. certainly, because called communication node has determined self whether to have described media capability and communication encryption ability, therefore called communication node do not need to carry out again second and the third communication encryption capability negotiation process described in determine the operation of media capability and communication encryption ability.
Step 107: the communication encryption capability negotiation process when called communication node has the communication encryption ability between called communication node initiation and the caller communication node, the operation that this communication encryption capability negotiation process is comprised is identical substantially with the operation in the step 106, and difference is: the exchange of operating main body has taken place with respect to step 106 step 107.Certainly, on behalf of called communication node, the pairing communication encryption ability information of communication encryption ability that is provided with in the called communication node have the coded communication ability; The media capability that on behalf of called communication node, the pairing media capability information of the media capability that is provided with in the called communication node have, the medium coding/decoding capability that is had when particularly, on behalf of called communication node, described media capability information carry out data communication.
Step 107 does not have strict time order and function relation with step 106.
In actual applications, also can an execution in step 107 or step 106 in a step, this can not influence follow-up data encryption communication.
Step 108: the application prior art is set up the media channel between the calling and called communication node, and concrete media channel is set up process and is generally: calling/called communication node sends the media channel that comprises calling/called communication node IP address and communication port numbers at least to quilt/caller communication node and sets up request; Quilt/caller communication node receives from the media channel of calling/called communication node and sets up request, and sends to comprise at least to be set up by the media channel of/caller communication node IP address and communication port numbers to calling/called communication node and respond accepting this request back.Like this, the calling and called communication node can carry out follow-up data communication according to this address information with regard to having obtained the address information that the other side is used to carry out data communication each other.
Certainly, set up request if quilt/caller communication node has been refused described media channel, then set up refuse information to calling/called communication node sendaisle, this passage is set up in the refuse information can also carry Reason For Denial.
Step 109: use the described media channel of setting up between the calling and called communication node and carry out the encrypted data communications process.Concrete operations are:
Calling/called communication node is used described calling/called side data encryption key and described encryption policy and is encrypted sending to by the data of/caller communication node, and the enciphered data after will encrypting sends to by/caller communication node; Quilt/caller communication node is used described quilt/Calling Side data encryption key and described encryption policy is decrypted the enciphered data from calling/called communication node, and uses prior art and carry out subsequent treatment according to finishing decrypted data.
Step 101 to step 105 can be realized by communication protocols such as Q931, and can further comprise other Signalling exchange.
Step 106 to step 109 is normally realized by the H245 agreement, the request of described communication encryption capability negotiation can be by terminal capability request (Terminal Capability Set, TCS) realize, described communication encryption capability negotiation response can be confirmed (Terminal Capability Set Ack by the terminal capability request, TCS Ack) realizes, the request of setting up of described media channel can be realized by open logical channel (Open LogicChannel) message, described media channel is set up response can be responded (OpenLogic Channel Ack) realization by open logical channel, and described passage is set up refuse information can be refused the realization of (Open Logic Channel Reject) message by open logical channel.
Certainly, step 106 to step 109 can further comprise other Signalling exchange, also can be realized by other communication protocol; And step 106, step 107 can also be by Session Description Protocol (SessionDescription Protocol, SDP) realizations.
Step 106 and/or step 107 can be carried out any time before step 109.
Described media capability information can be any communication protocol title that the calling and called communication node is supported, knows to guarantee the recipient which kind of communication protocol transmit leg supports.As: G.711, G.723, H.263, RFC 2833 etc.Like this, the name of the communication protocol that just self can be supported of caller communication node is referred to as media capability information and sends to called communication node; Called communication node then obtains the communication protocol that self supports, and whether the title of the communication protocol of relatively obtaining exists common factor with the communication protocol title of receiving, occur simultaneously if exist, called communication node determines self to have the media capability that has common factor with the caller communication node.No matter described media capability information is with which content representation, and in order to guarantee the proper communication of calling and called communication node energy, the calling and called communication node all will be used and have the described media capability communication of occuring simultaneously.
Described calling and called communication node can be communication terminal, gateway or media controller unit (MCU) etc.
Described encryption policy can be present XOR algorithm commonly used, negate algorithm, MD5 algorithm etc.
Flow process shown in Figure 1 can realize that the coded communication in the step 109 is normally at RFC 2833 protocol data packet encryptions by communication protocols such as Session Initiation Protocol, H323 agreements.When flow process shown in Figure 1 is realized by SIP, can carry out step 107, and the key operation in the step 106 split in step 101, the step 104 carry out respectively.Concrete fractionation mode is: caller communication node in the step 106 is put in the step 101 to called communication node transmission communication encryption capability negotiation requested operation carries out; The operation that called communication node in the step 106 is sent the response of communication encryption capability negotiation to the caller communication node is put in the step 104 to be carried out.Have, when flow process shown in Figure 1 was realized by SIP, execution in step 105 again.
By the above as can be seen, the method for realization coded communication provided by the present invention has improved communications security and user satisfaction.
Claims (10)
1. a method that realizes coded communication is characterized in that, this method is used for encrypting at RFC 2833 protocol data bags, may further comprise the steps:
When a. two communication nodes were communicated by letter, first communication node sent to the second communication node with self media capability information and communication encryption ability information;
B. the second communication node is according to media capability information and communication encryption ability information from first communication node, judge self whether to have the communication encryption ability and have the media capability that occurs simultaneously with first communication node, if have, first, second communication node is determined identical data encryption key, and application exists the described media capability and the established data encryption key that occur simultaneously to carry out coded communication;
Wherein, described determination methods comprises:
The second communication node obtains the media capability that self has, and the media capability that relatively obtains with whether have common factor from the pairing media capability of media capability information of first communication node, occur simultaneously if exist, the second communication node determines self to have the media capability that has common factor with first communication node;
The communication configuration parameter of relevant communication encryption ability in second communication querying node self communication configuration parameter, if the communication configuration parameter that inquires is supported communication encryption, the second communication node determines self to have the communication encryption ability.
2. the method for claim 1 is characterized in that, described media capability information is the communication protocol title, and whether then described second communication node is determined self to have with first communication node exists the method for the media capability that occurs simultaneously to be:
The second communication node obtains the communication protocol that self supports, and the title of the communication protocol of relatively obtaining with whether have common factor from the communication protocol title of first communication node, occur simultaneously if exist, the second communication node determines self to have the media capability that has common factor with first communication node.
3. method as claimed in claim 1 or 2 is characterized in that, the communication configuration parameter of described relevant communication encryption ability is to encrypt to enable, and then among the step b, the second communication node judges that the method that self whether has the communication encryption ability is:
Encryption in second communication querying node self communication configuration parameter enables, if the encryption that inquires enables to be arranged at enabled state, the second communication node determines self to have the communication encryption ability.
4. method as claimed in claim 1 or 2, it is characterized in that, described communication encryption ability information is the random number of first communication node generation or the public keys that sets in advance, and then among the step b, the method for described first, second communication node specified data encryption key comprises:
The second communication node is used the encryption policy set in advance to random number or public-key encryption from first communication node, and with encrypted result as follow-up data encryption key of communicating by letter with first communication node; First communication node is used the encryption policy set in advance to random number that self generates or the public-key encryption that sends to the second communication node, and with encrypted result as follow-up and the data encryption key second communication node communication.
5. method as claimed in claim 1 or 2, it is characterized in that, described communication encryption ability information be first communication node use the encryption policy set in advance and the public keys that sets in advance to the random number encryption of its generation after the encrypted result of gained, then among the step b, the method for described first, second communication node specified data encryption key comprises:
The second communication node is used encryption policy and the public keys set in advance the communication encryption ability information from first communication node is decrypted, and with decrypted result as follow-up data encryption key of communicating by letter with first communication node; First communication node with the random number of described generation as follow-up and the data encryption key second communication node communication.
6. method as claimed in claim 1 or 2, it is characterized in that, described communication encryption ability information is the random number of first communication node generation or the public keys that sets in advance, and then among the step b, the method for described first, second communication node specified data encryption key comprises:
The second communication node directly will be from the random number of first communication node or public keys as follow-up data encryption key of communicating by letter with first communication node; Random number that first communication node directly generates self or the public keys that sends to the second communication node are as follow-up and the data encryption key second communication node communication.
7. method as claimed in claim 1 or 2 is characterized in that, among the step b, describedly carries out coded communication and comprises:
First/second communication node is used described data encryption key and with the encryption policy that sets in advance the data that send to the second/the first communication node is encrypted, and the enciphered data after will encrypting sends to the second/the first communication node; The second/the first communication node is used described data encryption key and described encryption plan and is coughed up the enciphered data from first/second communication node is decrypted.
8. the method for claim 1 is characterized in that, before step b or among the step b, further foundation is used for the communicating medium passage between first communication node and second communication node.
9. the method for claim 1 is characterized in that, described first communication node, second communication node are communication terminal, gateway or media controller unit MCU.
10. the method for claim 1 is characterized in that, first communication node and second communication node utility cession initiation protocol SIP or H323 protocol interaction.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510117145A CN1881869B (en) | 2005-11-01 | 2005-11-01 | Method for realizing encryption communication |
| PCT/CN2006/002932 WO2007051415A1 (en) | 2005-11-01 | 2006-11-01 | Mobile communication system, and information transmitting method and device wherein |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510117145A CN1881869B (en) | 2005-11-01 | 2005-11-01 | Method for realizing encryption communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1881869A CN1881869A (en) | 2006-12-20 |
| CN1881869B true CN1881869B (en) | 2010-05-05 |
Family
ID=37519863
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200510117145A Expired - Fee Related CN1881869B (en) | 2005-11-01 | 2005-11-01 | Method for realizing encryption communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1881869B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9084231B2 (en) | 2008-03-13 | 2015-07-14 | Qualcomm Incorporated | Methods and apparatus for acquiring and using multiple connection identifiers |
| CN102694753A (en) * | 2011-03-25 | 2012-09-26 | 国基电子(上海)有限公司 | Gateway equipment capable of carrying out encryption transmission on data, system and method thereof |
| CN104038930B (en) * | 2013-03-04 | 2017-10-10 | 北京信威通信技术股份有限公司 | A kind of method of Duan Dao centers IP packets encryption |
| CN104284328A (en) * | 2013-07-09 | 2015-01-14 | 北京鼎普科技股份有限公司 | Method and device for encrypting mobile phone communication content |
| CN105871790B (en) * | 2015-01-23 | 2019-02-01 | 华为技术有限公司 | It is used for transmission the methods, devices and systems of data |
| CN108833943B (en) * | 2018-04-24 | 2020-12-08 | 苏州科达科技股份有限公司 | Code stream encryption negotiation method and device and conference terminal |
| CN110557593A (en) * | 2018-06-01 | 2019-12-10 | 中兴通讯股份有限公司 | Media transmission method and H323-SIP gateway |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6064741A (en) * | 1995-04-13 | 2000-05-16 | Siemens Aktiengesellschaft | Method for the computer-aided exchange of cryptographic keys between a user computer unit U and a network computer unit N |
| CN1360780A (en) * | 1999-07-12 | 2002-07-24 | 艾利森电话股份有限公司 | Method and system for exchanging information between multimedia network nodes |
| US6470085B1 (en) * | 1996-10-29 | 2002-10-22 | Matsushita Electric Industrial Co., Ltd. | Application package and system for permitting a user to use distributed application package on the term of the use thereof |
| CN1479489A (en) * | 2002-08-29 | 2004-03-03 | ����ͨѶ�ɷ�����˾ | Method of transmitting broadband multimedia data on comprehensive business digital network |
| CN1564509A (en) * | 2004-03-23 | 2005-01-12 | 中兴通讯股份有限公司 | Key consaltation method in radio LAN |
-
2005
- 2005-11-01 CN CN200510117145A patent/CN1881869B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6064741A (en) * | 1995-04-13 | 2000-05-16 | Siemens Aktiengesellschaft | Method for the computer-aided exchange of cryptographic keys between a user computer unit U and a network computer unit N |
| US6470085B1 (en) * | 1996-10-29 | 2002-10-22 | Matsushita Electric Industrial Co., Ltd. | Application package and system for permitting a user to use distributed application package on the term of the use thereof |
| CN1360780A (en) * | 1999-07-12 | 2002-07-24 | 艾利森电话股份有限公司 | Method and system for exchanging information between multimedia network nodes |
| CN1479489A (en) * | 2002-08-29 | 2004-03-03 | ����ͨѶ�ɷ�����˾ | Method of transmitting broadband multimedia data on comprehensive business digital network |
| CN1564509A (en) * | 2004-03-23 | 2005-01-12 | 中兴通讯股份有限公司 | Key consaltation method in radio LAN |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1881869A (en) | 2006-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9537837B2 (en) | Method for ensuring media stream security in IP multimedia sub-system | |
| US6865681B2 (en) | VoIP terminal security module, SIP stack with security manager, system and security methods | |
| EP1374533B1 (en) | Facilitating legal interception of ip connections | |
| CN1881869B (en) | Method for realizing encryption communication | |
| WO2011022999A1 (en) | Method and system for encrypting video conference data by terminal | |
| US20060288423A1 (en) | Method, system and network elements for establishing media protection over networks | |
| CN101102185A (en) | Media security for IMS session | |
| WO2006100970A1 (en) | Method and system for providing internet key exchange (ike) during sip session | |
| JP4838881B2 (en) | Method, apparatus and computer program product for encoding and decoding media data | |
| CN104683098A (en) | Implementation method, equipment and system of secure communication service | |
| US20070074022A1 (en) | Method for providing message transmission in H.323 communication system | |
| WO2012024905A1 (en) | Method, terminal and ggsn for encrypting and decrypting data in mobile communication network | |
| CN107251512B (en) | Method, device and system for establishing a secure communication session | |
| WO2005104423A1 (en) | The method of secret communication between the endpoints | |
| WO2007048301A1 (en) | A encryption method for ngn service | |
| US8181013B2 (en) | Method, media gateway and system for transmitting content in call established via media gateway control protocol | |
| CN100544247C (en) | The negotiating safety capability method | |
| WO2007093079A1 (en) | Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy | |
| CN107395552A (en) | A kind of data transmission method and device | |
| WO2008074226A1 (en) | A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones | |
| WO2007051415A1 (en) | Mobile communication system, and information transmitting method and device wherein | |
| US20070133808A1 (en) | Method for allocating session key across gatekeeper zones in a direct-routing mode | |
| WO2012174843A1 (en) | Key negotiation method and system for achieving end-to-end security | |
| CN114760625A (en) | Encrypted call method, device and system | |
| CN1889706B (en) | Method for raising interoffice transfer content security in soft exchange |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100505 |