CN110475034B - Method for improving telephone security, user end device, server device and system - Google Patents

Abstract

The invention is suitable for the field of information security, and provides a method for improving the security of a phone, a user side device, a server device and a system, wherein the method for improving the security of the phone comprises the following steps: carrying out state negotiation with a connected phone, and sending received phone request information to a server for private key decryption and verification, wherein the phone request information comprises: the information and the communication key are verified through public key encryption; and sending the received decryption result returned by the server to the phone to complete the state negotiation with the phone, wherein the decryption result comprises: private key signature and communication key; and carrying out encryption communication with the phone based on the communication key. Because the user side does not participate in the private key decryption, other people cannot crack the phone through the general protocol of the user side and the phone, and the security of the phone is greatly improved.

Description

Method for improving telephone security, user end device, server device and system

Technical Field

The present invention relates to the field of information security, and in particular, to a method, a client device, a server device, and a system for improving security of a phone.

Background

With the development of IP phones and their low cost, large enterprises are beginning to use them widely. IP telephony systems generally consist of three parts: the system comprises a telephone, a network and a user side (such as a PC side), wherein the telephone is connected with the user side to make a call through the network. The condition of communication information leakage is inevitably caused due to the fact that the telephone is accessed into the network, and the safety factor is not high. For this problem, the existing solution is to implant a dongle in the phone or implant an encryption protocol between the phone and the user side, but the cost of the phone becomes high due to the implanted dongle, which is not consistent with the purpose of cost reduction of enterprises, and usually the encryption protocol is implanted between the phone and the user side, and the encryption protocol is implanted between the phone and the user side. Therefore, the existing telephone has low security performance.

Disclosure of Invention

The embodiment of the invention provides a method for improving the security of a telephone, a user side device, a server device and a system, and aims to solve the problem of low security of the telephone in the prior art.

The embodiment of the present invention is implemented as follows, and in a first aspect, the present invention provides a method for improving security of a phone, where an encrypted public key is provided in the phone, and the method includes the following steps:

carrying out state negotiation with a connected phone, and sending received phone request information to a server for private key decryption and verification, wherein the phone request information comprises: the information and the communication key are verified through public key encryption;

and sending the received decryption result returned by the server to the phone to complete the state negotiation with the phone, wherein the decryption result comprises: private key signature and communication key;

and carrying out encryption communication with the phone based on the communication key.

Further, before the step of performing state negotiation with the connected phone and sending the received phone request information to the server for private key decryption, the method further includes:

sending authentication information to a server for authentication;

and resetting the state according to a returned result returned by the server after the authentication is successful, wherein the returned result comprises: and authentication result and authenticated account information.

Still further, the method further comprises:

when the phone or the server is reconnected each time, sending state negotiation to the phone, and judging whether the phone sends phone request information again;

if the phone resends the phone request information, sending the received phone request information resent by the phone to a server for private key decryption;

and if the phone does not resend the phone request information, sending a state negotiation instruction to the phone to request for state negotiation when the phone communicates with the phone every time.

In a second aspect, the invention also provides a method of improving the security of a telephone,

still further, an encrypted public key is provided in the phone, and the method includes:

receiving phone request information sent by a user side in state negotiation with a phone, and performing private key decryption and verification, wherein the phone request information comprises: the information and the communication key are verified through public key encryption;

sending a decryption result to the user side so that the user side and the phone complete state negotiation, wherein the result includes: private key signatures and communication keys.

Further, before the receiving the phone request information sent by the user end in state negotiation with the phone, and performing private key decryption and verification, the method further includes:

receiving authentication information of a user side and performing authentication;

if the authentication is successful, returning a return result to the user side so as to enable the user side to reset the state, wherein the return result comprises: and authentication result and authenticated account information.

Still further, the method further comprises:

and re-receiving the authentication information of the user side for authentication each time when the user side is reconnected.

Still further, the method further comprises:

according to the verification information, judging whether the state negotiation of the phone has an abnormal state, wherein the abnormal state comprises the following steps: one account corresponds to at least one of a plurality of telephones, a plurality of telephones are serially connected in batches, and a service period is invalid;

and if the abnormal state exists, refusing to send the decryption result to the user side.

In a third aspect, the present invention further provides a user end device for improving security of a phone, where an encrypted public key is provided in the phone, and the user end device includes:

the first sending module is used for carrying out state negotiation with a connected phone and sending received phone request information to a server for private key decryption and verification, wherein the phone request information comprises: the information and the communication key are verified through public key encryption;

a second sending module, configured to send a received decryption result returned by the server to the phone to complete a state negotiation with the phone, where the decryption result includes: private key signature and communication key;

and the communication encryption module is used for carrying out encryption communication with the phone based on the communication key.

Still further, the client device further includes:

the third sending module is used for sending the authentication information to the server for authentication;

the state resetting module is used for resetting the state according to the returned result returned by the server after the authentication is successful, wherein the returned result comprises: and authentication result and authenticated account information.

Still further, the client device further includes:

the judging module is used for sending state negotiation to the phone and judging whether the phone resends phone request information or not when reconnecting with the phone or the server each time;

the fourth sending module is used for sending the received phone request information which is sent again by the phone to the server for private key decryption if the phone resends the phone request information;

and the fifth sending module is used for sending a state negotiation instruction to the phone to request for state negotiation when the phone communicates with the phone every time if the phone does not resend the phone request information.

In a fourth aspect, the present invention further provides a server apparatus for improving security of a phone in which an encrypted public key is provided, the server apparatus including:

the first processing module is used for receiving phone request information sent by a user side in state negotiation with a phone, and performing private key decryption and verification, wherein the phone request information comprises: the information and the communication key are verified through public key encryption;

a sending module, configured to send a decryption result to the user side, so that the user side and the phone complete state negotiation, where the decryption result includes: private key signatures and communication keys.

Still further, the server apparatus further includes:

the second processing module is used for receiving the authentication information of the user side and authenticating;

a returning module, configured to return a returning result to the user side if the authentication is successful, so that the user side performs state resetting, where the returning result includes: and authentication result and authenticated account information.

Still further, the server apparatus further includes:

and the reconnection module is used for receiving the authentication information of the user side again for authentication when reconnecting with the user side every time.

Still further, the server apparatus further includes:

a state judgment module, configured to judge whether an abnormal state exists in the state negotiation of the phone according to the verification information, where the abnormal state includes: one account corresponds to at least one of a plurality of telephones, a plurality of telephones are serially connected in batches, and a service period is invalid;

and the rejection module is used for rejecting to send the decryption result to the user side if the abnormal state exists.

In a fifth aspect, the present invention also provides a system for improving the security of a phone, the system comprising:

the phone comprises a phone body, wherein an encryption public key is arranged in the phone body;

a user end device for improving the security of a phone according to any one of the embodiments of the present invention;

a server apparatus for improving security of a telephone set according to any one of the embodiments of the present invention.

In the embodiment of the invention, the public key is arranged in the phone to encrypt the verification information and the communication key, when the state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to carry out private key decryption and verification, the verification is successful, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in the private key decryption, other people cannot crack the phone through the general protocol of the user side and the phone, and the security of the phone is greatly improved.

Drawings

FIG. 1 is a schematic diagram of an alternative system architecture according to an embodiment of the present invention;

fig. 2 is a schematic flow chart illustrating a method for improving security of a phone according to an embodiment of the present invention;

fig. 3 is a schematic flow chart illustrating another method for improving the security of the phone according to the embodiment of the present invention;

fig. 4 is a schematic flow chart illustrating another method for improving the security of the phone according to the embodiment of the present invention;

fig. 5 is a schematic flow chart illustrating another method for improving the security of the phone according to the embodiment of the present invention;

fig. 6 is a schematic flow chart illustrating another method for improving the security of the phone according to the embodiment of the present invention;

fig. 7 is a schematic flow chart illustrating another method for improving the security of a phone according to an embodiment of the present invention;

fig. 8 is a schematic flow chart illustrating another method for improving the security of a phone according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a user-side device for improving the security of a phone according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of another client device for improving the security of a phone according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of another user-side device for improving the security of a phone according to an embodiment of the present invention;

fig. 12 is a schematic structural diagram of another user-side device for improving the security of a phone according to an embodiment of the present invention;

fig. 13 is a schematic structural diagram of another user equipment device for improving the security of a phone according to an embodiment of the present invention;

fig. 14 is a schematic structural diagram of another client device for improving the security of a phone according to an embodiment of the present invention;

fig. 15 is a schematic structural diagram of another client device for improving the security of a phone according to an embodiment of the present invention;

fig. 16 is a schematic structural diagram of a system for improving the security of a phone according to an embodiment of the present invention;

fig. 17 is a flow chart illustrating another method for improving the security of the phone according to the embodiment of the invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

In the existing encryption phone, an encryption protocol is usually implanted between the phone and the user side, and the encryption protocol is implanted between the phone and the user side, because a network protocol between the phone and the user side is a general protocol and is easy to reverse-decode, the phone can be controlled by software developed under the general protocol, for example, after the encryption is reversely decoded, others can control the phone of other people only by developing software in the user side (PC side) by using the same general protocol, thereby causing information leakage. The invention adopts the public key arranged in the phone to encrypt the verification information and the communication key, when the state negotiation is carried out, the encrypted verification information and the communication key are sent to the server through the user side to carry out private key decryption and verification, the verification is successful, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in the private key decryption, other people cannot crack the phone through the general protocol of the user side and the phone, and the safety of the phone is greatly improved.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions.

The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.

As shown in fig. 1, fig. 1 is an optional system architecture provided in the embodiments of the present invention, and is intended to support operations of the method for improving security of a phone in the embodiments of the present invention, and the system architecture may includephone devices 101, 102, 103, auser terminal 104 and aserver 105. Thephone devices 101, 102, 103 are connected to auser terminal 104, and theuser terminal 104 is connected to aserver 105, and the connection may include various connection types, such as wired, wireless communication links, or fiber optic cables.

The user may use thehandset devices 101, 102, 103 to interact with theuser terminal 104 over a network or data interface to receive or transmit messages or the like. Thephone devices 101, 102, and 103 may be installed with various communication modules, and may be used for receiving and sending various information, such as voice information, text information, or video information.

Thehandset devices 101, 102, 103 may be various handset devices having a handset and a microphone and supporting telecommunications, including but not limited to cell phones, smart phones, telephone handsets, and listening headsets, among others.

Theserver 105 may be a host server or a cloud server that provides various services.

It should be noted that, the method for improving the security of the phone provided in the embodiment of the present application may be executed by the server/client device, and accordingly, the apparatus for improving the security of the phone may be disposed in the server/client device.

Example one

Referring to fig. 2, fig. 2 is a flowchart illustrating a method for improving security of a phone according to an embodiment of the present invention, wherein an encrypted public key is disposed in the phone, and the method can be executed by the user end device in fig. 1, as shown in fig. 2, the method includes the following steps:

s101, performing state negotiation with a connected phone, and sending received phone request information to a server for private key decryption and verification, wherein the phone request information comprises: and verifying the information and the communication key through public key encryption.

The encryption public key set in the phone may be an asymmetric encryption public key based on RSA algorithm, or the encryption public key may be based on other encryption algorithms, such as public key encryption algorithm in ElGamal, knapsack algorithm, Rabin, Diffie-Hellman (D-H) key exchange protocol, eliptic Curve Cryptography (ECC, Elliptic Curve encryption algorithm), and so on. The state negotiation may be understood as a process of communication between the phone and the user terminal by activating a process that determines whether the phone is authorized to perform encrypted communication with the user terminal. Specifically, when the phone is connected to the user side, the phone enters a state negotiation with the user side, the phone encrypts the verification information and the communication key, and the verification information and the communication key can be encrypted by public key encryption of an RSA algorithm to form phone request information and send the phone request information to the user side. The connection between the phone and the user side can be a network connection or a wired data connection, for example, the connection can be made with the user side through usb/wifi/adb and other ways, as long as the phone request information can be transmitted to the corresponding user side. The private key corresponding to the phone is not arranged on the user side, so that the user side does not decrypt the phone request information, but forwards the phone request information to the server for processing, the private key corresponding to the phone public key is preset in the server, and the phone request information forwarded by the user side is decrypted through the private key in the server to obtain the verification information and the communication key in the phone request information. The verification information may include information such as an IMEI (International Mobile Equipment Identity), a RandKey, a Salt, and an id. The aforesaid communication key may be an AES (Advanced Encryption Standard) key, or other symmetric Encryption transmission key, such as DES (Data Encryption Standard).

The private key decryption is to decrypt the phone request information, so that the verification information can be verified, and a specific verification process can be that whether the IMEI in the verification information is legal or not is identified, and only the IMEI is accepted, so that the communication key in the phone request information is decrypted, and the private key signature is performed by using the RSA private key. And the server sends the decrypted communication key and the private key signature back to the user side.

S102, sending the received decryption result returned by the server to the phone to complete the state negotiation with the phone, wherein the decryption result comprises: private key signatures and communication keys.

Specifically, after receiving the private key signature and the communication key returned by the server, the user side sends the private key signature to the phone to complete state negotiation, and reserves the communication key for encrypted communication with the phone. After receiving the private key signature sent by the user side, the phone can use the encrypted public key to verify the private key signature, and if the verification is successful, state negotiation can be completed, so that the phone and the user side can carry out encrypted communication.

In a possible implementation manner, after receiving the private key signature and the communication key returned by the server, the user side may load the communication key, encrypt the private key signature using the communication key, and then send the encrypted private key signature to the phone, where the phone decrypts the encrypted private key signature using the communication key to obtain the private key signature, and then verifies the private key signature using the encrypted public key.

S103, carrying out encryption communication with the phone based on the communication key.

After the user side and the phone complete the state negotiation, the user side can carry out encryption communication with the phone, the communication key of the encryption communication is owned by the phone first, and after the state negotiation, the user side can also obtain the communication key sent by the server, the communication key is sent by the phone in an encrypted manner, and the communication key is sent to the user side after being decrypted by the server, so that the situation that the keys do not conform to each other cannot occur. The above state negotiation may also be referred to as communication negotiation.

The user side may be referred to as a client side, a PC side, or the like, and the telephone may be referred to as a telephone, a telephone device, a communication device, a device, or the like.

In the embodiment, the public key is arranged in the phone to encrypt the verification information and the communication key, when state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to be decrypted and verified by the private key, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in private key decryption, other people cannot crack the phone through a general protocol of the user side and the phone, and the security of the phone is greatly improved.

Example two

On the basis of the first embodiment, please refer to fig. 3, fig. 3 is a schematic flowchart of a method according to the second embodiment, before step S101, the method for improving the security of the phone further includes the following steps:

s201, sending authentication information to a server for authentication.

The user inputs authentication information through the user side, logs in the server, the server authenticates the authentication information, the server processes the phone request information uploaded by the user side only after the authentication is successful, otherwise, the server discards the phone request information uploaded by the user side without the authentication success as invalid data and does not perform decryption processing any more. The authentication information includes information such as account number and password. The account number may be configured and distributed by the manufacturer for the phone, or may be obtained by the user through self-registration of the IMEI of the phone.

S202, according to the successful authentication, the state reset is carried out on the returned result returned by the server, and the returned result comprises the following steps: and authentication result and authenticated account information.

The authentication result includes information of authentication success or authentication failure, and in a possible implementation manner, the authentication failure sends a prompt message of re-inputting the authentication information. The authenticated account information may be the same as the original account information. In a possible implementation manner, to further improve the security of the account, the authenticated account information may be different from the original account information in the authentication information, for example, after login authentication is performed through the 12345 account, an account 54321 for connecting to the server is returned, the user logs in through the account 54321, and the server receives the phone request information sent by the account 54321, and then processes the phone request information.

In the embodiment, the public key is arranged in the phone to encrypt the verification information and the communication key, when state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to be decrypted and verified by the private key, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in private key decryption, other people cannot crack the phone through a general protocol of the user side and the phone, and the security of the phone is greatly improved. In addition, the security of the telephone can be further improved by authenticating the user side and only decrypting and verifying the telephone request information sent by the user side which is successfully authenticated.

EXAMPLE III

On the basis of the first embodiment or the second embodiment, please refer to fig. 4, and fig. 4 is a schematic flow chart of the method according to the third embodiment, and the method for improving the security of the phone further includes the following steps:

and S301, when the phone or the server is reconnected each time, sending the state negotiation to the phone, and judging whether the phone resends the phone request information.

When the user end is disconnected with the telephone or the server and reconnected, the user end can send a state negotiation request to the connected telephone, and detect whether the telephone resends the telephone request information in real time, wherein the resent computer request information comprises: the verification information and the communication key are encrypted by the public key. Specifically, when the user terminal is reconnected with the phone, the state negotiation previously completed between the phone and the user terminal is reset, and the phone needs to perform state negotiation with the user terminal again to perform encrypted communication with the user terminal normally. Similarly, when the user side and the server are reconnected, the state negotiation previously completed between the user side and the phone is reset, and the user side needs to perform the state negotiation with the phone again to perform the encrypted communication with the phone normally. In a possible implementation manner, the user needs to log in the server again for authentication, and then performs the state negotiation with the phone.

And S302, if the phone resends the phone request information, sending the received phone request information resent by the phone to a server for private key decryption.

When the user side receives the phone request information retransmitted by the user, the received phone request information is retransmitted to the server for private key decryption, so that state negotiation is completed again, and encrypted communication is reestablished.

And S303, if the phone does not resend the phone request information, sending a state negotiation instruction to the phone to request for state negotiation when the phone communicates with the phone every time.

Before the user end does not receive the phone request information retransmitted by the user, no matter the command is sent to the phone or sent from the phone, the user end sends a plaintext command to the phone to request for state negotiation.

In the embodiment, the public key is arranged in the phone to encrypt the verification information and the communication key, when state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to be decrypted and verified by the private key, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in private key decryption, other people cannot crack the phone through a general protocol of the user side and the phone, and the security of the phone is greatly improved. In addition, after each reconnection, the user side needs to perform state negotiation with the phone again, or the user side needs to perform state negotiation with the phone after authentication of the server, so that communication between the phone and the user side is prevented from being cracked due to state leaving, and the security of the phone is further improved.

Example four

Referring to fig. 5, fig. 5 is a flowchart illustrating a method according to a fourth embodiment, and as shown in fig. 5, another method for improving security of a phone is provided, where an encrypted public key is provided in the phone, and the method may be executed by the server device in fig. 1, and includes:

s401, receiving phone request information sent by a user side in state negotiation with a phone, and performing private key decryption and verification, wherein the phone request information comprises: and verifying the information and the communication key through public key encryption.

The encryption public key set in the phone may be an asymmetric encryption public key based on RSA algorithm, or the encryption public key may be based on other encryption algorithms, such as public key encryption algorithm in ElGamal, knapsack algorithm, Rabin, Diffie-Hellman (D-H) key exchange protocol, eliptic Curve Cryptography (ECC, Elliptic Curve encryption algorithm), and so on. The state negotiation may be understood as a process of communication between the phone and the user terminal by activating a process that determines whether the phone is authorized to perform encrypted communication with the user terminal. Specifically, when the phone is connected to the user side, the phone enters a state negotiation with the user side, the phone encrypts the verification information and the communication key, and the verification information and the communication key can be encrypted by public key encryption of an RSA algorithm to form phone request information and send the phone request information to the user side. The connection between the phone and the user side can be a network connection or a wired data connection, for example, the connection can be made with the user side through usb/wifi/adb and other ways, as long as the phone request information can be transmitted to the corresponding user side. The private key corresponding to the phone is not arranged on the user side, so that the user side does not decrypt the phone request information, but forwards the phone request information to the server for processing, the private key corresponding to the phone public key is preset in the server, and the phone request information forwarded by the user side is decrypted through the private key in the server to obtain the verification information and the communication key in the phone request information. The verification information may include information such as an IMEI (International Mobile Equipment Identity), a RandKey, a Salt, and an id. The aforesaid communication key may be an AES (Advanced Encryption Standard) key, or other symmetric Encryption transmission key, such as DES (Data Encryption Standard).

The private key decryption is to decrypt the phone request information, so that the verification information can be verified, and a specific verification process can be that whether the IMEI in the verification information is legal or not is identified, and only the IMEI is accepted, so that the communication key in the phone request information is decrypted, and the private key signature is performed by using the RSA private key. And the server sends the decrypted communication key and the private key signature back to the user side.

S402, the decryption result is sent to the user side so that the user side and the phone complete state negotiation, and the result comprises: private key signatures and communication keys.

Specifically, after receiving the private key signature and the communication key returned by the server, the user side sends the private key signature to the phone to complete state negotiation, and reserves the communication key for encrypted communication with the phone. After receiving the private key signature sent by the user side, the phone can use the encrypted public key to verify the private key signature, and if the verification is successful, state negotiation can be completed, so that the phone and the user side can carry out encrypted communication.

In a possible implementation manner, after receiving the private key signature and the communication key returned by the server, the user side may load the communication key, encrypt the private key signature using the communication key, and then send the encrypted private key signature to the phone, where the phone decrypts the encrypted private key signature using the communication key to obtain the private key signature, and then verifies the private key signature using the encrypted public key.

In the embodiment, the public key is arranged in the phone to encrypt the verification information and the communication key, when state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to be decrypted and verified by the private key, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in private key decryption, other people cannot crack the phone through a general protocol of the user side and the phone, and the security of the phone is greatly improved.

EXAMPLE five

On the basis of the fourth embodiment, please refer to fig. 6, fig. 6 is a schematic flowchart of the method of the fifth embodiment, as shown in fig. 6, before step S401, the method for improving the security of the phone according to the embodiment of the present invention further includes:

s501, receiving authentication information of a user side and authenticating.

The user inputs authentication information through the user side, logs in the server, the server authenticates the authentication information, the server processes the phone request information uploaded by the user side only after the authentication is successful, otherwise, the server discards the phone request information uploaded by the user side without the authentication success as invalid data and does not perform decryption processing any more. The authentication information includes information such as account number and password. The account number may be configured and distributed by the manufacturer for the phone, or may be obtained by the user through self-registration of the IMEI of the phone.

S502, if the authentication is successful, returning a return result to the user side so as to enable the user side to reset the state, wherein the return result comprises: and authentication result and authenticated account information.

The authentication result includes information of authentication success or authentication failure, and in a possible implementation manner, the authentication failure sends a prompt message of re-inputting the authentication information. The authenticated account information may be the same as the original account information. In a possible implementation manner, to further improve the security of the account, the authenticated account information may be different from the original account information in the authentication information, for example, after login authentication is performed through the 12345 account, an account 54321 for connecting to the server is returned, the user logs in through the account 54321, and the server receives the phone request information sent by the account 54321, and then processes the phone request information.

In the embodiment, the public key is arranged in the phone to encrypt the verification information and the communication key, when state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to be decrypted and verified by the private key, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in private key decryption, other people cannot crack the phone through a general protocol of the user side and the phone, and the security of the phone is greatly improved. In addition, the security of the telephone can be further improved by authenticating the user side and only decrypting and verifying the telephone request information sent by the user side which is successfully authenticated.

EXAMPLE six

On the basis of the fifth embodiment, please refer to fig. 7, fig. 7 is a schematic flow chart of a sixth embodiment of the method, and as shown in fig. 7, the method for improving the security of the phone further includes:

s601, receiving the authentication information of the user side again for authentication when reconnecting with the user side each time.

When the user end is disconnected with the server and reconnected, the user end can send a request of state negotiation to the connected telephone, and detect whether the telephone resends the telephone request information in real time, wherein the resent computer request information comprises: the verification information and the communication key are encrypted by the public key. Specifically, when the user side is reconnected with the server, the state negotiation previously completed between the user side and the phone is reset, and the user side needs to perform the state negotiation with the phone again to perform the encrypted communication with the phone normally. Furthermore, the user needs to log in the server again for authentication, and then performs state negotiation with the phone.

In the embodiment, the public key is arranged in the phone to encrypt the verification information and the communication key, when state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to be decrypted and verified by the private key, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in private key decryption, other people cannot crack the phone through a general protocol of the user side and the phone, and the security of the phone is greatly improved. In addition, after the user side is reconnected with the server each time, the user side logs in the server again to perform authentication and then performs state negotiation with the phone, so that communication between the phone and the user side is prevented from being cracked due to state leaving, and the security of the phone is further improved.

EXAMPLE seven

On the basis of any of the fourth, fifth, and sixth embodiments, please refer to fig. 8, fig. 8 is a schematic flow chart of the method according to the sixth embodiment, and as shown in fig. 8, the method for improving the security of the phone according to the embodiment of the present invention further includes:

s701, judging whether the state negotiation of the phone has an abnormal state or not according to the verification information, wherein the abnormal state comprises the following steps: one account corresponds to at least one of a plurality of telephones, a plurality of telephones are serially connected in batches, and a service period is invalid.

In the embodiment of the invention, when the user side sends the phone request information to the server, the server decrypts through the public key, then the IMEI of the phone is verified, after the verification is completed, the account information of the user side is verified, whether the account corresponds to a plurality of IMEIs is judged, if the account corresponds to a plurality of IMEIs, the account is in danger of being stolen, the encrypted communication information also has the risk of leakage, and therefore, the state negotiation is abnormal. In a possible embodiment, one account may be bound to two or more phones, and at this time, in the verification process, it needs to be determined whether the IMEI is bound to the account, and if not, it may also be considered that the state negotiation is abnormal. Similarly, the risk of account theft can also exist when the phone sets are serially connected in batches, which is shown in that the IMEI is paired and the account is also paired in the verification process, but the IMEI batch is not matched with the account batch. The failure of the service period indicates that the user is continuously served or wants to obtain the communication information through the overdue phone, and the risk of communication information leakage also exists, which can be regarded as abnormal.

S702, if the abnormal state exists, refusing to send the decryption result to the user side.

And when the abnormal state exists, the server refuses to send the decryption result to the user side. In one possible embodiment, the server sends a prompt to the user, such as: and sending prompt information such as 'abnormal account number' and 'please check whether the phone corresponds to the account number' to the user side.

In the embodiment, the public key is arranged in the phone to encrypt the verification information and the communication key, when state negotiation is carried out, the encrypted verification information and the encrypted communication key are sent to the server through the user side to be decrypted and verified by the private key, the server returns the private key signature to the phone and returns the communication key to the user side, the user side does not participate in private key decryption, other people cannot crack the phone through a general protocol of the user side and the phone, and the security of the phone is greatly improved. In addition, for the state negotiation in the abnormal state, the server refuses to send the decryption result to the user side, the user side cannot obtain a communication key, the phone cannot obtain a private key signature, the state negotiation cannot be completed, encrypted communication cannot be established, the possibility of communication information leakage is reduced, and the security of the phone is further improved.

Example eight

Referring to fig. 9, fig. 9 is a schematic structural diagram of a user end device for improving phone security according to an embodiment of the present invention, and as shown in fig. 9, thedevice 800 includes:

thefirst sending module 801 is configured to perform state negotiation with a connected phone, and send received phone request information to a server for private key decryption and verification, where the phone request information includes: the information and the communication key are verified through public key encryption;

asecond sending module 802, configured to send a received decryption result returned by the server to the phone to complete a state negotiation with the phone, where the decryption result includes: private key signature and communication key;

and acommunication encryption module 803, configured to perform encrypted communication with the phone based on the communication key.

Further, as shown in fig. 10, theclient device 800 further includes:

athird sending module 804, configured to send the authentication information to the server for authentication;

thestate resetting module 805 is configured to reset a state according to a returned result that is successfully authenticated and is returned by the server, where the returned result includes: and authentication result and authenticated account information.

Further, as shown in fig. 11, theclient device 800 further includes:

a determiningmodule 806, configured to send a state negotiation to the phone and determine whether the phone resends the phone request message when reconnecting with the phone or the server each time;

afourth sending module 807, configured to send the received phone request information retransmitted by the phone to the server for private key decryption if the phone retransmits the phone request information;

afifth sending module 808, configured to send a state negotiation instruction to the phone to request to perform state negotiation every time when the phone does not resend the phone request information.

Example nine

Referring to fig. 12, fig. 12 is a schematic structural diagram of a server apparatus for improving phone security according to an embodiment of the present invention, and as shown in fig. 12, anapparatus 900 includes:

thefirst processing module 901 is configured to receive phone request information sent by a user end in state negotiation with a phone, and perform private key decryption and verification, where the phone request information includes: the information and the communication key are verified through public key encryption;

a sendingmodule 902, configured to send a decryption result to the user side, so that the user side and the phone complete state negotiation, where the decryption result includes: private key signatures and communication keys.

Further, as shown in fig. 13, theserver apparatus 900 further includes:

asecond processing module 903, configured to receive authentication information of a user side and perform authentication;

a returningmodule 904, configured to return a returning result to the user side if the authentication is successful, so that the user side performs state resetting, where the returning result includes: and authentication result and authenticated account information.

Further, as shown in fig. 14, theserver apparatus 900 further includes:

thereconnection module 905 is configured to re-receive the authentication information of the user side for authentication each time the user side is reconnected.

Further, as shown in fig. 15, theserver apparatus 900 further includes:

astate determining module 906, configured to determine whether an abnormal state exists in the state negotiation of the phone according to the verification information, where the abnormal state includes: one account corresponds to at least one of a plurality of telephones, a plurality of telephones are serially connected in batches, and a service period is invalid;

a rejectingmodule 907, configured to reject sending the decryption result to the user side if an abnormal state exists.

Example ten

An embodiment of the present invention provides a system for improving security of a phone, where the system includes:

the telephone is internally provided with an encrypted public key;

a user terminal for improving the security of the phone set according to any of the above embodiments of the user terminal device;

a server for improving the security of a telephone set as described in any one of the above embodiments of the server apparatus.

In one possible embodiment, shown in fig. 16, fig. 16 illustrates a system for improving the security of a phone, the system comprising:

aphone 1001, aPC terminal 1002 and acloud 1003; thephone 1001 includes acontrol module 10011, an AES encryption communication module (key) 10012, and an RSA negotiation module (public key) 10013. ThePC 1002 includes anauthentication module 10021, an AES encryption communication module (key) 10022, and an RSAnegotiation transit module 10023. Thecloud 1003 includes anaccount management module 10031, aphone management module 10032, and an RSA negotiation module (private key) 10033.

The RSA negotiation module (public key) 10013 in thephone 1001 is configured to perform public key encryption on the key information and the verification information of the AES encryption communication module (key) 10012, and the control module sends the phone request information obtained through encryption to thePC terminal 1002. The AES encryption communication module (key) 10012 in thephone 1001 is used for performing encryption communication with the AES encryption communication module (key) 10022 in thePC 1002. The RSAnegotiation transit module 10023 in thePC 1002 is configured to send the phone request information to the RSA negotiation module (private key) 10033 in thecloud 1003 for private key decryption, and theauthentication module 10021 in thePC 1002 is configured to send the authentication information to theaccount management module 10031 in thecloud 1003 for authentication. After the private key is decrypted, the RSA negotiation module (private key) 10033 in thecloud 1003 sends the decrypted communication key to thePC end 1002, so that the AES encryption communication module (key) 10022 in thePC end 1002 obtains a key matched with the AES encryption communication module (key) 10012 in thephone 1001, after the RSA negotiation module (private key) 10033 in thecloud 1003 decrypts the private key, the private key signature is sent to the RSA negotiation module (public key) 10013 in thephone 1001 through the RSAnegotiation transit module 10023 in thePC end 1002 for private key signature verification, and the state negotiation between thephone 1001 and thePC end 1002 is completed.

Further, as shown in fig. 17, fig. 17 is a method for improving the security of the phone according to another embodiment of the present invention, which is applied to the system of fig. 16, and includes the following steps:

s1, logging in a cloud terminal on the PC terminal through authentication information such as an account number and a password;

s2, performing authentication on the cloud, and returning information such as an authentication result, id, key and the like to the PC terminal;

s3, the PC side resets the negotiated communication key state;

s4, the PC end requests the phone to negotiate the communication key;

s5, the phone resets the negotiated communication key state;

s6, the phone generates request information of information such as communication key, IMEI, RandeKey, Salt, id and the like through public key encryption, and sends the request information to the PC terminal;

s7, the PC side sends the request information to the cloud side to request service verification;

s8, the cloud checks whether the matched public key phone is the matched public key phone through information such as IMEI, Randkey, Salt, id and the like, if so, the step S9 is executed, and if not, the step S3 is executed;

s9, decrypting the communication key, carrying out private key signature and sending to the PC end;

s10, the PC terminal obtains the communication key, uses the communication key to encrypt the communication, and transmits the private key signature to the phone;

s11, the phone decrypts the signature information by using the communication key;

s12, the phone judges whether the signature is successfully verified by using the public key, if so, the state negotiation is completed, and the step S13 is switched to, and if not, the step S5 is switched to;

and S13, the phone and the user terminal carry out encrypted communication by using the communication key.

In the embodiment, the public key is set in the phone to encrypt the verification information and the communication key, when state negotiation is performed, the encrypted verification information and the encrypted communication key are sent to the cloud end through the PC end to be decrypted and verified by the private key, the verification is successful, the cloud end returns the private key signature to the phone and returns the communication key to the PC end, the PC end does not participate in the private key decryption, other people cannot crack the phone through the general protocol of the PC end and the phone, and the security of the phone is greatly improved.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (11)

1. A method for improving the security of a phone, wherein an encrypted public key is provided in the phone, the method comprising the steps of:

the user side sends authentication information to the server for authentication;

and resetting the state according to a returned result returned by the server after the authentication is successful, wherein the returned result comprises: authentication result and authenticated account information;

the user side and the connected phone carry out state negotiation, and send the received phone request information to the server for private key decryption and verification, wherein the phone request information comprises: the communication key is encrypted through a public key;

and sending the received decryption result returned by the server to the phone to complete the state negotiation with the phone, wherein the decryption result comprises: private key signature and communication key;

and carrying out encryption communication with the phone based on the communication key.

2. The method for improving phone security of claim 1, further comprising:

when the phone or the server is reconnected each time, sending state negotiation to the phone, and judging whether the phone sends phone request information again;

if the phone resends the phone request information, sending the received phone request information resent by the phone to a server for private key decryption;

and if the phone does not resend the phone request information, sending a state negotiation instruction to the phone to request for state negotiation when the phone communicates with the phone every time.

3. A method for improving security of a phone, wherein an encrypted public key is provided in the phone, the method comprising:

the server receives authentication information of the user side and performs authentication;

if the authentication is successful, returning a return result to the user side so as to enable the user side to reset the state, wherein the return result comprises: authentication result and authenticated account information;

the server receives phone request information sent by a user side in state negotiation with a phone, and decrypts and verifies a private key, wherein the phone request information comprises: the communication key is encrypted through a public key;

the server sends the decryption result to the user side so that the user side and the phone complete state negotiation, wherein the result comprises: private key signatures and communication keys.

4. The method for improving phone security of claim 3, further comprising:

and when the server is reconnected with the user side every time, receiving the authentication information of the user side again for authentication.

5. The method for improving phone security of claim 3, further comprising:

the server judges whether the state negotiation of the phone has an abnormal state according to the verification information, wherein the abnormal state comprises the following steps: one account corresponds to at least one of a plurality of telephones, a plurality of telephones are serially connected in batches, and a service period is invalid;

and if the abnormal state exists, refusing to send the decryption result to the user side.

6. A user end device for improving the security of a phone is characterized in that an encryption public key is arranged in the phone, and the user end device comprises:

the first sending module is used for carrying out state negotiation with a connected phone and sending received phone request information to a server for private key decryption and verification, wherein the phone request information comprises: the communication key is encrypted through a public key;

a second sending module, configured to send a received decryption result returned by the server to the phone to complete a state negotiation with the phone, where the decryption result includes: private key signature and communication key;

the communication encryption module is used for carrying out encryption communication with the phone based on the communication key;

the third sending module is used for sending the authentication information to the server for authentication;

the state resetting module is used for resetting the state according to the returned result returned by the server after the authentication is successful, wherein the returned result comprises: and authentication result and authenticated account information.

7. The client device for improving phone security according to claim 6, wherein the client device further comprises:

the judging module is used for sending state negotiation to the phone and judging whether the phone resends phone request information or not when reconnecting with the phone or the server each time;

the fourth sending module is used for sending the received phone request information which is sent again by the phone to the server for private key decryption if the phone resends the phone request information;

and the fifth sending module is used for sending a state negotiation instruction to the phone to request for state negotiation when the phone communicates with the phone every time if the phone does not resend the phone request information.

8. A server apparatus for improving security of a phone, wherein an encryption public key is provided in the phone, the server apparatus comprising:

the first processing module is used for receiving phone request information sent by a user side in state negotiation with a phone, and performing private key decryption and verification, wherein the phone request information comprises: the communication key is encrypted through a public key;

a sending module, configured to send a decryption result to the user side, so that the user side and the phone complete state negotiation, where the decryption result includes: private key signature and communication key;

the second processing module is used for receiving the authentication information of the user side and authenticating;

a returning module, configured to return a returning result to the user side if the authentication is successful, so that the user side performs state resetting, where the returning result includes: and authentication result and authenticated account information.

9. The server apparatus for improving phone security according to claim 8, wherein the server apparatus further comprises:

and the reconnection module is used for receiving the authentication information of the user side again for authentication when reconnecting with the user side every time.

10. The server apparatus for improving phone security according to claim 8, wherein the server apparatus further comprises:

a state judgment module, configured to judge whether an abnormal state exists in the state negotiation of the phone according to the verification information, where the abnormal state includes: one account corresponds to at least one of a plurality of telephones, a plurality of telephones are serially connected in batches, and a service period is invalid;

and the rejection module is used for rejecting to send the decryption result to the user side if the abnormal state exists.

11. A system for improving the security of a telephone, the system comprising:

the phone comprises a phone body, wherein an encryption public key is arranged in the phone body;

the subscriber-side device for improving the security of a telephone set according to any of claims 6 to 7;

server means for improving the security of a telephone set according to any one of claims 8 to 10.

Images