CN119814435A

CN119814435A - System, method, device and equipment for calls between fixed telephone and mobile terminal

Info

Publication number: CN119814435A
Application number: CN202411954655.2A
Authority: CN
Inventors: 陈炜; 汪尧; 袁洋; 王轶; 汪洋
Original assignee: China Telecom Quantum Information Technology Group Co ltd
Current assignee: China Telecom Quantum Information Technology Group Co ltd
Priority date: 2024-12-27
Filing date: 2024-12-27
Publication date: 2025-04-11

Abstract

The embodiment of the present invention provides a system, method, device and equipment for a call between a fixed-line phone and a mobile terminal. After the fixed-line phone initiates a call to the mobile terminal or the mobile terminal initiates a call to the fixed-line phone, the two start to establish a voice session; first, a request for obtaining a secret identifier is sent to the identity authentication platform and the returned secret identifier is received; then a request for obtaining a session key is sent to the quantum key management service platform, and the request includes the secret identifier; the returned session key assigned to the secret identifier is received; after the voice session is established, the first voice data sent by the fixed-line phone is received, the first voice data is encrypted using the session key and sent to the mobile terminal; the encrypted second voice data sent by the mobile terminal is received, the encrypted second voice data is decrypted using the session key, and sent to the fixed-line phone. Identity authentication can be achieved while making a call, and the call voice data can be symmetrically encrypted by the quantum key.

Description

System, method, device and equipment for communicating fixed telephone with mobile terminal

Technical Field

The present invention relates to the field of encrypted communication technology, and in particular, to a system for communicating between a fixed phone and a mobile terminal, a method, an apparatus, an electronic device, and a computer readable storage medium for communicating between a fixed phone and a mobile terminal.

Background

Although mobile communication and VoIP (Voice over Internet Protocol) technology has been rapidly developed in recent years, since landline telephones have various advantages such as high reliability, high call quality, low cost efficiency, etc., there are a large number of landline telephones in PSTN (Public Switched Telephone Network ) system in a specific co-operation scenario, and they are also indisputable as communication tools for daily office work due to their specific advantages.

The fixed telephone PSTN network and IMS (IP Multimedia Subsystem ) call data flow both ends encode different modes, PSTN network data structure type is G.711, signaling format is NO.7 signaling, voLTE (Voice over Long-Term Evolution) call in IMS network mainly uses SIP (Session Initiation Protocol ) signaling, data format is AMR-WB (Adaptive Multi-Rate Widebad), because signaling format and data format are different, data flow can not be directly interworked, it needs to be converted by gateway equipment, the current IMS network data format conversion gateway has no measures such as data security protection, so there is a potential safety hazard for external call of internal line fixed telephone.

Disclosure of Invention

In view of the foregoing, embodiments of the present invention are directed to a system for a landline telephone to a mobile terminal, a method, apparatus, electronic device, and computer-readable storage medium for a landline telephone to a mobile terminal that overcomes or at least partially solves the foregoing problems.

In order to solve the problems, the embodiment of the invention discloses a system for communicating a fixed telephone with a mobile terminal, which comprises the fixed telephone, a voice gateway, the mobile terminal, an identity authentication platform and a quantum key management service platform;

The fixed telephone is used for establishing a voice session with the mobile terminal through the voice gateway, sending first voice data to the voice gateway after the voice session is established, and receiving second voice data sent by the voice gateway, wherein the second voice data is sent to the voice gateway by the mobile terminal;

The voice gateway is used for establishing a voice session with the mobile terminal after the fixed telephone initiates a call to the mobile terminal or the mobile terminal initiates a call to the fixed telephone, sending a secret identification acquisition request to the identity authentication platform in the process of establishing the voice session, receiving a secret identification allocated by the identity authentication platform, sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret identification, receiving a session key allocated to the secret identification and sent by the quantum key management service platform, receiving first voice data sent by the fixed telephone after the voice session is established, encrypting the first voice data by using the session key and sending the first voice data to the mobile terminal, receiving encrypted second voice data sent by the mobile terminal, decrypting the encrypted second voice data by using the session key and sending the second voice data to the fixed telephone;

The mobile terminal is used for establishing a voice session with the fixed telephone through the voice gateway, sending a secret identification acquisition request to the identity authentication platform in the process of establishing the voice session, receiving a secret identification distributed by the identity authentication platform, sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret identification, receiving a session key distributed by the quantum key management service platform and aiming at the secret identification, encrypting second voice data by using the session key after establishing the voice session, sending the encrypted second voice data to the voice gateway, receiving encrypted first voice data sent by the voice gateway, decrypting the encrypted first voice data according to the session key, and sending the first voice data to the voice gateway by the fixed telephone;

The identity authentication platform is used for receiving an secret identifier acquisition request sent by the voice gateway, sending a secret identifier to the voice gateway according to the secret identifier acquisition request, receiving the secret identifier acquisition request sent by the mobile terminal, and sending a secret identifier to the mobile terminal according to the secret identifier acquisition request;

The quantum key management service platform is used for receiving a session key acquisition request sent by the voice gateway, wherein the key acquisition request comprises the secret entering identifier, distributing a session key aiming at the secret entering identifier, sending the encrypted session key to the voice gateway, receiving the session key acquisition request sent by the mobile terminal, wherein the key acquisition request comprises the secret entering identifier, distributing the session key aiming at the secret entering identifier, and sending the encrypted session key to the mobile terminal.

Optionally, the secret identification acquisition request includes voice gateway information and mobile terminal information;

The identity authentication platform is used for determining whether the quantum secret call establishment condition is met according to the voice gateway information and the mobile terminal information, and generating the secret entering identification according to the voice gateway information and the mobile terminal information after determining that the quantum secret call establishment condition is met.

Optionally, the voice gateway is provided with a secure medium, wherein a filling key is stored in the secure medium, and the voice gateway is used for sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret entry identifier encrypted according to the filling key;

The mobile terminal is provided with a secure medium, and the secure medium is stored with a filling key; the mobile terminal is used for sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret entry identifier encrypted according to the filling key; receiving a session key encrypted according to a filling key and sent by the quantum key management service platform, and decrypting the encrypted session key by using the filling key to obtain a session key;

The quantum key management service platform is used for receiving a session key acquisition request sent by the voice gateway, wherein the key acquisition request comprises the secret entry identifier encrypted according to a filling key, acquiring the filling key, decrypting the encrypted secret entry identifier according to the filling key, distributing a session key to the secret entry identifier, encrypting the session key according to the filling key, sending the encrypted session key to the voice gateway, receiving a session key acquisition request sent by the mobile terminal, wherein the key acquisition request comprises the secret entry identifier encrypted according to the filling key, acquiring the filling key, decrypting the encrypted secret entry identifier according to the filling key, distributing the session key to the secret entry identifier, encrypting the session key by using the filling key, and sending the encrypted session key to the mobile terminal.

Optionally, the voice gateway is configured to, after receiving first voice data sent by the fixed phone, perform data format conversion on the first voice data, encrypt the data format-converted first voice data with the session key and send the encrypted data to the mobile terminal, and, after receiving encrypted second voice data sent by the mobile terminal, decrypt the encrypted second voice data with the session key, perform data format conversion on the second voice data, and send the data format-converted second voice data to the fixed phone.

Optionally, the system also comprises a session control server, a home subscriber server and a call session control server;

the fixed telephone is used for sending call signaling to the voice gateway;

The voice gateway is used for converting the signaling format of the call signaling to obtain a call request and sending the call request to the session control server;

The session control server is used for calling the home subscriber server according to the call request to inquire whether the called mobile terminal supports the long-term evolution voice bearing communication service, and calling the call session control server to establish a voice session if the called mobile terminal supports the long-term evolution voice bearing communication service.

In a second aspect, an embodiment of the present invention provides a method for a fixed phone to communicate with a mobile terminal, where the method is applied to a voice gateway, and the method includes:

After the fixed telephone initiates a call to the mobile terminal or the mobile terminal initiates a call to the fixed telephone, establishing a voice session with the mobile terminal;

In the process of establishing the voice session, sending a secret identification acquisition request to an identity authentication platform, and receiving a secret identification distributed by the identity authentication platform; the vector sub-key management service platform sends a session key acquisition request which comprises the secret identifier, receives a session key distributed for the secret identifier and sent by the quantum key management service platform, and sends the session key to the quantum key management service platform;

After a voice session is established, receiving first voice data sent by the fixed telephone, encrypting the first voice data by using the session key and sending the first voice data to the mobile terminal; and receiving the encrypted second voice data sent by the mobile terminal, decrypting the encrypted second voice data by using the session key, and sending the second voice data to the fixed telephone.

Optionally, the sending the secret identification obtaining request to the identity authentication platform includes:

acquiring voice gateway information and mobile terminal information;

Sending a secret identification acquisition request to an identity authentication platform, wherein the secret identification acquisition request comprises voice gateway information and mobile terminal information, so that the identity authentication platform generates the secret identification according to the voice gateway information and the mobile terminal information after determining that the quantum secret call establishment condition is met according to the voice gateway information and the mobile terminal information.

Optionally, the voice gateway has a secure medium, and the secure medium stores a charging key;

the vector subkey management service platform sends a session key acquisition request, including:

Encrypting the secret identifier by using the filling secret key;

Sending a session key acquisition request to a quantum key management service platform, wherein the key acquisition request comprises the secret entry identifier encrypted according to a filling key;

the receiving the session key allocated to the secret identifier, which is sent by the quantum key management service platform, includes:

receiving a session key encrypted according to a filling key, which is sent by the quantum key management service platform;

And decrypting the encrypted session key by using the filling key to obtain the session key.

Optionally, the encrypting the first voice data using the session key and transmitting to the mobile terminal includes:

Performing data format conversion on the first voice data, encrypting the first voice data subjected to data format conversion by using the session key, and sending the encrypted first voice data to the mobile terminal;

Said sending said second voice data to said landline telephone comprising:

and carrying out data format conversion on the second voice data, and sending the second voice data subjected to data format conversion to the fixed telephone.

Optionally, after the fixed phone initiates a call to the mobile terminal, establishing a voice session with the mobile terminal, including:

Receiving the call signaling sent by the fixed, converting the signaling format of the call signaling to obtain a call request, and sending the call request to a session control server, so that the session control server calls a home subscriber server according to the call request to inquire whether a called party mobile terminal supports long-term evolution voice bearing communication service, and if the called party mobile terminal supports long-term evolution voice bearing communication service, calling the session control server to establish a voice session.

In a third aspect, an embodiment of the present invention provides a method for a fixed phone to communicate with a mobile terminal, where the method is applied to the mobile terminal, and the method includes:

in the process of establishing a voice session with the fixed telephone through a voice gateway, sending a secret identification acquisition request to an identity authentication platform, receiving a secret identification allocated by the identity authentication platform, sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret identification, and receiving a session key allocated for the secret identification and sent by the quantum key management service platform;

After the voice session is established, encrypting second voice data by using the session key, sending the encrypted second voice data to the voice gateway, receiving encrypted first voice data sent by the voice gateway, decrypting the encrypted first voice data according to the session key, and sending the first voice data to the voice gateway by the fixed telephone.

acquiring voice gateway information and mobile terminal information;

Optionally, the mobile terminal has a secure medium, and the secure medium stores a charging key;

Encrypting the secret identifier by using the filling secret key;

In a fourth aspect, an embodiment of the present invention provides an apparatus for a fixed phone to communicate with a mobile terminal, where the apparatus is applied to a voice gateway, and the apparatus includes:

The session establishment module is used for establishing a voice session with the mobile terminal after the fixed telephone initiates a call to the mobile terminal or after the mobile terminal initiates a call to the fixed telephone;

The system comprises a voice conversation, a first request and acquisition module, a vector subkey management service platform, a quantum key management service platform and a second request and acquisition module, wherein the voice conversation is established by the voice conversation, the voice conversation is transmitted to the identity authentication platform and received by the first request and acquisition module;

The mobile phone comprises a fixed telephone, a first sending and receiving module, a second sending and receiving module and a second sending and receiving module, wherein the fixed telephone is used for sending a voice conversation, the first sending and receiving module is used for receiving first voice data sent by the fixed telephone, encrypting the first voice data by using a conversation key and sending the first voice data to the mobile terminal, receiving encrypted second voice data sent by the mobile terminal, decrypting the encrypted second voice data by using the conversation key and sending the second voice data to the fixed telephone.

Optionally, the first request and acquisition module includes:

the first acquisition sub-module is used for acquiring voice gateway information and mobile terminal information;

The second secret identification generation sub-module is used for sending a secret identification acquisition request to the identity authentication platform, wherein the secret identification acquisition request comprises voice gateway information and mobile terminal information, so that the identity authentication platform generates the secret identification according to the voice gateway information and the mobile terminal information after the fact that quantum secret call establishment conditions are met is determined according to the voice gateway information and the mobile terminal information.

The first request and acquisition module further includes:

The first encryption sub-module is used for encrypting the secret identification by using the filling secret key;

The first request sending submodule is used for sending a session key obtaining request to the quantum key management service platform, wherein the key obtaining request comprises the secret entering identifier encrypted according to the filling key;

The first request and acquisition module further includes:

the first receiving sub-module is used for receiving the session key which is sent by the quantum key management service platform and is encrypted according to the filling key;

And the first encryption sub-module is used for decrypting the encrypted session key by using the filling key to obtain the session key.

Optionally, the first transmitting and receiving module includes:

the first data sending sub-module is used for carrying out data format conversion on the first voice data, encrypting the first voice data subjected to data format conversion by using the session key and sending the first voice data to the mobile terminal;

The first transmitting and receiving module further includes:

and the second data transmission sub-module is used for carrying out data format conversion on the second voice data and transmitting the second voice data subjected to the data format conversion to the fixed telephone.

Optionally, the first sending and receiving module further includes:

The session establishment sub-module is used for receiving the call signaling sent by the fixed, converting the signaling format of the call signaling to obtain a call request, and sending the call request to the session control server so that the session control server calls a home subscriber server according to the call request to inquire whether the called mobile terminal supports the long-term evolution voice bearing communication service or not, and if the called mobile terminal supports the long-term evolution voice bearing communication service, the call session control server is called to establish a voice session.

In a fifth aspect, an embodiment of the present invention provides an apparatus for a fixed phone to communicate with a mobile terminal, where the apparatus is applied to the mobile terminal, and the apparatus includes:

The second request and acquisition module is used for sending a secret identifier acquisition request to an identity authentication platform in the process of establishing a voice session with the fixed telephone through a voice gateway, receiving a secret identifier distributed by the identity authentication platform, sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret identifier;

the second sending and receiving module is used for encrypting second voice data by using the session key after the voice session is established, sending the encrypted second voice data to the voice gateway, receiving encrypted first voice data sent by the voice gateway, decrypting the encrypted first voice data according to the session key, and sending the first voice data to the voice gateway by the fixed telephone.

Optionally, the second request and acquisition module includes:

the second acquisition sub-module is used for acquiring voice gateway information and mobile terminal information;

the second request and acquisition module further includes:

the second encryption sub-module is used for encrypting the secret identification by using the filling secret key;

The second request sending submodule is used for sending a session key obtaining request to the quantum key management service platform, wherein the key obtaining request comprises the secret entering identifier encrypted according to the filling key;

the second request and acquisition module further includes:

the second receiving sub-module is used for receiving the session key which is sent by the quantum key management service platform and is encrypted according to the filling key;

And the second encryption sub-module is used for decrypting the encrypted session key by using the filling key to obtain the session key.

In a sixth aspect, an embodiment of the present invention provides an electronic device, including a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer program implementing the steps of the landline telephone and mobile terminal conversation method as described above when executed by the processor.

In a seventh aspect, embodiments of the present invention provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a landline telephone and mobile terminal conversation method as described above.

The embodiment of the invention has the following advantages:

The embodiment of the invention establishes a voice session after a fixed telephone initiates a call to a mobile terminal or a mobile terminal initiates a call to the fixed telephone, sends a secret identifier acquisition request to an identity authentication platform in the process of establishing the voice session, receives a secret identifier distributed by the identity authentication platform, sends a session key acquisition request to a vector subkey management service platform, the key acquisition request comprises the secret identifier, receives a session key distributed for the secret identifier sent by a quantum key management service platform, receives first voice data sent by the fixed telephone after establishing the voice session, encrypts the first voice data by using the session key and sends the first voice data to the mobile terminal, receives encrypted second voice data sent by the mobile terminal, decrypts the encrypted second voice data by using the session key and sends the second voice data to the fixed telephone. The method can realize identity authentication while calling, and symmetrically encrypt call voice data through quantum keys, so as to solve the problem that call information can be intercepted or recorded when a fixed line telephone in a unit and a mobile phone terminal are mutually dialed, and solve the problems of identity authentication and equipment security assurance when an external mobile phone dials the telephone in the internal line.

Drawings

Fig. 1 is a block diagram of a communication system between a fixed phone and a mobile terminal according to an embodiment of the present invention;

Fig. 2 is a flow chart of steps of a method for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention;

Fig. 3 is a schematic business flow diagram of a communication system between a fixed phone and a mobile terminal according to an embodiment of the present invention;

FIG. 4 is a flowchart illustrating steps of another method for communicating with a mobile terminal by using a fixed-line telephone according to an embodiment of the present invention;

Fig. 5 is a block diagram of a device for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention;

fig. 6 is a block diagram of another apparatus for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention.

Detailed Description

In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.

One of the core ideas of the embodiment of the invention is that the synchronous reporting of authentication information to a gateway during communication is realized through the hardware number of the equipment and authentication data preset in a security chip in a quantum SIM card, and the communication between unauthorized equipment and the SIM card is blocked. Identity authentication can be achieved while a conversation call is in progress. Because the mobile terminals are issued in units, the information can be input into the gateway in advance, and the authentication information is encrypted and protected by a quantum encryption technology, so that the identity credibility of both parties in conversation is ensured. The signaling and voice conversion equipment is deployed at the external outlet of the internal fixed telephone, and the U shield is used as an encryption medium, so that the sectional encryption and decryption of voice are realized, and finally the encryption intercommunication between the external network mobile phone and the internal fixed telephone is realized. The intranet fixed telephone terminal and the exchange equipment are not required to be replaced, and the networking structure is not required to be adjusted. The voice data encryption in the public network exposure area can be realized, and the information security protection capability in the internal and external intercommunication process is greatly enhanced.

Referring to fig. 1, a block diagram of a system for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention is shown, where the system may specifically include the following parts:

A fixed telephone 10, a voice gateway 11, a mobile terminal 12, an identity authentication platform 13 and a quantum key management service platform 14;

The landline telephone 10 is configured to establish a voice session with the mobile terminal 12 through the voice gateway 11, and after the voice session is established, send first voice data to the voice gateway 11, and receive second voice data sent by the voice gateway 11, where the second voice data is sent to the voice gateway 11 by the mobile terminal 12;

A voice gateway is a network device that acts as a bridge between a conventional telephone system (e.g., PSTN, public switched telephone network) and an IP-based communication system (e.g., voIP, voice over Internet Protocol). Through the voice gateway, an enterprise or individual user may convert conventional analog telephone signals into digital format and transmit through the internet or other data network, and vice versa.

A landline telephone, also known as a wireline telephone or landline telephone, is a communication device that is connected to the Public Switched Telephone Network (PSTN) through a physical line. The landline telephone is connected to a local telephone exchange by one or more pairs of copper wires (twisted pair) or other type of transmission medium, such as optical fibers, and when a user dials a telephone, the microphone converts sound into electrical signals that are transmitted along the telephone line to the exchange where they are further processed and routed to a destination, and in modern telephone systems analog signals are typically converted to digital format at nodes near the user for more efficient transmission over the network. After reaching the receiver, the digital signal is restored to an analog signal for the receiver to play.

The voice gateway is capable of handling the conversion between different types of communication protocols, such as the use of SIP (Session Initiation Protocol) for VoIP calls interoperating with protocols of conventional telephone systems like ISDN (INTEGRATED SERVICES DIGITAL Network) or POTS (Plain Old Telephone Service). It has built-in various audio codecs (such as G.711, G.729, AMR-WB, etc.), and can select the most suitable coding mode to optimize tone quality and bandwidth usage according to network conditions. Voice gateways typically integrate basic call processing functions such as dial plan management, number mapping, call forwarding, conference bridging, etc., to simplify user operation and increase flexibility. Supporting TLS/DTLS encryption and SRTP (Secure Real-time Transport Protocol) to Secure voice communications, and may also implement various access control policies to ensure that only authorized users can use the service.

A Mobile Terminal (Mobile Terminal) refers to a portable electronic device capable of communicating through a wireless network, and is designed for a computing and communication device operating in a Mobile state, having an independent processing capability, and being connected to the wireless communication network. Such devices are typically battery-powered and support a variety of wireless connectivity means, such as cellular networks (2G/3G/4G/5G), wi-Fi, bluetooth, etc. They are widely used in personal and business fields to provide users with various functions such as voice call, data transmission, multimedia services, etc. The mobile terminal may include a smart phone, a tablet computer, a smart watch, an internet of things device, and the like.

In some embodiments of the present invention, the landline telephone 10 is only capable of transmitting and receiving analog signals, requiring signaling conversion by the voice gateway 11 to establish a voice session with the mobile terminal 12. The established voice session is divided into the fixed telephone 10 actively dialing the mobile terminal 12 and the fixed telephone 10 receiving the dialing from the mobile terminal 12, so that the first voice data refers to the voice data transmitted from the fixed telephone 10 to the mobile terminal 12 via the voice gateway 11, and the second voice data refers to the voice data transmitted from the mobile terminal 12 to the fixed telephone 10 via the voice gateway 11.

The voice gateway 11 is configured to establish a voice session with the mobile terminal 12 after the landline telephone 10 initiates a call to the mobile terminal 12 or after the mobile terminal 12 initiates a call to the landline telephone 10, send a secret identifier acquisition request to the identity authentication platform 13 during the establishment of the voice session, receive the secret identifier allocated by the identity authentication platform 13, send a session key acquisition request to the quantum key management service platform 14, where the key acquisition request includes the secret identifier, receive a session key allocated for the secret identifier sent by the quantum key management service platform 14, receive first voice data sent by the landline telephone 10 after the voice session is established, encrypt the first voice data using the session key and send the encrypted second voice data to the mobile terminal 12, and receive encrypted second voice data sent by the mobile terminal 12, decrypt the encrypted second voice data using the session key and send the second voice data to the landline telephone 10;

Because coding modes at two ends of an IMS call data stream of a fixed telephone are different from those at two ends of an IMS call data stream of a mobile terminal, no matter the fixed telephone 10 dials to the mobile terminal 12 or the mobile terminal 12 dials to the fixed telephone 10, data and signaling format conversion is needed to be carried out in the middle by means of the voice gateway 11, besides, the voice gateway 11 also plays a role of proxy voice encryption and decryption, in the process of establishing drawings between the fixed telephone 10 and the mobile terminal 12, in order to ensure safe transmission of call data, the voice gateway 11 firstly needs to apply for obtaining a secret entering identifier to the identity authentication platform 13, and can apply for obtaining a session key of encrypted session data to the quantum key management service platform 14 by virtue of the secret entering identifier, and the secret entering identifier can comprise a session ID generated by number operation of a calling party and a called party. After obtaining the session key, the voice gateway 11 may encrypt the first voice data received from the landline telephone 10 and send the encrypted first voice data to the mobile terminal 12, or decrypt the encrypted second voice data received from the mobile terminal 12, decrypt the encrypted second voice data using the session key and send the decrypted second voice data to the landline telephone 10, so as to ensure secure transmission of the voice call content.

In some embodiments of the present invention, the voice gateway 11 further comprises a secure medium 110, the secure medium 110 having stored therein a charging key;

The voice gateway 11 is further configured to send a session key obtaining request to the quantum key management service platform 14, where the key obtaining request includes the secret identifier encrypted according to a filling key; receiving a session key encrypted according to a filling key and sent by the quantum key management service platform 14, and decrypting the encrypted session key by using the filling key to obtain a session key;

Secure Media refers to physical or digital Media used to store, transmit, and process sensitive information that has certain security features to protect data from unauthorized access, tampering, or disclosure. The security medium is widely applied to industries such as government, military, finance, medical treatment and the like, and ensures the security and the integrity of key information. The secure medium is specially designed or configured to prevent data loss, corruption, and unauthorized access to the storage device or communication channel to some extent. These media may be in hardware (e.g., hard disk drive, USB flash drive, smart card, etc.) or software (e.g., encrypted file system, virtual disk, etc.).

In one embodiment of the present invention, the secure media 11 built into the voice gateway 11 may use a U-shield as the encryption medium. After the voice gateway 11 obtains the secret identifier from the identity authentication platform 13, when the vector subkey management service platform 14 sends a session key request, the secret identifier is also sent to the quantum key management service platform 14 together, the secret identifier is a session ID generated by the number operation of both the calling party and the called party, the session key corresponding to the voice call can be accurately found through the secret identifier, the secure medium 111 built in the voice gateway 11 can pre-charge the key, and the session key is encrypted and decrypted according to the pre-charge key.

In some embodiments of the present invention, the voice gateway 11 is further configured to, after receiving the first voice data sent by the landline telephone 10, perform data format conversion on the first voice data, encrypt the data format-converted first voice data using the session key and send the encrypted first voice data to the mobile terminal 12, and, after receiving the encrypted second voice data sent by the mobile terminal 12, decrypt the encrypted second voice data using the session key, perform data format conversion on the second voice data, and send the data format-converted second voice data to the landline telephone 10.

The voice gateway 11 not only encrypts and decrypts the first voice data and the second voice data, but also converts the first voice data of the analog signal in the signaling format 7 sent by the fixed telephone 10 into a digital signal in the signaling format SIP and sends the digital signal to the mobile terminal 12, and the same voice gateway 11 can send the digital signal in the signaling format 7 to the fixed telephone 10 after receiving the second voice data of the digital signal in the signaling format SIP sent by the mobile terminal 12 and then completes the normal communication of the session.

The mobile terminal 12 is configured to establish a voice session with the landline telephone 10 through the voice gateway 11, send a secret identifier acquisition request to the identity authentication platform 13 during the establishment of the voice session, receive a secret identifier allocated by the identity authentication platform 13, send a session key acquisition request to the quantum key management service platform 14, where the key acquisition request includes the secret identifier, receive a session key allocated to the secret identifier and sent by the quantum key management service platform 14, encrypt second voice data using the session key after the establishment of the voice session, and send the encrypted second voice data to the voice gateway 11, and receive encrypted first voice data sent by the voice gateway 11, decrypt the encrypted first voice data according to the session key, where the first voice data is sent to the voice gateway 11 by the landline telephone 10;

The mobile terminal 12 is the other end of the call with the fixed telephone 10, and in the process of establishing the voice session, the mobile terminal 12 needs to apply for obtaining the secret identification from the identity authentication platform 13, the correct session key can be obtained when the secret identification is used for sending the session key obtaining request to the vector subkey management service platform 14, after establishing the voice session, the mobile terminal 12 encrypts the second voice data sent by itself by using the obtained session key and then sends the encrypted second voice data to the voice gateway 11, and meanwhile, the mobile terminal 12 also decrypts the first voice data from the fixed telephone 10 received from the voice gateway 11 by using the session key.

In some embodiments of the present invention, the mobile terminal 12 has a secure medium 120 having a charging key stored therein;

The mobile terminal 12 is configured to send a session key obtaining request to the quantum key management service platform 14, where the key obtaining request includes the secret identifier encrypted according to a filling key; receiving a session key encrypted according to a filling key and sent by the quantum key management service platform 14, and decrypting the encrypted session key by using the filling key to obtain a session key;

The secure medium 120 of the mobile terminal 12 is typically a quantum SIM card, authentication data preset in a secure chip in the quantum SIM card, that is, a pre-filling key, may encrypt a session key, and when the vector subkey management service platform 14 sends an application for the session key, an encryption identifier is also sent to the quantum key management service platform 14 together, so as to accurately obtain an encrypted session key corresponding to a call, and then the session key obtained by decrypting the filling key is used.

The identity authentication platform 13 is configured to receive an access identifier acquisition request sent by the voice gateway 11, send an access identifier to the voice gateway 11 according to the access identifier acquisition request, and receive an access identifier acquisition request sent by the mobile terminal 12, and send an access identifier to the mobile terminal 12 according to the access identifier acquisition request;

The identity authentication platform 13 mainly performs identity authentication, confirms identities of both parties of a calling party and a called party, generates a session ID generated by the number operation of the calling party and the called party, and serves as an secret entry identifier, obtains an application for sending the secret entry identifier according to the secret entry identifier sent by the voice gateway 11, and obtains the application for sending the corresponding secret entry identifier according to the secret entry identifier sent by the mobile terminal 12.

In some embodiments of the present invention, the identity authentication platform 13 is further configured to determine whether a quantum secret key establishment condition is satisfied according to the voice gateway 11 information and the mobile terminal 12 information, and generate the secret entry identifier according to the voice gateway 11 information and the mobile terminal 12 information after determining that the quantum secret key establishment condition is satisfied.

In the session establishment process, it is also necessary to determine whether the Voice gateway 11 and the mobile terminal 12 meet the quantum secret call establishment condition, that is, confirm that the calling party and the called party meet the Volte quantum secret call establishment condition (terminal, service on state, network, etc.), and Volte (Voice over Long-Term Evolution) is a high-speed wireless communication standard for mobile phones and data terminals, which is based on an IP Multimedia Subsystem (IMS) network, and uses a configuration file (defined in PRD ir.92 by GSM association) specially made for a Control plane and a media plane (MEDIA PLANE) of a Voice service on LTE, so that the Voice service (Control and media planes) is transmitted as a data stream in the LTE data bearer network without maintaining and relying on a traditional circuit switched Voice network. VoLTE has more than three times the voice and data capacity of 3G UMTS and more than six times the voice and data capacity of 2G GSM. Because VoLTE packet headers are smaller than non-optimized VoIP/LTE, it also uses bandwidth more efficiently.

After determining that the voice gateway 11 and the mobile terminal 12 both meet the quantum secret call establishment condition, a session ID is generated as an secret entry identifier according to the number calculation of the calling party and the called party of the voice gateway 11 and the mobile terminal 12. The generation of session IDs by calculation from the numbers of the calling and called parties is a method of ensuring that each communication session has a unique identifier. This approach may be used in a variety of communication protocols and services, such as SIP (Session Initiation Protocol), voIP (Voice over IP), instant messaging, and the like.

The quantum key management service platform 14 is configured to receive a session key acquisition request sent by the voice gateway 11, where the key acquisition request includes the secret entry identifier, allocate a session key for the secret entry identifier, send the encrypted session key to the voice gateway 11, receive a session key acquisition request sent by the mobile terminal 12, where the key acquisition request includes the secret entry identifier, allocate a session key for the secret entry identifier, and send the encrypted session key to the mobile terminal 12.

The quantum key management service platform 14 is a place where session key negotiation is performed, and when a session key request transmitted from the voice gateway 11 or the mobile terminal 12 is received, a corresponding voice session is determined based on the secret identifier transmitted together with the voice gateway or the mobile terminal, and the session key of the voice session is encrypted with the filling key and then transmitted to the voice gateway or the mobile terminal.

In some embodiments of the present invention, the quantum key management service platform 14 is further configured to receive a session key acquisition request sent by the voice gateway 11, where the key acquisition request includes the secret identifier encrypted according to a filling key, acquire the filling key, decrypt the encrypted secret identifier according to the filling key, and allocate a session key to the secret identifier, encrypt the session key according to the filling key, send the encrypted session key to the voice gateway 11, and receive a session key acquisition request sent by the mobile terminal 12, where the key acquisition request includes the secret identifier encrypted according to a filling key, acquire the filling key, decrypt the encrypted secret identifier according to the filling key, and allocate a session key to the secret identifier, encrypt the session key using the filling key, and send the encrypted session key to the mobile terminal 12.

In some embodiments of the invention, the system further comprises a session control server 15, a home subscriber server 16 and a call session control server 17;

the fixed telephone 10 is configured to send call signaling to the voice gateway 11;

the voice gateway 11 is configured to perform signaling format conversion on the call signaling to obtain a call request, and send the call request to the session control server 15;

The session control server, SIP server (Session Initiation Protocol Server), is a key component for supporting SIP-based real-time communication services. It plays an important role in VoIP, video conferencing, instant messaging, etc. applications. The main responsibilities of the SIP server include aspects of user registration, call control, routing, and security authentication. When a user wants to initiate a call, the SIP server receives and processes an INVITE request from the initiator and then attempts to forward the request to the recipient. If the receiver agrees to join the call, the SIP server helps to establish the connection, otherwise it will notify the initiator of the call failure. The SIP server decides how to route SIP messages according to predefined rules or policies, ensuring that they can reach the destination correctly.

When the landline telephone 10 transmits call signaling to the voice gateway 11, the voice gateway 11 converts the analog signal signaling No. 7 into a digital signal call request and then delivers the call request to the session control server 15 to process the call request.

The session control server 15 is configured to invoke the home subscriber server 16 to query whether the called mobile terminal supports the long term evolution voice bearer communication service according to the call request, and invoke the call session control server 17 to establish a voice session if the called mobile terminal supports the long term evolution voice bearer communication service.

The HSS (Home Subscriber Server ) is a key component in the IMS architecture, mainly for storing and managing subscriber related configuration data and service information. The HSS stores authentication credentials (e.g., IMSI, K, etc.) for the user to verify the user's identity and to ensure that only authorized users can access network resources and services. The HSS communicates with the S-CSCF via the Diameter protocol, which is responsible for handling functions such as registration, session control, etc. of the user. The S-CSCF queries the HSS for relevant information each time a User Equipment (UE) initiates a registration or establishes a session. In addition to CSCFs, HSS may also exchange data with other IMS components such as AS (Application Server), MGCF (MEDIA GATEWAY Control Function), etc. to support more complex service scenarios, as well as to provide core support for high quality voice and video calls in 4G/5G networks.

The CSCF (Call Session Control Function ) is one of the core components in the architecture, mainly used for managing and controlling SIP-based multimedia communication sessions, and can be divided into three main types, P-CSCF (Proxy CSCF), which is responsible for forwarding SIP requests from user equipment to I-CSCF and returning responses from the network to the user equipment, I-CSCF (Interrogating CSCF ), which acts as a bridge between external network and internal S-CSCF for calls or messages coming into the IMS network, and for calls or messages going out of the IMS network, which, in contrast, when new registration requests or other types of SIP messages are received, I-CSCF queries to determine to which S-CSCF should be sent for processing, S-CSCF (SERVING CSCF ), which is responsible for processing registration requests of users and for completing identity authentication procedures in cooperation with HSS, ensuring that only authorized users can access IMS services.

In some embodiments of the present invention, the session control server 15 queries the home subscriber server 16 according to the call request converted by the voice gateway 11, determines whether the called party terminal supports VoLTE (long term evolution voice bearer communication service), and if so, the session control server 15 notifies the call session control server 17 that the server starts the session establishment procedure, and the call session control server 17 negotiates call parameters with the called party terminal device, including codec and code rate.

Referring to fig. 2, a step flow chart of a method for communicating between a fixed phone and a mobile terminal provided by an embodiment of the present invention is shown, and the method is applied to a voice gateway, and may specifically include the following steps:

step 201, after the fixed telephone initiates a call to the mobile terminal or the mobile terminal initiates a call to the fixed telephone, a voice session is established with the mobile terminal;

In some embodiments of the present invention, the step 201 may include the following sub-steps:

Receiving a call signaling sent by the fixed telephone, converting a signaling format of the call signaling to obtain a call request, and sending the call request to a session control server so that the session control server calls a home subscriber server according to the call request to inquire whether a called party mobile terminal supports a long-term evolution voice bearing communication service, and if the called party mobile terminal supports the long-term evolution voice bearing communication service, calling the session control server to establish a voice session.

Referring to fig. 3, a schematic diagram of a service flow of a system for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention is shown, and the figure is used as a supplementary description. When the fixed telephone initiates a call to the mobile terminal, or the mobile terminal initiates a call to the fixed telephone, a voice session needs to be established between the fixed telephone and the mobile terminal through a voice gateway. If the call request is initiated by the fixed telephone, the analog signal of the No.7 signaling used by the fixed telephone is required to be converted into a proper digital signal, the digital signal is connected to a telecom room customized voice encryption gateway through an E1 line by an outgoing device, the voice encryption gateway finishes the conversion of the call signaling (NO. 7- > SIP), then the SIP server processes the call request, the SIP server inquires the HSS server to determine whether the called party supports VoLTE and the like, if so, the SIP server informs the CSCF server to start a session establishment process, and the CSCF server negotiates call parameters with the called party terminal device.

Step 202, in the process of establishing the voice session, sending a secret identifier acquisition request to an identity authentication platform, and receiving a secret identifier distributed by the identity authentication platform; the vector sub-key management service platform sends a session key acquisition request which comprises the secret identifier, receives a session key distributed for the secret identifier and sent by the quantum key management service platform, and sends the session key to the quantum key management service platform;

In some embodiments of the present invention, the step 202 may include the following sub-steps:

S11, acquiring voice gateway information and mobile terminal information;

And S12, sending a secret identification acquisition request to an identity authentication platform, wherein the secret identification acquisition request comprises voice gateway information and mobile terminal information, so that the identity authentication platform generates the secret identification according to the voice gateway information and the mobile terminal information after determining that the quantum secret call establishment condition is met according to the voice gateway information and the mobile terminal information.

In the process of establishing the voice session, the calling party and the called party need to conduct session key negotiation through a quantum key management service platform (QMS) to protect the voice session. The negotiation mode is that, for the calling party, after the calling party (voice gateway or Volte terminal) initiates a session, the calling party applies for an identity authentication platform, the identity authentication platform confirms that the calling party and the called party meet Volte quantum secret call establishment conditions (terminal, service opening state, network, etc.), a session ID generated by the number operation of the calling party and the called party is generated for the session, and is used as an encryption identifier, and the encryption identifier is sent to the calling party, and the calling party encrypts the identifier through a pre-charge key and sends to a quantum key management service platform (QMS) to apply for the session key of the call. The QMS encrypts and issues this session key to the calling party.

For the called party, the called party (voice gateway or Volte terminal) sends a secret identification application request to an identity authentication platform in the voice session establishment stage, and the identity authentication platform returns a secret identification to the called party. The called party encrypts the identifier through the pre-filling key and sends the identifier to a quantum key management service platform (QMS) to acquire a session key of the call. The QMS encrypts and issues this session key to the calling party. Both sides successfully acquire the session key, and the session key negotiation is successful.

In some embodiments of the present invention, the voice gateway has a secure medium, the secure medium having a charging key stored therein, and the step 202 may further include the sub-steps of:

s21, encrypting the secret identification by using the filling secret key;

Step S22, a vector subkey management service platform sends a session key acquisition request, wherein the key acquisition request comprises the secret entry identifier encrypted according to a filling key;

the step 202 may further comprise the sub-steps of:

Step S31, receiving a session key encrypted according to the filling key and sent by the quantum key management service platform;

and a substep S32, decrypting the encrypted session key by using the filling key to obtain the session key.

The voice gateway can customize encryption, a security chip is built in, an application of a secret identification is carried out on the identity authentication platform, a pre-charging key is built in the secret identification and the security chip, and a vector subkey management system initiates session key negotiation to obtain a session key used by the session. After receiving the voice call, the mobile terminal obtains the access identifier of the current session from the identity authentication platform, and obtains the session key from the quantum key management system by using the access identifier.

Step 203, after the voice session is established, receiving the first voice data sent by the fixed phone, encrypting the first voice data by using the session key and sending the encrypted second voice data to the mobile terminal, and receiving the encrypted second voice data sent by the mobile terminal, decrypting the encrypted second voice data by using the session key and sending the second voice data to the fixed phone.

In some embodiments of the present invention, the step 203 may include the following sub-steps:

encrypting the first voice data subjected to data format conversion by using the session key and sending the encrypted first voice data to the mobile terminal;

After the session key agreement of the two parties of the voice gateway is successful, the voice gateway and the mobile terminal encrypt voice data in real time through the session key, the voice data sent by the fixed telephone to the mobile terminal is first voice data, and the voice data sent by the mobile terminal to the fixed telephone is second voice data.

In some embodiments of the present invention, the step 203 may further include the following sub-steps:

Similarly, in an embodiment of the present invention, when the mobile terminal initiates a call to the fixed phone, when the second voice data encrypted by the session key is sent to the fixed phone by the mobile terminal, it is necessary to route the digital signal of the second voice data from the IMS network to the fixed phone network, and then the voice gateway converts the digital signal into the fixed phone format of signaling No. 7, and then the fixed phone is connected.

Referring to fig. 4, a step flow chart of another method for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention is shown, and the method may specifically include the following steps:

Step 401, in the process of establishing a voice session with the fixed telephone through a voice gateway, sending a secret identification acquisition request to an identity authentication platform, receiving a secret identification allocated by the identity authentication platform, sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret identification, and receiving a session key allocated to the secret identification and sent by the quantum key management service platform;

In some embodiments of the present invention, the step 401 may include the following sub-steps:

S41, acquiring voice gateway information and mobile terminal information;

and S42, sending a secret identification acquisition request to an identity authentication platform, wherein the secret identification acquisition request comprises voice gateway information and mobile terminal information, so that the identity authentication platform generates the secret identification according to the voice gateway information and the mobile terminal information after determining that the quantum secret call establishment condition is met according to the voice gateway information and the mobile terminal information.

When the mobile terminal receives a call of a fixed telephone or calls the fixed telephone, the mobile terminal also firstly requests to the identity authentication platform to obtain the secret entering identifier, and the identity authentication platform returns the secret entering identifier, so that the voice gateway and the mobile terminal are required to send information of the voice gateway and the mobile terminal together when sending a secret entering identifier application, and the session ID can be calculated and generated as the secret entering identifier after the condition that the quantum secret calling establishment condition is met is confirmed through the information.

In some embodiments of the present invention, the mobile terminal has a secure medium, where the secure medium has a charging key stored therein, and the step 401 may further include the following sub-steps:

a substep S51 of encrypting the secret identifier using the filling key;

Step S52, the vector subkey management service platform sends a session key acquisition request which comprises the secret entry identifier encrypted according to the filling key;

The mobile terminal such as the quantum mobile phone can be issued by the inside of a unit, information can be input into a gateway in advance, a security medium in the quantum mobile phone can be a quantum SIM card, and a charging key preset in a security chip in the SIM card can encrypt the secret identification. And when the vector subkey management service platform sends a session key acquisition request, sending the encrypted encryption identifier to the quantum key management service platform so as to find a corresponding communication session.

The step 401 may further comprise the sub-steps of:

Step S61, receiving a session key encrypted according to the filling key and sent by the quantum key management service platform;

And a substep S62, decrypting the encrypted session key by using the filling key to obtain a session key.

Step 402, after establishing the voice session, encrypting the second voice data by using the session key, and sending the encrypted second voice data to the voice gateway, and receiving the encrypted first voice data sent by the voice gateway, decrypting the encrypted first voice data according to the session key, wherein the first voice data is sent to the voice gateway by the fixed telephone.

After the two parties of the fixed telephone and the mobile terminal obtain the session key, the negotiated session key can be used for encrypting the respective voice data and then transmitting the encrypted voice data. The second voice data sent by the mobile terminal is encrypted by the session key and then sent to the voice gateway, and the first voice data received by the mobile terminal from the voice gateway is also required to be decrypted by the session key.

In one embodiment of the present invention, when a landline phone initiates a call to a mobile terminal, a customized mobile terminal transmits received VoLTE voice data, i.e., first voice data, from a DSP module of a mobile phone communication processor (CP side) to a quantum security middleware of a mobile phone application processor (AP side), and decrypts the VoLTE voice data using a session key.

It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.

Referring to fig. 5, a block diagram of a device for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention is shown, which may specifically include the following modules:

A session establishment module 501, configured to establish a voice session with the mobile terminal after the fixed phone initiates a call to the mobile terminal or after the mobile terminal initiates a call to the fixed phone;

the first request and acquisition module 502 is configured to send a secret identifier acquisition request to an identity authentication platform in a process of establishing the voice session, and receive a secret identifier allocated by the identity authentication platform; the vector sub-key management service platform sends a session key acquisition request which comprises the secret identifier, receives a session key distributed for the secret identifier and sent by the quantum key management service platform, and sends the session key to the quantum key management service platform;

The first sending and receiving module 503 is configured to receive, after a voice session is established, first voice data sent by the landline phone, encrypt the first voice data using the session key and send the encrypted first voice data to the mobile terminal, and receive encrypted second voice data sent by the mobile terminal, decrypt the encrypted second voice data using the session key, and send the second voice data to the landline phone.

In some embodiments of the present invention, the first request and obtain module includes:

In some embodiments of the present invention, the voice gateway has a secure medium having a charging key stored therein;

The first request and acquisition module further includes:

In some embodiments of the present invention, the first transmitting and receiving module includes:

The first transmitting and receiving module further includes:

In some embodiments of the present invention, the first transmitting and receiving module further includes:

Referring to fig. 6, a block diagram of another device for communicating between a fixed phone and a mobile terminal according to an embodiment of the present invention is shown, which may specifically include the following modules:

The second request and acquisition module 601 is configured to send a secret identifier acquisition request to an identity authentication platform in a process of establishing a voice session with the landline telephone through a voice gateway, receive an secret identifier allocated by the identity authentication platform, send a session key acquisition request to the quantum key management service platform, where the key acquisition request includes the secret identifier, and receive a session key allocated to the secret identifier and sent by the quantum key management service platform;

The second sending and receiving module 602 is configured to encrypt second voice data using the session key after establishing a voice session, and send the encrypted second voice data to the voice gateway, and receive encrypted first voice data sent by the voice gateway, decrypt the encrypted first voice data according to the session key, where the first voice data is sent to the voice gateway by the landline phone.

In some embodiments of the present invention, the second request and obtain module includes:

In some embodiments of the present invention, the mobile terminal has a secure medium having a charging key stored therein;

the second request and acquisition module further includes:

For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.

The embodiment of the invention also provides an electronic device, which comprises a processor, a memory and a computer program stored in the memory and capable of running on the processor, wherein the computer program realizes the processes of the above-mentioned fixed telephone and mobile terminal communication method embodiment when being executed by the processor, and can achieve the same technical effects, and the repetition is avoided, and the description is omitted here.

The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, realizes the processes of the above-mentioned fixed telephone and mobile terminal communication method embodiment, and can achieve the same technical effects, and in order to avoid repetition, the description is omitted here.

In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.

It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.

The foregoing describes a method for communicating with a mobile terminal and a device for communicating with a mobile terminal according to the present invention, and the principles and embodiments of the present invention are described herein by using specific examples, which are merely for aiding in understanding the method and core concept of the present invention, and meanwhile, as for those skilled in the art, according to the concept of the present invention, there are variations in the specific embodiments and application ranges, so that the disclosure should not be interpreted as limiting the invention.

Claims

1. A system for communicating between a fixed telephone and a mobile terminal is characterized by comprising the fixed telephone, a voice gateway, the mobile terminal, an identity authentication platform and a quantum key management service platform;

2. The system of claim 1, wherein the access identity acquisition request includes voice gateway information and mobile terminal information;

3. The system of claim 1, wherein the system further comprises a controller configured to control the controller,

The voice gateway is provided with a secure medium, and the secure medium is stored with a filling key; the voice gateway is used for sending a session key acquisition request to the quantum key management service platform, wherein the key acquisition request comprises the secret entry identifier encrypted according to the filling key; receiving a session key encrypted according to a filling key and sent by the quantum key management service platform, and decrypting the encrypted session key by using the filling key to obtain a session key;

4. The system of claim 1, wherein the system further comprises a controller configured to control the controller,

The voice gateway is used for carrying out data format conversion on the first voice data after receiving the first voice data sent by the fixed telephone, encrypting the first voice data subjected to data format conversion by using the session key and sending the first voice data to the mobile terminal, and decrypting the encrypted second voice data by using the session key after receiving the encrypted second voice data sent by the mobile terminal, carrying out data format conversion on the second voice data and sending the second voice data subjected to data format conversion to the fixed telephone.

5. The system of claim 1, further comprising a session control server, a home subscriber server, and a call session control server;

the fixed telephone is used for sending call signaling to the voice gateway;

6. A method for a landline telephone to communicate with a mobile terminal, the method being applied to a voice gateway, the method comprising:

7. The method of claim 6, wherein the sending the secret identification acquisition request to the authentication platform comprises:

acquiring voice gateway information and mobile terminal information;

8. The method of claim 6, wherein the voice gateway has a secure medium having a charging key stored therein;

Encrypting the secret identifier by using the filling secret key;

9. The method of claim 6, wherein encrypting and transmitting the first voice data to the mobile terminal using the session key comprises:

Said sending said second voice data to said landline telephone comprising:

10. The method of claim 6, wherein said establishing a voice session with said mobile terminal after said landline telephone initiates a call to said mobile terminal comprises:

11. A method for a landline telephone to communicate with a mobile terminal, the method being applied to the mobile terminal, the method comprising:

12. The method of claim 11, wherein the sending the secret identification acquisition request to the authentication platform comprises:

acquiring voice gateway information and mobile terminal information;

13. The method of claim 11, wherein the mobile terminal has a secure medium having a charging key stored therein;

Encrypting the secret identifier by using the filling secret key;

14. An apparatus for a landline telephone to mobile terminal communication, the apparatus being adapted for use in a voice gateway, the apparatus comprising:

15. An apparatus for a landline telephone to communicate with a mobile terminal, the apparatus being adapted for use with the mobile terminal, the apparatus comprising:

16. An electronic device comprising a processor, a memory and a computer program stored on the memory and operable on the processor, the computer program when executed by the processor performing the steps of the method of communicating with a mobile terminal by a landline telephone according to any one of claims 6-10 or 11-13.

17. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the method of talking on a mobile station with a stationary telephone as claimed in any of claims 6-10 or 11-13.