CN121508883A

CN121508883A - Cloud phone encrypted communication methods, devices, equipment, storage media and software products

Info

Publication number: CN121508883A
Application number: CN202511198519.XA
Authority: CN
Inventors: 邱阳; 高伟杰; 吴卫民; 王俊楷; 钟丰丰; 戴丹升; 陈超
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Internet Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Internet Co Ltd
Filing date: 2025-08-26
Publication date: 2026-02-10

Abstract

The invention discloses a cloud mobile phone encryption communication method, a device, equipment, a storage medium and a program product, wherein the method comprises the steps of sending first information carrying first encryption data to a cloud mobile phone client through a signaling server; the method comprises the steps of obtaining first encrypted data by encrypting session connection proposal data based on a first quantum session key and a second quantum session key, sending second information carrying the second encrypted data to a cloud mobile phone server through a signaling server, obtaining the second encrypted data by encrypting session connection response data based on the first quantum session key and the second quantum session key, obtaining the encrypted session connection response data by media negotiation based on the session connection proposal data, decrypting the second encrypted data according to the first quantum session key and the second quantum session key, obtaining the session connection response data, and completing connection preparation.

Description

Cloud mobile phone encryption communication method, device, equipment, storage medium and program product

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a cloud mobile phone encryption communication method, device, equipment, storage medium, and program product.

Background

Currently, a signaling server based on WebSocket protocol is generally adopted in the cloud mobile phone product, so as to realize the transmission of ICE CANDIDATE (INTERACTIVE CONNECTIVITY ESTABLISHMENT CANDIDATE, an interactive connection establishment candidate, abbreviated as ICE candidate) and RTC Session Description (Real-Time Communication Session Description, real-time communication session description, abbreviated as RTC session description).

Existing encryption schemes for cloud mobile phone products mainly depend on traditional cryptography technologies, such as HTTPS, DTLS (Datagram Transport Layer Security, datagram transport layer security protocol), AES (Advanced Encryption Standard ), and the like. Although these conventional encryption methods are considered to be secure in the current environment, with the continuous improvement of computing power, particularly the development of quantum computers, these conventional encryption methods cannot provide communication guarantee of theoretically unconditional security, may have vulnerability in the face of complex attacks such as advanced persistence threats, and may have a risk of being broken in the future.

Disclosure of Invention

Aiming at the problems existing in the prior art, the embodiment of the invention provides a cloud mobile phone encryption communication method, a device, equipment, a storage medium and a program product, which can effectively improve the safety and reliability between a cloud mobile phone client and a server.

In a first aspect, an embodiment of the present invention provides a cloud mobile phone encryption communication method, which is applied to a cloud mobile phone server, and includes:

The method comprises the steps of sending first information to a cloud mobile phone client through a signaling server, wherein the first information comprises first encrypted data, and the first encrypted data is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

Receiving second information sent by the cloud mobile phone client through the signaling server, wherein the second information comprises second encrypted data, the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, and the encrypted session connection response data is obtained by performing media negotiation based on the session connection proposal data;

and decrypting the second encrypted data according to the third quantum session key and the second quantum session key to obtain session connection response data so as to complete connection preparation.

As an improvement of the above solution, the sending, by the signaling server, the first information to the cloud mobile phone client includes:

the vector sub-security service platform requests a first quantum session key and a first quantum identity;

According to the first quantum session key, a quantum cryptography service platform is called to encrypt the session connection proposal data, so as to obtain encrypted session connection proposal data;

requesting a fourth quantum session key and a fourth quantum identity from the quantum security service platform;

According to the fourth quantum session key, calling the quantum cryptography service platform to encrypt the encrypted session connection proposal data and the first quantum identity to obtain a first encrypted data packet;

And sending third information carrying the first encrypted data packet and the fourth quantum identity to the signaling server, so that after the signaling server decrypts the first encrypted data packet to obtain session connection proposal data, encrypting the session connection proposal data based on a first quantum session key and a second quantum session key to obtain first encrypted data, and sending first information carrying the first encrypted data and the second quantum identity to the cloud mobile phone client.

As an improvement of the above-described scheme, the process of encrypting session connection proposal data based on the first quantum session key and the second quantum session key includes:

the vector sub-security service platform requests a second quantum session key and a second quantum identity;

According to the second quantum session key, a quantum cryptography service platform is called to encrypt the encrypted session connection proposal data and the first quantum identity to obtain first encrypted data;

wherein the first information includes the first encrypted data and the second quantum identity.

As an improvement of the above scheme, the second information further includes a second quantum identity;

The decrypting the second encrypted data according to the third quantum session key and the second quantum session key to obtain session connection response data, so as to complete connection preparation, including:

The vector sub-security service platform requests a second quantum session key indicated by a second quantum identity in the second information;

According to the second quantum session key, a quantum cryptography service platform is called to decrypt the second encrypted data, and a third quantum identity and encrypted session connection response data are obtained;

requesting a third quantum session key indicated by the third quantum encryption identifier from the quantum security service platform;

according to the third quantum session key, invoking the quantum cryptography service platform to decrypt the encrypted session connection response data to obtain decrypted session connection response data;

And completing connection preparation according to the session description response in the session connection response data.

As an improvement of the above solution, the method further includes:

after P2P connection is established, encrypting a preset first encryption algorithm according to a first quantum session key;

Encrypting the encrypted first encryption algorithm and a first quantum identity corresponding to the first quantum session key according to the fourth quantum session key to obtain final first encryption algorithm data;

The first encryption algorithm data are sent to a cloud mobile phone client, so that the cloud mobile phone client decrypts the first encryption algorithm data to obtain the first encryption algorithm and the first quantum session key, and then the following SRTP encryption authentication operation is executed:

The first quantum session key is used as a master key, and a first session encryption key and a first authentication key are derived;

and carrying out encryption authentication on SRTP data according to the first session encryption key and the first authentication key.

As an improvement of the above solution, the method further includes:

and according to the fourth quantum session key, carrying out encryption transmission on the encrypted and authenticated SRTP data and a third quantum identity corresponding to the first quantum session key.

As an improvement of the above solution, the method further includes:

And periodically requesting the quantum security service platform to update the first quantum session key and the first quantum identity corresponding to the first quantum session key through a quantum security channel.

In a second aspect, an embodiment of the present invention provides a cloud mobile phone encryption communication method, which is applied to a cloud mobile phone client, and includes:

The cloud mobile phone server receives first information sent by the signaling server, wherein the first information comprises first encrypted data, and the first encrypted data is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

Decrypting the first encrypted data according to the first quantum session key and the second quantum session key to obtain session connection proposal data;

According to the session connection proposal data, performing media negotiation to obtain session connection response data;

The method comprises the steps of sending second information to a cloud mobile phone server through a signaling server, wherein the second information comprises second encrypted data, the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, and the second information is used for indicating the cloud mobile phone server to decrypt the second encrypted data based on the third quantum session key and the second quantum session key to obtain session connection response data so as to complete connection preparation.

As an improvement of the above solution, the decrypting the first encrypted data according to the first quantum session key and the second quantum session key to obtain session connection proposal data includes:

According to a fifth quantum identity mark preset locally, a vector sub-security service platform requests a second quantum session key corresponding to a second quantum identity mark carried by the first information;

decrypting the first encrypted data in the first information according to the second quantum session key to obtain a first quantum identity and encrypted session connection proposal data;

According to a fifth quantum identity mark preset locally, a first quantum session key corresponding to the first quantum identity mark is requested to the quantum security service platform;

and decrypting the encrypted session connection proposal data according to the first quantum session key to obtain the session connection proposal data.

As an improvement of the above solution, the sending, by the signaling server, the second information to the cloud mobile phone server includes:

according to a fifth quantum identity mark preset locally, requesting a third quantum identity mark and a third quantum session key by a vector son security service platform;

according to the third quantum session key, a quantum cryptography service platform is called to encrypt the session connection response data, so as to obtain encrypted session connection response data;

according to a fifth quantum session key preset locally, calling the quantum cryptography service platform to encrypt the encrypted session connection response data and the third quantum identity to obtain a second encrypted data packet;

And sending fourth information carrying the second encrypted data packet and the fifth quantum identity to the signaling server, so that after the signaling server decrypts the second encrypted data packet to obtain session connection response data, encrypting the session connection response data based on a third quantum session key and a second quantum session key to obtain second encrypted data, and sending second information carrying the second encrypted data and the second quantum identity to the cloud mobile phone server.

As an improvement of the above-described scheme, the process of encrypting the session connection reply data based on the third quantum session key and the second quantum session key includes:

according to the second quantum session key, a quantum cryptography service platform is called to encrypt the encrypted session connection response data and the third quantum identity to obtain second encrypted data, wherein the encrypted session connection response data is obtained after the cloud mobile phone client encrypts the session connection response data based on the third quantum session key;

Wherein the second information includes the second encrypted data and the second quantum identity.

As an improvement of the above solution, the method further includes:

After P2P connection is established, encrypting a preset second encryption algorithm according to a third quantum session key;

encrypting the encrypted second encryption algorithm and a third quantum identity corresponding to the third quantum session key according to the fifth quantum session key to obtain final second encryption algorithm data;

The second encryption algorithm data are sent to a cloud mobile phone server, so that the cloud mobile phone server decrypts the second encryption algorithm data to obtain the second encryption algorithm and the third quantum session key, and then the following SRTP encryption authentication operation is executed:

The third quantum session key is used as a master key, and a second session encryption key and a second authentication key are derived;

And carrying out encryption authentication on SRTP data according to the second session encryption key and the second authentication key.

As an improvement of the above solution, the method further includes:

And according to the fifth quantum session key, carrying out encryption transmission on the encrypted SRTP data and a third quantum identity corresponding to the third quantum session key.

As an improvement of the above solution, the method further includes:

And periodically requesting the quantum security service platform to update the third quantum session key and the third quantum identity corresponding to the third quantum session key through a quantum security channel.

In a third aspect, an embodiment of the present invention provides a cloud mobile phone encryption communication method, which is applied to a signaling server, and includes:

Encrypting session connection proposal data of the cloud mobile phone server according to the first quantum session key and the second quantum session key to obtain first encrypted data;

sending first information to a cloud mobile phone client, wherein the first information comprises the first encrypted data;

Encrypting session connection response data of the cloud mobile phone client according to a third quantum session key and a second quantum session key to obtain second encrypted data, wherein the encrypted session connection response data is obtained by performing media negotiation based on the session connection proposal data;

And sending second information to the cloud mobile phone server, wherein the second information comprises second encrypted data, so that the cloud mobile phone server decrypts the second encrypted data based on a third quantum session key and a second quantum session key to obtain session connection response data so as to complete connection preparation.

As an improvement of the above solution, the method further includes:

Receiving third information sent by the cloud mobile phone server, wherein the third information comprises a first encrypted data packet and a fourth quantum identity;

the vector sub-security service platform requests a fourth quantum session key corresponding to the fourth quantum identity;

according to the fourth quantum session key, a quantum cryptography service platform is called to decrypt the first encrypted data packet, and a first quantum identity and encrypted session connection proposal data are obtained;

requesting a first quantum session key corresponding to the first quantum identity from the quantum security service platform;

As an improvement of the above solution, encrypting session connection proposal data of a cloud mobile phone server according to the first quantum session key and the second quantum session key to obtain first encrypted data, including:

As an improvement of the above solution, encrypting session connection response data of the cloud mobile phone client according to the third quantum session key and the second quantum session key to obtain second encrypted data, including:

As an improvement of the above solution, the method further includes:

receiving fourth information sent by the cloud mobile phone client, wherein the fourth information comprises a second encrypted data packet and a fifth quantum identity;

the vector sub-security service platform requests a fifth quantum session key corresponding to the fifth quantum identity;

According to the fifth quantum session key, a quantum cryptography service platform is called to decrypt the second encrypted data packet, and a third quantum identity and encrypted session connection response data are obtained;

requesting a third quantum session key corresponding to the third quantum identity from the quantum security service platform;

And according to the third quantum session key, invoking the quantum cryptography service platform to decrypt the encrypted session connection response data to obtain session connection response data.

In a fourth aspect, an embodiment of the present invention provides a cloud mobile phone encryption communication device, which is applied to a cloud mobile phone server, and includes:

The cloud mobile phone comprises a first information sending module, a second information sending module and a second information sending module, wherein the first information sending module is used for sending first information to a cloud mobile phone client through a signaling server, and the first information comprises first encrypted data which is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

The cloud mobile phone client comprises a signaling server, a first information receiving module, a second information receiving module and a second information receiving module, wherein the signaling server is used for receiving second information sent by the cloud mobile phone client through the signaling server, the second information comprises second encrypted data, the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, and the encrypted session connection response data is obtained by media negotiation based on the session connection proposal data;

And the response data acquisition module is used for decrypting the second encrypted data according to the third quantum session key and the second quantum session key to acquire session connection response data so as to complete connection preparation.

In a fifth aspect, an embodiment of the present invention provides a cloud mobile phone encryption communication method, applied to a cloud mobile phone client, including:

the cloud mobile phone comprises a first information receiving module, a second information receiving module and a communication module, wherein the first information receiving module is used for receiving first information sent by a cloud mobile phone server through a signaling server, and the first information comprises first encrypted data which is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

the first decryption module is used for decrypting the first encrypted data according to the first quantum session key and the second quantum session key to obtain session connection proposal data;

The media negotiation module is used for carrying out media negotiation according to the session connection proposal data to obtain session connection response data;

the cloud mobile phone server comprises a signaling server, a second information sending module and a second information sending module, wherein the signaling server is used for sending second information to the cloud mobile phone server, the second information comprises second encrypted data, the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, the second information is used for indicating the cloud mobile phone server to decrypt the second encrypted data based on the third quantum session key and the second quantum session key, and the session connection response data is obtained to finish connection preparation.

In a sixth aspect, an embodiment of the present invention provides a cloud mobile phone encryption communication method, which is applied to a signaling server, and includes:

the first encryption module is used for encrypting session connection proposal data of the cloud mobile phone server according to the first quantum session key and the second quantum session key to obtain first encrypted data;

the cloud mobile phone comprises a cloud mobile phone client, a third information sending module and a third information sending module, wherein the cloud mobile phone client is used for sending first information to the cloud mobile phone client, and the first information comprises the first encrypted data;

The second encryption module is used for encrypting the session connection response data of the cloud mobile phone client according to a third quantum session key and a second quantum session key to obtain second encrypted data, wherein the encrypted session connection response data is obtained by media negotiation based on the session connection proposal data;

and the fourth information sending module is used for sending second information to the cloud mobile phone server, wherein the second information comprises second encrypted data, so that the cloud mobile phone server decrypts the second encrypted data based on a third quantum session key and a second quantum session key to acquire session connection response data so as to complete connection preparation.

In a seventh aspect, an embodiment of the present invention provides a cloud mobile phone encryption communication device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the cloud mobile phone encryption communication method according to any one of the first aspect or the cloud mobile phone encryption communication method according to any one of the second aspect or the cloud mobile phone encryption communication method according to any one of the third aspect when executing the computer program.

In an eighth aspect, an embodiment of the present invention provides a computer readable storage medium, where a computer program is stored, where the computer program when executed controls a device in which the computer readable storage medium is located to execute the cloud mobile phone encryption communication method according to any one of the first aspect or the cloud mobile phone encryption communication method according to any one of the second aspect or the cloud mobile phone encryption communication method according to any one of the third aspect.

In a ninth aspect, an embodiment of the present invention provides a computer program product, including a computer program/instruction, where the computer program/instruction, when executed by a processor, implements the cloud mobile phone encryption communication method according to any one of the first aspect, the cloud mobile phone encryption communication method according to any one of the second aspect, or the cloud mobile phone encryption communication method according to any one of the third aspect.

Compared with the prior art, the cloud mobile phone encryption communication method, device, equipment, storage medium and program product provided by the embodiment of the invention comprise the steps that a cloud mobile phone server sends first information to a cloud mobile phone client through a signaling server, wherein the first information comprises first encryption data, the first encryption data is obtained by encrypting session connection proposal data based on the first quantum session key and the second quantum session key, the cloud mobile phone client sends second information to the cloud mobile phone server through the signaling server, the second information comprises second encryption data, the second encryption data is obtained by encrypting session connection response data based on the first quantum session key and the second quantum session key, the encryption session connection response data is obtained by performing media negotiation based on the session connection proposal data, and then the cloud mobile phone server decrypts the second encryption data according to the first quantum session key and the second quantum session key to complete connection preparation.

Drawings

In order to more clearly illustrate the technical solutions of the present invention, the drawings that will be used in the embodiments will be briefly described below, and it will be apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic diagram of a communication framework of a cloud mobile phone service introducing a quantum cryptography according to an embodiment of the present invention;

fig. 2 is a first flowchart of a cloud mobile phone encryption communication method provided in an embodiment of the present invention;

fig. 3 is a flowchart of quantum encryption communication between a cloud mobile phone client and a cloud mobile phone server according to an embodiment of the present invention;

fig. 4 is a second flowchart of a cloud mobile phone encryption communication method provided in an embodiment of the present invention;

fig. 5 is a third flowchart of a cloud mobile phone encryption communication method provided by an embodiment of the present invention;

fig. 6 is a first block diagram of a cloud mobile phone encryption communication device according to an embodiment of the present invention;

fig. 7 is a second block diagram of a cloud mobile phone encryption communication device according to an embodiment of the present invention;

Fig. 8 is a third block diagram of a cloud mobile phone encryption communication device according to an embodiment of the present invention;

fig. 9 is a block diagram of a cloud mobile phone encryption communication device according to an embodiment of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

It will be appreciated that the various numbers referred to in the embodiments of the present application are merely for ease of description and are not intended to limit the scope of the present application. The sequence number of each process does not mean the order of execution, and the order of execution of each process should be determined by its functions and internal logic.

In embodiments of the present invention, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus, does not include other elements but may include, without limitation, additional elements not expressly listed or inherent to such process, method, article, or apparatus. The term "plurality or a plurality" means two or more, and "plurality/item or a plurality/item" are the same. "and/or" describes the association relationship of the association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate that there are three cases of a alone, a and B together, and B alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.

According to the embodiment of the invention, the quantum cipher resource pool is introduced in the cloud mobile phone service communication process, and the confidentiality is ensured by transmitting data between the cloud mobile phone server and the client through the quantum session key provided by the quantum security service platform of the quantum cipher resource pool and the encryption and decryption operation based on the quantum session key provided by the password service platform, so that the risk of being broken in the future can be effectively reduced, and the safety and reliability between the cloud mobile phone client and the server are improved.

The embodiment of the invention provides a communication framework of a cloud mobile phone service introducing a quantum cryptography, as shown in fig. 1, the communication framework of the cloud mobile phone service comprises:

The quantum security service platform is mainly responsible for generating and managing quantum session keys, and provides quantum identity identifiers (Quantum Identification, QID, also called quantum key identifiers) and quantum keys (Quantum Session Key, QSK) of various levels for the communication process, wherein the quantum security service platform comprises a secondary quantum session key and a tertiary quantum session key. The quantum security service platform is a core security component of the whole system, and ensures that a secret key used in the communication process has quantum level security. The second-level quantum session key corresponds to a second-level quantum identity and the third-level quantum session key corresponds to a third-level quantum identity.

And the password service platform is mainly responsible for providing encryption and decryption services, and the quantum session key provided by the quantum security service platform is used for carrying out data encryption and decryption operations. The password service platform is a bridge for connecting quantum security with a traditional encryption system, and confidentiality of data in the transmission process is ensured.

The cloud mobile phone client is a terminal for accessing the cloud mobile phone service by a user. The cloud handset client is responsible for obtaining ICE candidates (also referred to as ICE candidate addresses or network candidate addresses) by interacting with STUN (Session Traversal Utilities for NAT, NAT session traversal application) servers, constructing PeerConnection (peer-to-peer connection, also referred to as point-to-point connection, P2P connection), creating answer, and performing secure communication with the server and signaling server using quantum encryption. The cloud mobile phone client is also responsible for local encryption and decryption operation, and ensures the safety of end-to-end communication.

The cloud mobile phone server is a core component for providing cloud mobile phone service. The cloud mobile phone server is responsible for initializing a connection process, including interaction with a STUN server, creation of offer, and protection of communication data using a quantum encryption method. The cloud mobile phone server is also responsible for managing cloud mobile phone resources, processing connection requests of the cloud mobile phone clients, participating in the quantization process of SRTP (Secure Real-time Transport Protocol, real-time encryption transmission) and ensuring safe transmission of audio and video streams.

The signaling server realizes ICE CANDIDATE and RTC Session Description transmission based on the WebSocket protocol, comprising a offer or answer and SDP (Session Description Protocol ), wherein the WebSocket connection is encrypted through standard HTTPS, so that the security of signaling data is ensured.

By introducing the quantum key between the cloud mobile phone client and the server through the communication framework of the cloud mobile phone service, the full-process quantization from signaling exchange to P2P connection establishment to SRTP communication can be realized, and the security of the cloud mobile phone service and the quantum computing attack resistance are improved. Based on the communication framework of the cloud mobile phone service, the invention provides a cloud mobile phone encryption communication method introducing a quantum key, and the method is described in detail below with reference to the accompanying drawings.

Referring to fig. 2, fig. 2 is a first flowchart of a cloud mobile phone encryption communication method according to an embodiment of the present invention. The cloud mobile phone encryption communication method is applied to a cloud mobile phone server and comprises the following steps:

S11, sending first information to a cloud mobile phone client through a signaling server, wherein the first information comprises first encrypted data, and the first encrypted data is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

specifically, the sending, by the signaling server, the first information to the cloud mobile phone client includes:

Taking the quantization flow of the signaling exchange process as an example, the flow interaction flow of each component is described in detail, and the specific flow is as follows:

The cloud mobile phone server initiates a first request to the STUN server for continuously obtaining ICE candidates of the cloud mobile phone server, and constructing peerConnection locally, creating a session description proposal, preparing quantum encryption and then sending the quantum encryption to the signaling server.

The cloud mobile phone service end requests a three-level quantum session key QSK and a Quantum Identity (QID) (namely the first quantum session key and the first quantum identity). And then requesting a second-level quantum session key QSK and a quantum identity (namely the fourth quantum session key and the fourth quantum identity) by the quantum security service platform, and calling the password service platform to completely encrypt the encrypted session connection proposal data and the third-level Quantum Identity (QID) by using the second-level quantum session key QSK returned by the quantum security service platform to obtain a first encrypted data packet. And pushing the third information carrying the first encrypted data packet and the second-level Quantum Identity (QID) (namely, the fourth quantum identity) to a signaling server.

According to the embodiment of the invention, the three-level and two-level quantum session keys QSK are introduced in the instruction data interaction process between the cloud mobile phone server and the signaling server, and multi-layer quantum encryption is carried out on instruction data such as room identification (roomID), ICE candidates, session description proposal offer and the like, so that the security of instruction data transmission can be effectively improved.

Further, after receiving the first encrypted data packet, the signaling server needs to decrypt the first encrypted data packet, and the specific flow is as follows:

the signaling server requests a fourth quantum session key corresponding to a fourth quantum identity carried by the third information from the vector child security service platform;

the signaling server calls a quantum cryptography service platform to decrypt the first encrypted data packet according to the fourth quantum session key to obtain a first quantum identity and encrypted session connection proposal data;

The signaling server requests a third quantum session key corresponding to the third quantum identity obtained after decryption from the quantum security service platform;

and the signaling server calls the quantum cryptography service platform to decrypt the encrypted session connection proposal data according to the third quantum session key to obtain the session connection proposal data.

The signaling server receives a first encrypted data packet and a second Quantum Identity (QID) sent by the cloud mobile phone server, sends the second Quantum Identity (QID) to the quantum security service platform according to the cloud mobile phone server to obtain a corresponding second Quantum Session Key (QSK) and uses the second Quantum Session Key (QSK) returned by the quantum security service platform to invoke the password service platform to decrypt the first encrypted data packet, and obtains a third Quantum Identity (QID) and encrypted session connection proposal data. And (3) using the three-level quantum identity mark QID (i.e. the first quantum identity mark) obtained after decryption to go to a quantum security service platform to obtain a three-level quantum session key QSK (i.e. the first quantum session key) corresponding to the three-level quantum identity mark QID (i.e. the first quantum identity mark), and calling a password service platform to decrypt encrypted session connection proposal data according to the three-level quantum session key QSK (i.e. the first quantum session key) returned by the quantum security service platform to obtain a room mark (roomID), ICE candidates and session description proposal offer provided by a cloud mobile phone server. And creating a corresponding room (room) based on the cloud mobile phone server side, and waiting for connection of the cloud mobile phone client side.

And triggering a management platform connected to the cloud mobile phone by clicking a corresponding application icon by a user of the cloud mobile phone client, acquiring the cloud mobile phone corresponding to the user authority, associating to obtain a corresponding room identifier (roomID), and initiating connection to a signaling server by the cloud mobile phone client.

The signaling server generates new connection in a found room (room), and the trigger event forwards the three-level Quantum Identity (QID) and data (including the roomID, ICE candidate and offer) provided by the cloud mobile phone server. Specifically, the signaling server encrypts session connection proposal data based on the first quantum session key and the second quantum session key, and the specific process includes:

The signaling server requests a second quantum session key and a second quantum identity to the vector child security service platform;

The signaling server calls a quantum cryptography service platform to encrypt the encrypted session connection proposal data and the first quantum identity according to the second quantum session key to obtain first encrypted data;

The signaling server requests a secondary Quantum Identity (QID) and a Quantum Session Key (QSK) (i.e., the second quantum session key and the second quantum identity), uses the secondary Quantum Session Key (QSK) (i.e., the second quantum session key) to call the password service platform to perform complete encryption on the encrypted session connection proposal data and the tertiary Quantum Identity (QID) (i.e., the first quantum identity) to obtain first encrypted data, and forwards first information carrying the first encrypted data and the secondary Quantum Identity (QID) (i.e., the second quantum identity) to the cloud mobile phone client.

According to the embodiment of the invention, the three-level and two-level quantum session keys QSK are introduced in the instruction data interaction process between the cloud mobile phone client and the signaling server, and multi-layer quantum encryption is carried out on instruction data such as room identification (roomID), ICE candidate items and session description proposal offer, so that the security of instruction data transmission can be effectively improved.

S12, receiving second information sent by the cloud mobile phone client through the signaling server, wherein the second information comprises second encrypted data, the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, and the encrypted session connection response data is obtained by performing media negotiation based on the session connection proposal data;

In the embodiment of the invention, after receiving the first encrypted data forwarded by the signaling service and the second quantum identity QID (namely the second quantum identity), the cloud mobile phone client executes the following decryption and media negotiation operations, and the specific flow is as follows:

Decrypting the encrypted session connection proposal data according to the first quantum session key to obtain session connection proposal data;

and performing media negotiation according to the session connection proposal data to obtain session connection response data.

Further, after obtaining the session connection response data, the cloud mobile phone client performs the following data encryption transmission operations:

Specifically, after receiving the second encrypted data packet, the signaling server needs to decrypt the second encrypted data packet, where the process of decrypting the second encrypted data packet by the signaling server is specifically as follows:

the vector sub-security service platform requests a fifth quantum session key corresponding to a fifth quantum identity in the fourth information;

Then, the signaling server encrypts session connection response data based on the third quantum session key and the second quantum session key, and the specific process includes:

Further, the second information also includes a second quantum identity.

The cloud mobile phone client receives first encrypted data and a second Quantum Identity (QID) sent by a signaling server, uses a locally preset second Quantum Identity (QID) (i.e., a fifth quantum identity) to obtain a second Quantum Session Key (QSK) (i.e., a second quantum session key) corresponding to the second Quantum Identity (QID) (i.e., a second quantum identity) sent by the signaling server, and calls a local SDK (Software Development Kit, a software development kit) to decrypt the first encrypted data packet based on the second Quantum Session Key (QSK) (i.e., the second quantum session key) returned by the quantum security service platform, so as to obtain a third Quantum Identity (QID) (i.e., the first quantum identity requested by the cloud mobile phone server) and encrypted session connection proposal data. And then, obtaining and decrypting three-level quantum session keys QSK (namely the first quantum session key requested by the cloud mobile phone server) corresponding to the three-level quantum identity identification QID (namely the first quantum identity identification requested by the cloud mobile phone server) by using a locally preset two-level quantum identity identification QID (namely a fifth quantum identity identification) vector sub-security service platform, and calling a local SDK to decrypt encrypted session connection proposal data according to the three-level quantum session keys QSK (namely the first quantum session key requested by the cloud mobile phone server) returned by the quantum security service platform to obtain the roomID, ICE candidates and offer provided by the cloud mobile phone server.

Then, the cloud mobile phone client initiates a second request to the STUN server for continuously obtaining ICE candidates of the cloud mobile phone server, and completes peerConnection construction locally, adds the received session description offer provided by the cloud mobile phone server, creates a session description answer, and completes media negotiation of the ICE candidates.

And then, the cloud mobile phone client uses a locally preset secondary Quantum Identity (QID) (namely a fifth quantum identity) to obtain a tertiary Quantum Identity (QID) and a quantum key session (QSK) (namely a third quantum identity key and a third quantum session key) by the vector security service platform. And calling the quantum cryptography service platform by using the three-level quantum key session QSK (namely a third quantum session key) returned by the quantum security service platform to encrypt session connection response data (comprising the roomID, the ICE candidate and the session description response answer). And encrypting the three-level quantum key session QSK (namely a third quantum session key) and encrypted session connection response data by using a locally preset two-level quantum identity mark QSK (namely the fifth quantum session key) to obtain a second encrypted data packet. And finally, replying the second encrypted data packet and the second-level Quantum Identity (QID) (namely, the fifth quantum identity) to the signaling server.

The signaling server receives a second encrypted data packet and a second-level Quantum Identity (QID) returned by the cloud mobile phone client, acquires a corresponding second-level quantum session key QSK (namely a fifth quantum session key) according to the second-level Quantum Identity (QID) (namely a fifth quantum identity) returned by the cloud mobile phone client, and calls the password service platform to decrypt the second encrypted data packet to acquire a third-level Quantum Identity (QID) (namely a third quantum identity) and encrypted session connection response data. And then, the decrypted three-level quantum identity mark QID (namely a third quantum identity mark) is used for obtaining a three-level quantum session key QSK (namely a third quantum session key) by the quantum security service platform, and the password service platform is called to decrypt the encrypted session connection response data according to the three-level quantum session key QSK (namely the third quantum session key) returned by the quantum security service platform, so as to obtain the session connection response data, wherein the session connection response data comprises a roomID, ICE candidates and an answer provided by a cloud mobile phone client.

The signaling server triggers and transmits session connection response data to a cloud mobile phone server in the rotor according to roomID obtained by decryption, and specifically comprises the following steps that the signaling server requests a secondary quantum identity QID and a quantum session key QSK (namely the second quantum session key and the second quantum identity), the password service platform is called to carry out complete encryption on session connection response data provided by the cloud mobile phone client and a tertiary quantum identity QID (namely a third quantum identity) by using the secondary quantum session key QSK (namely the second quantum session key), second encrypted data is obtained, and second information carrying the second encrypted data and the secondary quantum identity QID (namely the second quantum identity) is transmitted to the cloud mobile phone server.

According to the embodiment of the invention, the three-level and two-level quantum session keys QSK are introduced in the instruction data interaction process between the cloud mobile phone client and the signaling server, and multi-layer quantum encryption is carried out on instruction data such as room identification (roomID), ICE candidate items, session description proposal offer, session description answer and the like, so that the security of instruction data transmission can be effectively improved.

And S13, decrypting the second encrypted data according to the third quantum session key and the second quantum session key to obtain session connection response data so as to complete connection preparation.

Specifically, the decrypting the second encrypted data according to the third quantum session key and the second quantum session key to obtain session connection response data, so as to complete connection preparation, includes:

The cloud mobile phone server obtains second encrypted data and a second quantum identity QID (namely a second quantum identity of the signaling server) returned by the signaling server, then the vector sub-security service platform obtains a second quantum session key QSK (namely a second quantum session key of the signaling server) corresponding to the second quantum identity QID (namely a second quantum identity) provided by the signaling server, and uses the second quantum session key QSK (namely a second quantum session key) returned by the quantum security service platform to decrypt the second encrypted data, and invokes the password service platform to obtain a third quantum identity QID (namely a third quantum identity) and encrypted session connection response data provided by the cloud mobile phone client. And then obtaining a three-level quantum session key QSK (namely a third quantum session key provided by a cloud mobile phone client) corresponding to the three-level quantum identity mark QID (namely a third quantum identity mark) obtained after decryption from the quantum security service platform, and calling the password service platform to decrypt encrypted session connection response data by using the three-level quantum session key QSK (namely the third quantum session key provided by the cloud mobile phone client) returned by the quantum security service platform to obtain session connection response data, wherein the session connection response data comprises a roomID, ICE candidates and an answer provided by the cloud mobile phone client.

And the cloud mobile phone server completes the answer to the local peerConnection, and the connection preparation of the P2P is completed.

In the embodiment of the invention, in the process of command data interaction among the cloud mobile phone client, the signaling server and the cloud mobile phone server, a two-level and three-level QID (quantum identification) and QSK (quantum session key) system is realized, as shown in figure 3, the whole-course multi-layer quantum encryption protection of command data in the process of establishing P2P connection is realized, the safety of command data transmission can be effectively improved, the risk of future cracking is reduced, and the quantum safety and reliability of the whole communication process of cloud mobile phone business can be ensured.

In the embodiment of the invention, the first quantum session key requested by the cloud mobile phone server, the cloud mobile phone client and the quantum security service platform and the first quantum session key corresponding to the first quantum session key, the third quantum session key corresponding to the third quantum session key are three-level quantum session keys QSK and three-level quantum identity marks QID corresponding to the third quantum session key, the signaling server, the cloud mobile phone client and the second quantum session key corresponding to the second quantum session key, the fourth quantum session key and the fourth quantum identity mark corresponding to the fourth quantum session key, the fifth quantum session key and the fifth quantum identity mark corresponding to the fourth quantum session key are the two-level quantum session key QSK and the two-level quantum identity mark QID corresponding to the third quantum session key QSK, wherein the three-level quantum session key QSK requested by the cloud mobile phone server, the cloud mobile phone client and the three-level quantum identity mark QID corresponding to the third quantum session key QSK can be identical, or identical, the signaling server, the cloud mobile phone client and the two-level quantum session key QSK requested by the cloud mobile phone client can be identical, or different from specific quantum key implementation.

Further, the method further comprises:

In the embodiment of the invention, after the connection preparation of the P2P is completed, the P2P connection is established, and then the SRTP data between the cloud mobile phone client and the server terminal is quantized and encrypted based on a quantum password resource pool, and the specific flow is as follows:

The cloud mobile phone server/cloud client performs encryption algorithm and transmission of the corresponding three-level quantum identity identification QID and the corresponding three-level quantum session key QSK (such as the first quantum identity identification and the corresponding first quantum session key/the corresponding third quantum session key) based on the two-level quantum identity identification QID and the quantum session key QSK (namely the fourth quantum identity identification and the corresponding fourth quantum session key/the corresponding fifth quantum identity identification and the corresponding fifth quantum session key) distributed by the quantum security service platform. The tertiary quantum session key QSK serves as a master key for the actual encryption of SRTP data. For example, for an encryption algorithm (such as an AES-CTR algorithm and an HMAC-SHA1 algorithm), the cryptographic service platform is called according to a three-level quantum session key QSK to encrypt, then the encrypted algorithm and a three-level Quantum Identity (QID) are encrypted according to a two-level quantum session key QSK to obtain a final encryption algorithm, and the final encryption algorithm is transmitted to a cloud mobile phone client.

And step two, generating SRTP key materials, namely taking the received three-level quantum session key QSK as a master key of SRTP by the cloud mobile phone client. The first session encryption key, the first authentication key, and the first salt are derived using a three-level quantum session key QSK, following the SRTP protocol specification.

And step three, SRTP encryption and authentication, namely using the derived first session encryption key by the cloud mobile phone client, and encrypting the RTP data packet (payload) by adopting an AES-CTR algorithm to obtain the SRTP data packet. An authentication tag is generated for each SRTP packet by an HMAC-SHA1 algorithm using the first authentication key, and final SRTP data is generated based on the SRTP data and the authentication tag. Compared with the standard SRTP process, the embodiment of the invention derives the session encryption key, the authentication key and the like based on the three-level quantum session key QSK, so that the encryption strength and the quantum computing attack resistance can be enhanced.

And step four, dynamic key updating and session maintenance, wherein the cloud mobile phone server periodically updates the quantum session key QSK of three levels through a quantum security channel, and the frequency can be adjusted according to security requirements. After each update, steps one through three are repeated, refreshing all key material of the SRTP.

It should be noted that, in establishing the P2P connection, the SRTP quantization process of the cloud mobile phone client is the same as the SRTP quantization process of the cloud mobile phone server, and no repeated description is given here.

Compared with the prior art, the embodiment of the invention realizes communication which cannot be eavesdropped theoretically by using quantum mechanics principle such as inaccuracy principle through introducing quantum encryption technology, can generate a truly random secret key, and can detect any eavesdropping attempt, thereby providing higher-level security. According to the embodiment of the invention, the quantum communication encryption technology is introduced into the data interaction flow of the cloud mobile phone, especially in the key generation and distribution process, the security which cannot be cracked in theory is realized, the threat brought by a future quantum computer can be resisted, a long-term and provable safe communication channel is provided for the cloud mobile phone service, and the security and reliability of the whole system are enhanced.

Aiming at the communication scheme of the cloud mobile phone, the embodiment of the invention realizes the quantum security communication scheme comprising a quantum security service platform, a password service platform, a cloud mobile phone client, a cloud mobile phone server and a signaling server by introducing a quantum password resource pool comprising the quantum security service platform and the password service platform, wherein the quantum security service platform and the password service platform provide quantum key generation and distribution and encryption and decryption functions based on the quantum key for each link of signaling exchange and P2P connection establishment to real-time media transmission, the traditional encryption method is enhanced by a quantum encryption technology, the real full-flow end-to-end quantum security protection is realized, the security loopholes possibly existing in the traditional communication system are filled, seamless security coverage is provided for the whole communication process, and a comprehensive future-oriented security communication framework is provided for cloud mobile phone service.

The embodiment of the invention adopts a multi-layer quantum encryption architecture and full-process quantization, and based on a two-level and three-level quantum identity identification (QID) and a Quantum Session Key (QSK) system, the types of the quantum keys are more finely divided, and the multi-layer architecture ensures the quantum security of the whole communication process.

Referring to fig. 4, fig. 4 is a second flowchart of a cloud mobile phone encryption communication method according to an embodiment of the present invention. The cloud mobile phone encryption communication method is applied to a cloud mobile phone client and comprises the following steps:

S21, receiving first information sent by a cloud mobile phone server through a signaling server, wherein the first information comprises first encrypted data, and the first encrypted data is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

S22, decrypting the first encrypted data according to the first quantum session key and the second quantum session key to obtain session connection proposal data;

S23, performing media negotiation according to the session connection proposal data to obtain session connection response data;

S24, sending second information to the cloud mobile phone server through the signaling server, wherein the second information comprises second encrypted data, the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, and the second information is used for indicating the cloud mobile phone server to decrypt the second encrypted data based on the third quantum session key and the second quantum session key to obtain the session connection response data so as to complete connection preparation.

In an alternative embodiment, the decrypting the first encrypted data according to the first quantum session key and the second quantum session key to obtain session connection proposal data includes:

In an optional embodiment, the sending, by the signaling server, the second information to the cloud mobile phone server includes:

In an alternative embodiment, the process of encrypting session connection reply data based on the third quantum session key and the second quantum session key includes:

In an alternative embodiment, the method further comprises:

It should be noted that, the working process of the cloud mobile phone encryption communication method according to the embodiment of the present invention may refer to the working process of the cloud mobile phone encryption communication method according to the foregoing embodiment, and the technical effects achieved by the working process are the same as those of the cloud mobile phone encryption communication method according to the foregoing embodiment, which is not described herein again.

Referring to fig. 5, fig. 5 is a third flowchart of a cloud mobile phone encryption communication method according to an embodiment of the present invention. The cloud mobile phone encryption communication method is applied to a signaling server and comprises the following steps:

s31, encrypting session connection proposal data of a cloud mobile phone server according to a first quantum session key and a second quantum session key to obtain first encrypted data;

s32, sending first information to a cloud mobile phone client, wherein the first information comprises the first encrypted data;

s33, encrypting session connection response data of the cloud mobile phone client according to a third quantum session key and a second quantum session key to obtain second encrypted data, wherein the encrypted session connection response data is obtained by performing media negotiation based on the session connection proposal data;

and S34, sending second information to the cloud mobile phone server, wherein the second information comprises second encrypted data, so that the cloud mobile phone server decrypts the second encrypted data based on a third quantum session key and a second quantum session key to obtain session connection response data so as to complete connection preparation.

In an alternative embodiment, the method further comprises:

In an optional embodiment, encrypting session connection proposal data of the cloud mobile phone server according to the first quantum session key and the second quantum session key to obtain first encrypted data includes:

In an optional embodiment, the encrypting the session connection response data of the cloud mobile phone client according to the third quantum session key and the second quantum session key to obtain second encrypted data includes:

In an alternative embodiment, the method further comprises:

Referring to fig. 6, fig. 6 is a first structural block diagram of a cloud mobile phone encryption communication device, where the cloud mobile phone encryption communication device is applied to a cloud mobile phone server, and includes:

The first information sending module 11 is configured to send first information to the cloud mobile phone client through the signaling server, where the first information includes first encrypted data, where the first encrypted data is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

The first information receiving module 12 is configured to receive second information sent by the cloud mobile phone client through the signaling server, where the second information includes second encrypted data, where the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, and the encrypted session connection response data is obtained by performing media negotiation based on the session connection proposal data;

And the response data obtaining module 13 is configured to decrypt the second encrypted data according to the third quantum session key and the second quantum session key, and obtain session connection response data, so as to complete connection preparation.

In an alternative embodiment, the first information sending module 11 includes:

The first quantum key request unit is used for requesting a first quantum session key and a first quantum identity to the quantum security service platform;

the first data encryption unit is used for calling a quantum cryptography service platform to encrypt the session connection proposal data according to the first quantum session key to obtain encrypted session connection proposal data;

the second quantum key request unit is used for requesting a fourth quantum session key and a fourth quantum identity to the quantum security service platform;

The second data encryption unit is used for calling the quantum cryptography service platform to encrypt the encrypted session connection proposal data and the first quantum identity according to the fourth quantum session key to obtain a first encrypted data packet;

The first encrypted data sending unit is configured to send third information carrying the first encrypted data packet and the fourth quantum identity to the signaling server, so that after the signaling server decrypts the first encrypted data packet to obtain session connection proposal data, encrypt the session connection proposal data based on a first quantum session key and a second quantum session key to obtain first encrypted data, and send the first information carrying the first encrypted data and the second quantum identity to the cloud mobile phone client.

In an alternative embodiment, the process of encrypting session connection proposal data based on the first quantum session key and the second quantum session key comprises:

In an alternative embodiment, the second information further comprises a second quantum identity;

the response data acquisition module 13 includes:

The third quantum key request unit is used for requesting a second quantum session key indicated by a second quantum identity in the second information by the vector sub-security service platform;

the first data decryption unit is used for calling a quantum cryptography service platform to decrypt the second encrypted data according to the second quantum session key to obtain a third quantum identity and encrypted session connection response data;

A fourth quantum key request unit, configured to request, from the quantum security service platform, a third quantum session key indicated by the third quantum encryption identifier;

The second data decryption unit is used for calling the quantum cryptography service platform to decrypt the encrypted session connection response data according to the third quantum session key to obtain decrypted session connection response data;

And the connection preparation unit is used for completing connection preparation according to the session description response in the session connection response data.

In an alternative embodiment, the apparatus further comprises:

the first algorithm encryption module is used for encrypting a preset first encryption algorithm according to the first quantum session key after the P2P connection is established;

The second algorithm encryption module is used for encrypting the encrypted first encryption algorithm and the first quantum identity corresponding to the first quantum session key according to the fourth quantum session key to obtain final first encryption algorithm data;

The first encryption data sending module is used for sending the first encryption algorithm data to a cloud mobile phone client, so that the cloud mobile phone client decrypts the first encryption algorithm data to obtain the first encryption algorithm and the first quantum session key, and then the following SRTP encryption authentication operation is executed:

In an alternative embodiment, the apparatus further comprises:

and the first data encryption transmission module is used for carrying out encryption transmission on the encrypted SRTP data and the third quantum identity corresponding to the first quantum session key according to the fourth quantum session key.

In an alternative embodiment, the apparatus further comprises:

the first quantum key updating module is used for periodically requesting the quantum security service platform to update the first quantum session key and the first quantum identity corresponding to the first quantum session key through the quantum security channel.

It should be noted that, the working process of each module in the cloud mobile phone encryption communication device according to the embodiment of the present invention may refer to the working process of the cloud mobile phone encryption communication method according to the above embodiment, and the technical effect achieved by the working process is the same as that achieved by the cloud mobile phone encryption communication method according to the above embodiment, and will not be repeated herein.

Referring to fig. 7, fig. 7 is a second structural block diagram of a cloud mobile phone encryption communication device according to an embodiment of the present invention, where the cloud mobile phone encryption communication device is applied to a cloud mobile phone client, and includes:

The second information receiving module 21 is configured to receive first information sent by the cloud mobile phone server through the signaling server, where the first information includes first encrypted data, and the first encrypted data is obtained by encrypting session connection proposal data based on a first quantum session key and a second quantum session key;

A first decryption module 22, configured to decrypt the first encrypted data according to the first quantum session key and the second quantum session key, to obtain session connection proposal data;

A media negotiation module 23, configured to perform media negotiation according to the session connection proposal data to obtain session connection response data;

The second information sending module 24 is configured to send second information to the cloud mobile phone server through the signaling server, where the second information includes second encrypted data, the second encrypted data is obtained by encrypting session connection response data based on a third quantum session key and a second quantum session key, and the second information is configured to instruct the cloud mobile phone server to decrypt the second encrypted data based on the third quantum session key and the second quantum session key, and obtain session connection response data, so as to complete connection preparation.

In an alternative embodiment, the first decryption module 22 comprises:

A fifth quantum key request unit, configured to request, according to a fifth locally preset quantum identity, a second quantum session key corresponding to the second quantum identity carried by the first information by using a vector child security service platform;

The third data decryption unit is used for decrypting the first encrypted data in the first information according to the second quantum session key to obtain a first quantum identity and encrypted session connection proposal data;

A sixth quantum key request unit, configured to request, according to a fifth locally preset quantum identity, a first quantum session key corresponding to the first quantum identity from the quantum security service platform;

and the fourth data decryption unit is used for decrypting the encrypted session connection proposal data according to the first quantum session key to obtain the session connection proposal data.

In an alternative embodiment, the second information sending module 24 includes:

A seventh quantum key request unit, configured to request, according to a fifth locally preset quantum identity, a third quantum identity and a third quantum session key from the quantum security service platform;

a fifth data encryption unit, configured to invoke a quantum cryptography service platform to encrypt the session connection response data according to the third quantum session key, so as to obtain encrypted session connection response data;

A sixth data encryption unit, configured to invoke the quantum cryptography service platform to encrypt the encrypted session connection response data and the third quantum identity according to a fifth locally preset quantum session key, so as to obtain a second encrypted data packet;

the first encrypted data sending unit is configured to send fourth information carrying the second encrypted data packet and the fifth quantum identity to the signaling server, so that after the signaling server decrypts the second encrypted data packet to obtain session connection response data, encrypt the session connection response data based on a third quantum session key and a second quantum session key to obtain second encrypted data, and send second information carrying the second encrypted data and the second quantum identity to the cloud mobile phone server.

In an alternative embodiment, the apparatus further comprises:

the third algorithm encryption module is used for encrypting a preset second encryption algorithm according to a third quantum session key after the P2P connection is established;

The fourth algorithm encryption module is used for encrypting the encrypted second encryption algorithm and a third quantum identity corresponding to the third quantum session key according to the fifth quantum session key to obtain final second encryption algorithm data;

The second encryption data sending module is configured to send the second encryption algorithm data to a cloud mobile phone server, so that the cloud mobile phone server decrypts the second encryption algorithm data to obtain the second encryption algorithm and the third quantum session key, and then performs the following SRTP encryption authentication operation:

In an alternative embodiment, the apparatus further comprises:

And the second data encryption transmission module is used for carrying out encryption transmission on the encrypted SRTP data and the third quantum identity corresponding to the third quantum session key according to the fifth quantum session key.

In an alternative embodiment, the apparatus further comprises:

The second quantum key updating module is used for periodically requesting the quantum security service platform to update the third quantum session key and the third quantum identity corresponding to the third quantum session key through the quantum security channel.

Referring to fig. 8, fig. 8 is a third structural block diagram of a cloud mobile phone encryption communication device according to an embodiment of the present invention, where the cloud mobile phone encryption communication device is applied to a signaling server, and includes:

the first encryption module 31 is configured to encrypt session connection proposal data of the cloud mobile phone server according to the first quantum session key and the second quantum session key to obtain first encrypted data;

A third information sending module 32, configured to send first information to a cloud mobile phone client, where the first information includes the first encrypted data;

the second encryption module 33 is configured to encrypt session connection response data of the cloud mobile phone client according to a third quantum session key and a second quantum session key to obtain second encrypted data, where the encrypted session connection response data is obtained by performing media negotiation based on the session connection proposal data;

And a fourth information sending module 34, configured to send second information to the cloud mobile phone server, where the second information includes second encrypted data, so that the cloud mobile phone server decrypts the second encrypted data based on the third quantum session key and the second quantum session key, and obtains session connection response data to complete connection preparation.

In an alternative embodiment, the apparatus further comprises:

The cloud mobile phone comprises a cloud mobile phone server, a third information receiving module and a third information sending module, wherein the cloud mobile phone server is used for sending third information to the cloud mobile phone server;

the first key request module is used for requesting a fourth quantum session key corresponding to the fourth quantum identity by the vector sub-security service platform;

The second decryption module is used for calling a quantum cryptography service platform to decrypt the first encrypted data packet according to the fourth quantum session key to obtain a first quantum identity and encrypted session connection proposal data;

The second key request module is used for requesting the first quantum session key corresponding to the first quantum identity from the quantum security service platform;

and the third decryption module is used for decrypting the encrypted session connection proposal data according to the first quantum session key to obtain the session connection proposal data.

In an alternative embodiment, the first encryption module 31 includes:

An eighth quantum key request unit, configured to request a second quantum session key and a second quantum identity to the quantum security service platform;

A seventh data encryption unit, configured to invoke a quantum cryptography service platform to encrypt the encrypted session connection proposal data and the first quantum identity according to the second quantum session key, so as to obtain first encrypted data;

In an alternative embodiment, the second encryption module 33 includes:

A ninth quantum key request unit, configured to request a second quantum session key and a second quantum identity to the quantum security service platform;

The eighth data encryption unit is used for calling a quantum cryptography service platform to encrypt the encrypted session connection response data and the third quantum identity according to the second quantum session key to obtain second encrypted data, wherein the encrypted session connection response data is obtained after the cloud mobile phone client encrypts the session connection response data based on the third quantum session key;

In an alternative embodiment, the apparatus further comprises:

the cloud mobile phone comprises a cloud mobile phone client, a first information receiving module and a second information receiving module, wherein the cloud mobile phone client is used for receiving first information sent by the cloud mobile phone client;

the third key request module is used for requesting a fifth quantum session key corresponding to the fifth quantum identity by the vector sub-security service platform;

the fourth decryption module is used for calling a quantum cryptography service platform to decrypt the second encrypted data packet according to the fifth quantum session key to obtain a third quantum identity and encrypted session connection response data;

A fourth key request module, configured to request, from the quantum security service platform, a third quantum session key corresponding to the third quantum identity;

and the fifth decryption module is used for calling the quantum cryptography service platform to decrypt the encrypted session connection response data according to the third quantum session key to obtain the session connection response data.

Referring to fig. 9, fig. 9 is a block diagram of a cloud mobile phone encryption communication device according to an embodiment of the present invention. The cloud handset encrypted communication device comprises a processor 41, a memory 42 and a computer program stored in the memory 42 and executable on the processor 41. The steps in the embodiments of the cloud mobile phone encryption communication method described above, such as steps S11 to S13, or steps S21 to S24, or steps S31 to S34, are implemented when the processor 41 executes the computer program.

Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory 42 and executed by the processor 41 to complete the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions for describing the execution of the computer program in the cloud handset encryption communication device.

The cloud mobile phone encryption communication device may include, but is not limited to, a processor 41, a memory 42. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of a cloud handset encryption communication device, and is not limiting of the cloud handset encryption communication device, and may include more or fewer components than illustrated, or may combine certain components, or different components, e.g., the cloud handset encryption communication device may further include an input-output device, a network access device, a bus, etc.

The Processor 41 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor, etc., and the processor 41 is a control center of the cloud mobile phone encryption communication device, and connects various parts of the entire cloud mobile phone encryption communication device by using various interfaces and lines.

The memory 42 may be used to store the computer program and/or module, and the processor 41 may implement various functions of the cloud mobile phone encryption communication device by running or executing the computer program and/or module stored in the memory 42 and invoking data stored in the memory 42. The memory 42 may mainly include a storage program area that may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), etc., and a storage data area that may store data created according to the use of the cellular phone (such as audio data, a phonebook, etc.), etc. In addition, memory 42 may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.

The module/unit integrated by the cloud mobile phone encryption communication device can be stored in a computer readable storage medium if the module/unit is realized in the form of a software functional unit and sold or used as a separate product. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and the computer program may implement the steps of each of the method embodiments described above when executed by the processor 41. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth.

It should be noted that the above-described apparatus embodiments are merely illustrative, and the units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiment of the device provided by the invention, the connection relation between the modules represents that the modules have communication connection, and can be specifically implemented as one or more communication buses or signal lines. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be within the scope of the present invention.

Claims

1. The cloud mobile phone encryption communication method is characterized by comprising the following steps of:

2. The cloud mobile phone encryption communication method of claim 1, wherein the sending, by the signaling server, the first information to the cloud mobile phone client comprises:

3. The cloud handset encryption communication method according to claim 1 or 2, wherein the process of encrypting session connection proposal data based on the first quantum session key and the second quantum session key comprises:

4. The cloud mobile phone encryption communication method of claim 1, wherein the second information further comprises a second quantum identity;

5. The cloud handset encryption communication method according to claim 2, wherein the method further comprises:

6. The cloud handset encryption communication method according to claim 4, wherein the method further comprises:

And according to the fourth quantum session key, carrying out encryption transmission on the encrypted and authenticated SRTP data and the third quantum identity corresponding to the first quantum session key.

7. The cloud handset encryption communication method according to claim 4, wherein the method further comprises:

8. The cloud mobile phone encryption communication method is characterized by being applied to a cloud mobile phone client and comprising the following steps:

9. The cloud mobile phone encryption communication method of claim 8, wherein decrypting the first encrypted data according to the first quantum session key and the second quantum session key to obtain session connection proposal data comprises:

10. The cloud mobile phone encryption communication method of claim 8, wherein the sending, by the signaling server, the second information to the cloud mobile phone server includes:

11. The cloud mobile phone encryption communication method according to claim 8 or 10, wherein the process of encrypting session connection reply data based on the third quantum session key and the second quantum session key comprises:

12. The cloud handset encryption communication method according to claim 10, wherein the method further comprises:

The second encryption algorithm data are sent to a cloud mobile phone server, so that the cloud mobile phone server decrypts the second encryption algorithm data to obtain the second encryption algorithm and a third quantum session key, and then the following SRTP encryption authentication operation is executed:

13. The cloud handset encryption communication method according to claim 12, wherein the method further comprises:

and according to the fifth quantum session key, carrying out encrypted transmission on the encrypted SRTP data and a third quantum identity corresponding to the third quantum session key.

14. The cloud handset encryption communication method according to claim 12, wherein the method further comprises:

15. The cloud mobile phone encryption communication method is characterized by being applied to a signaling server and comprising the following steps:

16. The cloud handset encryption communication method according to claim 15, wherein the method further comprises:

17. The cloud mobile phone encryption communication method according to claim 15 or 16, wherein encrypting session connection proposal data of the cloud mobile phone server according to the first quantum session key and the second quantum session key to obtain first encrypted data comprises:

18. The cloud mobile phone encryption communication method of claim 15, wherein encrypting the session connection response data of the cloud mobile phone client according to the third quantum session key and the second quantum session key to obtain second encrypted data comprises:

19. The cloud handset encryption communication method according to claim 15 or 18, wherein the method further comprises:

20. The cloud mobile phone encryption communication device is characterized by comprising:

21. The cloud mobile phone encryption communication method is characterized by being applied to a cloud mobile phone client and comprising the following steps:

22. The cloud mobile phone encryption communication method is characterized by being applied to a signaling server and comprising the following steps:

23. A cloud mobile phone encryption communication device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the cloud mobile phone encryption communication method according to any one of claims 1 to 7 or the cloud mobile phone encryption communication method according to any one of claims 8 to 14 or the cloud mobile phone encryption communication method according to any one of claims 15 to 19 when executing the computer program.

24. A computer readable storage medium, wherein the computer readable storage medium stores a computer program, and wherein the computer program when executed controls a device in which the computer readable storage medium is located to perform the cloud mobile phone encryption communication method according to any one of claims 1 to 7 or the cloud mobile phone encryption communication method according to any one of claims 8 to 14 or the cloud mobile phone encryption communication method according to any one of claims 15 to 19.

25. A computer program product comprising computer program/instructions which, when executed by a processor, implement the cloud handset encrypted communication method of any one of claims 1 to 7 or the cloud handset encrypted communication method of any one of claims 8 to 14 or the cloud handset encrypted communication method of any one of claims 15 to 19.