• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    which is transferred between Methods for encrypting information, two communication devices, such as mobile phones, personal computers, PDAs, etc., where a security module is present in each mobile phone and where a security application contains encryption and decryption algorithms. The invention is characterized by the security application being caused (2), a card slot of the respective mobile telephone to be stored on an SD card which is caused to be inserted in (1), the security application being caused to be transferred from the SD card (2) by the security of the mobile telephone ( l) security module (4) in addition to a session key stored on the SD card, in that a key stream is caused to be formed in the SD card (2) on the basis of the session key, in case of encryption the key stream is caused to be transferred from (4), (l) the security SD card (2) of the mobile phone security module of the encryption is caused to take place in the mobile phone (4), by the mobile phone, module after which a media stream thus encrypted is transmitted by the media stream being received by a second mobile phone, by decryption being aided a corresponding key stream in the security module (4) of the second mobile telephone and in that said corresponding key stream is formed in the SD card (2) of the second mobile telephone on the basis of said session key l. Figure 1 is to be published. h: docwork applicationtext.docx lOOO59EN
    公开号:SE1050332A1
    申请号:SE1050332
    申请日:2010-04-07
    公开日:2011-10-04
    发明作者:Stefan Hagbard
    申请人:Exformation Comm Ab;
    IPC主号:
    专利说明:

    The present invention thus relates to a method for encrypting information which is transmitted between two communication units, such as mobile telephones, personal computers, PDAs, etc., where a security module is present in each mobile telephone and where a security application contains encryption and decryption algorithms and is characterized by, that the security application is caused to be stored on an SD (Secure Digital) card, which is caused to be inserted into a slot on each mobile phone, by the security application being transferred from the SD card to the security module of the mobile phone in addition to a session key stored on SD the card, by causing a key stream to be formed in the SD card on the basis of the session key, by causing the key stream to be transferred from the SD card to the mobile phone security module during encryption, by causing the encryption to take place in the mobile phone security module, after which an encrypted media stream was broadcast by the mobile phone, by a tt the media stream is received by a second mobile telephone, by decryption being effected by means of a corresponding key stream in the security module of the second mobile telephone and by said said key stream being formed in the SD card of the second mobile telephone on the basis of said session key.
    The invention is described in more detail below, partly in connection with exemplary embodiments of the invention shown in the accompanying drawings, in which - figure 1 schematically illustrates the present invention together with a mobile telephone - figure 2 constitutes a more detailed illustration of what is shown in figure 1 - figure 3 illustrates an embodiment. b: docwork ansökstext.docx l0O059EN 10 15 20 25 30 Figure I illustrates the present method for encrypting information which is transmitted between two communication devices, such as mobile telephones, personal computers, PDAs, etc., where a security module 4 is present in each mobile phone I and where a security application contains encryption and decryption algorithms. car phone l.
    Figure I shows only a first mo- A second, not shown, mobile telephone is arranged in a corresponding manner so that the mobile telephones can communicate with each other over a communication night. The invention can be applied to various communication networks, such as GSM, 3G, 4G or over IP, so-called VoIP telephony. However, the invention in the case of VoIP telephony is described below.
    The mobile telephone 1 is provided with a slot for an SD card 2. Furthermore, the mobile telephone comprises a memory in a known manner.
    An interface 3 is present between the mobile phone's memory and an SD card (Secure Digital card) inserted in the slot.
    According to the invention, said security application is caused to be stored on an SD card 2, which is caused to be inserted in a card slot of the respective mobile telephone. The security application is caused to be transferred from the SD card to the mobile phone's said security module 4, in addition to a session key stored on the SD card 2. For encryption and decryption, a key stream is caused to form in the SD card on the basis of the session key.
    Figure 4 illustrates the SD card 2. The SD card 2 comprises a processor 32, a memory 33 and a smart card circuit 34 of a conventional type. The memory application is stored in the memory 33, which is to be transferred to the memory of the mobile telephone, as well as the security application used by the SD card for encryption and decryption. h: docwork applicationtext.docx 100059515 10 15 20 25 30 When encrypting or decrypting, the key stream is transmitted to the mobile phone's security module 4 via the interface 3, whereby the encryption or decryption is caused to take place in the mobile phone's security module 4. An After encryption of information is sent , such as a voice, encrypted media stream of the mobile telephone 1. This media stream is received by the other, not shown, mobile telephone. Decryption is effected by means of a corresponding key stream in the security module of the second mobile telephone, where the corresponding key stream is caused to be formed in the SD card of the other mobile telephone on the basis of the session key.
    In Figure 1, the number 5 denotes algorithms for generating session keys and key streams for encryption and decryption, which are stored on the SD card. Number 6 denotes encryption algorithms containing key streams retrieved from the SD card 2. Number 7 denotes decryption algorithms containing key streams retrieved from the SD card 2. Number 8 denotes an application for IP telephony. The number 9 denotes a signal from the mobile telephone microphone and the number 10 a signal to the mobile telephone loudspeaker. The arrow 11 illustrates encrypted information transmitted by the mobile telephone and the arrow 12 illustrates encrypted information received by the mobile telephone.
    By protecting the session key and the keystream generation on the SD card, the method according to the invention is very secure.
    According to a preferred embodiment, the security application in the security module 4 of the mobile telephone is caused to be deleted after the information transfer between the mobile telephones has been completed: docwork applicationtext.docx 100059515 10 15 20 25 30. One way to achieve the deletion is that the security module in the mobile phone no longer has contact with the SD card.
    This can be achieved by the telephone application disconnecting from the SD card when a call is disconnected or by removing the SD card from the mobile phone, whereby the security module in the mobile phone no longer has contact with the SD card.
    It is obvious that the actual encryption and decryption takes place in the mobile phone's security module 4, which is why the information flow over the interface is limited to about half the size compared to if the encryption or decryption were to take place on the SD card 2. This will also reduce power consumption. greatly reduced when the present invention is applied.
    The mentioned session key is a secret, which both parties know but no outsiders may know. It is preferred that this session key be established through Diffie-Hellman key generation via e.g. The Mikey Protocol. This allows both parties to generate a secret session key without the key being exposed in the public network. However, the present invention is not limited to any particular encryption and decryption algorithms or methods, or key generation methods, but any suitable method may be used.
    According to a preferred embodiment, the used session key is caused to change between two consecutive connections between two mobile telephones.
    It is further preferred that information about the session key to be used in a particular call is transmitted from the calling mobile phone to the called h: docwork application text.docx 100059515 10 15 20 25 30 the establishment of the connection between the phones.
    From this session key, a key stream is derived, which is used as a mask to permute (change / relocate) the bit stream in the media, so that only the one that can generate an identical bit stream can restore the bit sample in the stream, i.e. the inverse function of the permutation. An example of such a mask function is a logical XOR (Exclusive OR).
    Below is an example of an encryption: RTP (Real Time Protocol) 01101101 Mediabit Stream Key Stream 10101001 Derived from the session key Provides outgoing S (Safe) -RTP 11000100 Encrypted media bit stream The encrypted media bit stream is received and decrypted.
    Incoming S-RTP 11000100 Media bit stream Key stream 10101001 Derived from session key RTP 011101101 Decrypted media bit stream In this example, XOR is used to mask the media stream with the key stream generated, for example with AES CTR (American Encryption Standard Counter Mode). It is Counter Mode that defines how a key stream is derived from the current session key.
    The phone has a VoIP application 8 (IP telephony application), which generates RTP frames, which represent the microphone and speakers in digital form. These RTP frames must be encrypted and decrypted, respectively, in order for communication to be secure when the RTP frame goes over an IP connection. There is a security application for the VoIP application, which is partly installed in the phone's security module 4, and partly in the SD card's 2 so: docwork applicationtext.docx 100059EN 10 15 20 25 30 security module. In the security module on the SD card, the said session key is generated and protected for the communication, e.g. through Diffie-Hellman or other key exchange. In addition, the security module on the SD card generates the keystream, which is the bitstream to be permuted with the media stream in the RTP frames to obtain the encrypted RTP frames (S-RTP). This is sent to the receiving telephone and vice versa for the incoming packet.
    The permutation is done in the part of the application, which is placed in the mobile phone's security module 4.
    Because the media bit stream and the key stream are permuted in the security module 4 in the mobile telephone, the exchange of information over the interface between the telephone and the card is approximately halved while the session key never leaves the secure environment on the SD card. This constitutes a more secure implementation that enables the crypto function to be protected in the SD card environment without risky exposure of session keys or media encryption in the insecure mobile environment.
    Figure 2 illustrates the media streams and information streams for encryption and decryption in more detail. For example, when a person speaks into the microphone of the mobile telephone 1, a signal 20 comes from the microphone to a circuit 21, called CODEC in Figure 2. CODEC is an abbreviation of Coder - Decoder, which is an analog-to-digital converter and is passed to a circuit RTP, designated 22, where the number is packaged in an RTP frame. The RTP frames are passed on to the mobile module 1 security module 4, where the RTP frames are encrypted by means of an encryption key 23, previously obtained from a key current generator 24 on the SD card 2. The encrypted RTP frames are transmitted via a HMAC circuit, which protects the integrity of the information, to an IP h: docwork applicationtext.docx 100059515 10 15 20 25 30 application 26, IP, whereby the encrypted message is sent, 13, from the mobile phone 1. HMAC stands for Hash-Based Message Authentication Code.
    An incoming encrypted signal 12 received by the mobile telephone is passed via the IP application 26 to the HMAC circuit 25 and further to the security module of the mobile telephone, where it is decrypted by means of a key stream 27 for decryption previously obtained from a key current generator 28 on the SD card 2. They and a decrypted RTP frame are transmitted via the circuit 21, CODEC, conductor 29 to the speakers of the mobile telephone, where the message can be listened to in plain text.
    In Figure 2, the number 30 denotes a non-externally accessible memory area for session keys. The number 31 refers to an application for authenticating a user for sending an encrypted message.
    According to a further preferred embodiment, a transmission is started, which is to be encrypted by the user being asked to select a telephone number provided with a predetermined prefix.
    One embodiment is that when the user enters data, e.g. retrieved data from the phonebook or entered a string via the mobile phone's keyboard, this is transferred to a so-called event handler in the mobile phone. Today, this event handler only checks if the user has entered an emergency number, 112, 911, and if so, an emergency call is connected independently of the usual telephone connection routines. According to an embodiment of the invention, the event handler is arranged to perform an additional check on the prefix in the string specified by the user. According to the invention, this prefix constitutes a h: docwork application text.docx known as a suitable symbol, for example * or # or a card number or other alphanumeric code. Provided that the prefix precedes a telephone number, the event handler is arranged to call the applications described above and which are needed to perform an encrypted exchange of information between two mobile telephones.
    If no prefix is specified, the entire string can be matched to known strings, e.g. 343, which then corresponds to the application EID, Electronic Identification, which is called in this case with an empty argument. Thus, it is left to the application to request input of the input data, e.g. security code, required.
    Figure 3 illustrates this embodiment. The user has previously entered names and telephone numbers in a conventional manner and thereby entered the telephone numbers in the traditional manner, as shown by the number to Alice, denoted 14. The user has also, according to the above, entered Alice numbers with the prefix *, as shown at the designation 13. If the user dials the marked telephone number, designated 13, an encrypted transmission will be initiated, as stated above.
    It is obvious that the present invention solves the problems mentioned in the introduction.
    A number of embodiments have been described above. However, the invention may be varied. For example, other suitable encryption and decryption algorithms may be used. In addition, parts of the key streams can be transferred via the interface to the mobile phone security module after the remaining parts of the key streams have been transferred to the mobile phone security module. The present invention should therefore not be construed as limited to the above-mentioned embodiments, but may be varied within the scope of the appended claims. h: docwork applicationtext.docx 100059515
    权利要求:
    Claims (7)
    [1]
    1. l. Method for encrypting information, between two communication devices, such as mobile phones, personal computers, PDAs, etc., where a security module is present in each mobile phone and where a security application contains encryption and decryption algorithms, the security application can be brought that (2), the slot of the respective mobile telephone sign, which is brought into a (1), the application is caused to be transferred from the SD card stored on an SD card by the security (2) to in addition to a session mobile telephone (1) ) security module (4) key stored on the SD card, by causing a key stream to be formed in the SD card (2) on the basis of the session key, by causing the key stream to be transferred from the SD (4) during encryption, the encryption is caused to take place in the mobile telephone (1) (4) of the mobile telephone, the card (2) to the security module of the mobile telephone in that security module after which a media stream thus encrypted was emitted by receiving the media stream is provided by a second mobile telephone, by decryption being effected by means of a corresponding key stream in the security module (4) of the second mobile telephone and by causing said corresponding key stream to be formed in the SD card (2) of the second mobile telephone. on the basis of the said session key.
    [2]
    Method according to claim 1, characterized in that the security application in the security module (4) of the mobile telephone is caused to be deleted after the information transfer has been completed.
    [3]
    Method according to claim 1 or 2, characterized in that the session key used is caused to change between two successive connections between two mobile telephones. 2 or 3,
    [4]
    A method according to claim 1, characterized in that the session key is caused to be transferred from the calling mobile telephone to the called mobile telephone upon establishment of the connection between the telephones. 3 or 4,
    [5]
    A method according to claim 1, 2, characterized in that the session key is caused to be established by so-called Diffie-Hellman key generation via the so-called Mi- key protocol.
    [6]
    A method according to any one of the preceding claims, characterized in that said information transmission is made via VoIP, i.e. IP telephony.
    [7]
    A method according to any one of the preceding claims, characterized in that a transmission to be encrypted is started by causing the user to dial a telephone number provided with a predetermined prefix. h: docwork applicationtext.docx l0O059EN
    类似技术:
    公开号 | 公开日 | 专利标题
    SE1050332A1|2011-10-04|Method of encrypting information transmitted between two communication devices.
    CN101197674B|2010-10-27|Encrypted communication method, server and encrypted communication system
    KR100372495B1|2003-02-15|Method and system for securely transferring a data set in a data communications system
    US8694789B2|2014-04-08|System and method for generating a non-repudiatable record of a data stream
    CN104333455A|2015-02-04|Secrete communication system and method for smart phone
    JP2011511510A|2011-04-07|Method and apparatus for enabling lawful interception of encrypted traffic
    US20070237144A1|2007-10-11|Transporting authentication information in RTP
    TW498638B|2002-08-11|Wireless communication device and wireless communication method
    CN101909290A|2010-12-08|Method, system and mobile terminal for encrypting voice call
    JP3792657B2|2006-07-05|Method for enhanced cryptographic processing of messages in a call processed by a communication device
    Win et al.2008|Speech Encryption and Decryption Using Linear Feedback Shift Register |
    EP2175579B1|2012-07-25|Encryption and decryption device and method for voice communications
    US20150249650A1|2015-09-03|System and method to merge encrypted signals in distributed communication system
    KR20050044196A|2005-05-12|Wiretapping preventer for voice communication in voip system
    JP5163187B2|2013-03-13|Call center system
    CN1177431C|2004-11-24|Method and mobile device for end-to-end enciphere
    CN104955037A|2015-09-30|Communication encryption method and device for GSM | mobile phones
    CN103354638A|2013-10-16|Android system-based mobile phone encryption server system
    CN107819725B|2020-11-27|VoIP | call method and mobile terminal
    JP2001203688A|2001-07-27|Voice communication terminal
    JP6555591B2|2019-08-07|Optical communication system and encryption method
    US10348698B2|2019-07-09|Methods and systems for link-based enforcement of routing of communication sessions via authorized media relays
    CN113099444A|2021-07-09|Information transmission method and system for protecting privacy
    JPH10336338A|1998-12-18|Digital encryption speech system using analog telephone line
    CN110536030A|2019-12-03|Transmission method, system, electronic equipment and the storage medium of video frequency color ring
    同族专利:
    公开号 | 公开日
    EP2556622A4|2017-03-01|
    US20130064373A1|2013-03-14|
    SE534566C2|2011-10-04|
    WO2011126425A1|2011-10-13|
    EP2556622A1|2013-02-13|
    US9363034B2|2016-06-07|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    KR100498486B1|2003-02-06|2005-07-01|삼성전자주식회사|Computer system providing for recompiling a program and cxtracting threads dynamically by a thread binary compiler and Simultaneous Multithreading method thereof|
    US20060288423A1|2005-06-17|2006-12-21|Nokia Corporation|Method, system and network elements for establishing media protection over networks|
    US7991158B2|2006-12-13|2011-08-02|Tyfone, Inc.|Secure messaging|
    US7865212B2|2007-01-17|2011-01-04|Research In Motion Limited|Methods and apparatus for use in transferring user data between two different mobile communication devices using a removable memory card|
    US8555068B2|2007-11-13|2013-10-08|Koolspan, Inc.|Secure mobile telephony|US8381297B2|2005-12-13|2013-02-19|Yoggie Security Systems Ltd.|System and method for providing network security to mobile devices|
    US20080276302A1|2005-12-13|2008-11-06|Yoggie Security Systems Ltd.|System and Method for Providing Data and Device Security Between External and Host Devices|
    US8869270B2|2008-03-26|2014-10-21|Cupp Computing As|System and method for implementing content and network security inside a chip|
    WO2010059864A1|2008-11-19|2010-05-27|Yoggie Security Systems Ltd.|Systems and methods for providing real time access monitoring of a removable media device|
    EP2907043B1|2012-10-09|2018-09-12|Cupp Computing As|Transaction security systems and methods|
    US20160014099A1|2013-03-07|2016-01-14|Icelero Inc|System and method for secure voip communication|
    US11157976B2|2013-07-08|2021-10-26|Cupp Computing As|Systems and methods for providing digital content marketplace security|
    WO2015123611A2|2014-02-13|2015-08-20|Cupp Computing As|Systems and methods for providing network security using a secure digital device|
    法律状态:
    2018-12-04| NUG| Patent has lapsed|
    优先权:
    申请号 | 申请日 | 专利标题
    SE1050332A|SE534566C2|2010-04-07|2010-04-07|Method of encrypting information transmitted between two communication devices.|SE1050332A| SE534566C2|2010-04-07|2010-04-07|Method of encrypting information transmitted between two communication devices.|
    US13/639,178| US9363034B2|2010-04-07|2011-02-23|Method to encrypt information that is transferred between two communication units|
    PCT/SE2011/050206| WO2011126425A1|2010-04-07|2011-02-23|Method to encrypt information that is transferred between two communication units|
    EP11766232.0A| EP2556622A4|2010-04-07|2011-02-23|Method to encrypt information that is transferred between two communication units|
    [返回顶部]