CN114338618A - Multi-party call method, system, conference server and electronic equipment - Google Patents
Multi-party call method, system, conference server and electronic equipment Download PDFInfo
- Publication number
- CN114338618A CN114338618A CN202011076873.2A CN202011076873A CN114338618A CN 114338618 A CN114338618 A CN 114338618A CN 202011076873 A CN202011076873 A CN 202011076873A CN 114338618 A CN114338618 A CN 114338618A
- Authority
- CN
- China
- Prior art keywords
- terminal
- server
- key
- conference server
- bootstrap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 87
- 230000008569 process Effects 0.000 claims abstract description 39
- 230000004044 response Effects 0.000 claims description 21
- 238000003860 storage Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 238000009826 distribution Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 20
- 230000006870 function Effects 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000004846 x-ray emission Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000013598 vector Substances 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Abstract
The disclosure relates to a method, a system, a conference server and an electronic device for multi-party call, and relates to the technical field of communication. The method of the present disclosure comprises: the conference server receives a multi-party call access request sent by each terminal, wherein the multi-party call access request sent by each terminal comprises: the terminal comprises a bootstrap identifier of the terminal, wherein the bootstrap identifier is distributed by the terminal and a bootstrap server in the GBA authentication process; the conference server acquires the key of each terminal from the guidance server according to the guidance identifier of each terminal; the conference server receives conversation speaking data which are respectively sent by each terminal and encrypted by adopting own secret key; the conference server decrypts the encrypted conversation speech data of the terminal according to the secret key of the terminal aiming at each terminal; and the conference server encrypts the decrypted conversation speech data of the terminal by adopting the key of each other terminal aiming at each terminal and respectively sends the encrypted conversation speech data to each other terminal.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method and a system for multi-party call, a conference server, and an electronic device.
Background
Voice over Long-Term Evolution (LTE) -based Voice is an end-to-end Voice scheme that is structured under the all-IP condition on a 4G network, and Voice services are transmitted as data streams in the LTE network based on an IMS (IP Multimedia Subsystem) network.
The multi-party call can be realized by a plurality of terminals through the VoLTE technology respectively. However, VoLTE voice data of the terminal is easily intercepted or tampered during transmission, thereby threatening the privacy of the user.
Disclosure of Invention
One technical problem to be solved by the present disclosure is: how to improve the security of the multi-party call process.
According to some embodiments of the present disclosure, a method for multi-party call is provided, which includes: the conference server receives a multi-party call access request sent by each terminal, wherein the multi-party call access request sent by each terminal comprises: the terminal comprises a bootstrap identifier of the terminal, wherein the bootstrap identifier is distributed by the terminal and a bootstrap server in the GBA authentication process; the conference server acquires the key of each terminal from the guidance server according to the guidance identifier of each terminal; the conference server receives conversation speaking data which are respectively sent by each terminal and encrypted by adopting own secret key; the conference server decrypts the encrypted conversation speech data of the terminal according to the secret key of the terminal aiming at each terminal; and the conference server encrypts the decrypted conversation speech data of the terminal by adopting the key of each other terminal aiming at each terminal and respectively sends the encrypted conversation speech data to each other terminal.
In some embodiments, the conference server receives a multi-party call access request sent by each terminal through a proposed SDP _ Offer message of a session description protocol; after the conference server obtains the key of each terminal from the guidance server according to the guidance identifier of each terminal, the method further comprises the following steps: the conference server sends a response SDP _ Answer message of a session description protocol to the terminal aiming at each terminal, wherein the SDP _ Answer message comprises: the conference server has acquired indication information of the key of the terminal.
In some embodiments, the method further comprises: the conference server receives a multi-party call access request sent by a terminal aiming at each terminal, and sends a guide authentication requirement to the terminal under the condition that the multi-party call access request does not include a guide identifier of the terminal, wherein the guide authentication requirement comprises the following steps: and the identifier of the bootstrap server, so that the terminal and the bootstrap server complete the GBA authentication process and acquire the bootstrap identifier according to the requirement of bootstrap authentication.
In some embodiments, the method further comprises: aiming at each terminal, a bootstrap server receives a GBA bootstrap request sent by the terminal, wherein the GBA bootstrap request is sent after the terminal receives a bootstrap authentication request; the method comprises the steps that a boot server and a terminal perform a GBA authentication process, and a boot identifier of the terminal and a root key corresponding to the terminal are generated; and the guide server returns the guide identification of the terminal to the terminal.
In some embodiments, the obtaining, by the conference server, the key of each terminal from the guidance server according to the guidance identifier of each terminal includes: for each terminal, the conference server sends a key acquisition request to the guidance server, wherein the key acquisition request comprises: a guide identifier of the terminal and an identifier of the conference server; the conference server receives a key acquisition response returned by the guidance server, wherein the key acquisition response comprises: and the guiding server generates a key of the terminal according to the root key corresponding to the terminal and the identification of the conference server.
In some embodiments, the method further comprises: after receiving a key acquisition request sent by a conference server, a guide server searches a root key corresponding to a terminal according to a guide identifier of the terminal; and the guide server generates a key of the terminal according to the root key corresponding to the terminal and the identification of the conference server, adds the key of the terminal into the key acquisition response and sends the key to the conference server.
In some embodiments, the bootstrap server further generates a lifetime of a root key corresponding to the terminal in the GBA authentication process performed with the terminal, and returns the lifetime of the root key corresponding to the terminal; the method further comprises the following steps: under the condition that the lifetime of the root key is expired, guiding the server and the terminal to perform the GBA authentication process again, and generating a new root key corresponding to the terminal and the lifetime of the new root key; the bootstrap server returns the lifetime of the new root key to the terminal.
In some embodiments, the key of the terminal is generated by the terminal according to the identification of the root key and the conference server after the terminal generates the root key in the GBA authentication process with the bootstrap server.
According to further embodiments of the present disclosure, there is provided a conference server including: the first receiving module is used for receiving a multi-party call access request sent by each terminal, wherein the multi-party call access request sent by each terminal comprises: the terminal comprises a bootstrap identifier of the terminal, wherein the bootstrap identifier is distributed by the terminal and a bootstrap server in the GBA authentication process; the acquisition module is used for acquiring the key of each terminal from the guidance server according to the guidance identifier of each terminal; the second receiving module is used for receiving the conversation speaking data which are respectively sent by each terminal and encrypted by adopting the own secret key; the decryption module is used for decrypting the encrypted conversation speech data of the terminal according to the secret key of the terminal aiming at each terminal; and the distribution module is used for encrypting the decrypted conversation speech data of the terminal by adopting the keys of other terminals aiming at each terminal and then respectively sending the encrypted conversation speech data to other terminals.
According to still other embodiments of the present disclosure, a system for multi-party call is provided, which includes: the conference server of any of the preceding embodiments, and a plurality of terminals; each terminal is used for sending a multi-party call access request to the conference server, sending the call speaking data encrypted by the own secret key to the conference server, receiving the encrypted call speaking data of other terminals sent by the conference server, and decrypting the received encrypted call speaking data by using the own secret key.
In some embodiments, the system further comprises: and the guide server is used for providing the key of each terminal for the conference server according to the guide identification of each terminal.
According to still further embodiments of the present disclosure, there is provided an electronic device including: a processor; and a memory coupled to the processor for storing instructions that, when executed by the processor, cause the processor to perform a method of multi-party calling as in any of the preceding embodiments.
According to still further embodiments of the present disclosure, there is provided a non-transitory computer readable storage medium having a computer program stored thereon, wherein the program, when executed by a processor, implements the method of multi-party calling of any of the foregoing embodiments.
According to the method, the terminal obtains the guide identification and the key in the GBA authentication process with the guide server, the conference server receives the multi-party call access request of each terminal, the multi-party call access request comprises the guide identification of the terminal, and the key of each terminal is obtained from the guide server according to the guide identification of each terminal. Each terminal can send the conversation speech data encrypted by the key of the terminal to the conference server, and the conference server decrypts the encrypted conversation speech data by using the key of the terminal for each terminal, and then encrypts the data by using the keys of other terminals and sends the encrypted data to other terminals respectively. The method can realize the encrypted transmission of the call data of each terminal in the multi-party call process, and improve the safety of the multi-party call process.
In addition, through the GBA guide framework, the key negotiation of each call terminal is realized, and the key does not need to be transmitted and distributed to the terminal. And each terminal participating in the multi-party call respectively holds different session keys, the keys cannot be leaked even if a single party exits in the call process, and the session keys of the call terminals are subjected to associated management by the conference server, so that the call data can be monitored while decryption and safe redistribution of the call data are realized.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 illustrates a flow diagram of a method of multi-party calling of some embodiments of the present disclosure.
FIG. 2 illustrates a flow diagram of a method of multi-party calling of further embodiments of the present disclosure.
Fig. 3 illustrates a flow diagram of a method of multi-party calling in accordance with further embodiments of the disclosure.
Fig. 4 shows a schematic structural diagram of a conference server of some embodiments of the present disclosure.
Fig. 5 illustrates a block diagram of a system for multi-party calling of some embodiments of the present disclosure.
Fig. 6 illustrates a schematic structural diagram of an electronic device of some embodiments of the present disclosure.
Fig. 7 shows a schematic structural diagram of an electronic device of further embodiments of the disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The present disclosure provides a method for multi-party call, which is described below with reference to fig. 1 to 3.
FIG. 1 is a flow chart of some embodiments of a method of multi-party calling of the present disclosure. As shown in fig. 1, the method of this embodiment includes: steps S102 to S110.
In step S102, each terminal sends a multi-party call access request to the conference server, and correspondingly, the conference server receives the multi-party call access request sent by each terminal.
The multi-party call access request sent by each terminal comprises the following steps: the bootstrap identity of the terminal, which is allocated by the terminal and the bootstrap server in the GBA (Generic Bootstrapping Architecture) authentication process. The leading identity is for example the B-TID. The GBA authentication procedure will be described in the subsequent embodiments. The bootstrap Server is, for example, a BSF (Bootstrapping Server Function) network element. In some embodiments, the conference server receives a multi-party call access request transmitted by each terminal through an SDP _ Offer message.
In step S104, the conference server obtains the key of each terminal from the guidance server according to the guidance identifier of each terminal.
In the GBA authentication process, each terminal generates its own key, and the bootstrap server also generates a root key and a corresponding bootstrap identifier of each terminal. The conference server may query the guidance server for the key of each terminal based on the guidance identity of each terminal.
In some embodiments, for each terminal, the conference server sends a key acquisition request to the guidance server, the key acquisition request including: a guide identifier of the terminal and an identifier of the conference server; the guide server searches a root key corresponding to the terminal according to the guide identifier of the terminal, and generates a key of the terminal according to the root key of the terminal and the identifier of the conference server; the conference server receives a key acquisition response returned by the guide server, wherein the key acquisition response comprises: and the guiding server generates a key of the terminal according to the root key corresponding to the terminal and the identification of the conference server.
In step S106, each terminal sends the talk burst data encrypted by the own key to the conference server, and correspondingly, the conference server receives the talk burst data encrypted by the own key and sent by each terminal.
In some embodiments, after the conference server obtains the key of each terminal from the bootstrap server according to the bootstrap identifier of each terminal, the conference server sends an SDP _ Answer (Answer of session description protocol) message to each terminal, where the SDP _ Answer message includes: the conference server has acquired indication information of the key of the terminal. And after receiving the indication information that the conference server has acquired the key of the terminal in the SDP _ Answer message, each terminal encrypts the talk data by using the key thereof and then sends the encrypted talk data to the conference server.
In step S108, the conference server decrypts the encrypted speech data of the terminal for each terminal based on the key of the terminal.
The conference server obtains the key of each terminal from the guide server, and the key of each terminal is respectively and correspondingly stored with the identifier or the guide identifier of each terminal. The data packet sent by each terminal comprises: and the encrypted call speaking data is neutralized with the identifier or the guide identifier of the terminal. The conference server can search the key of each terminal according to the identifier or the guide identifier of the terminal, and decrypt the encrypted conversation speech data of the terminal.
In step S110, the conference server encrypts the decrypted speech data of the terminal with the key of each of the other terminals, and transmits the encrypted speech data to each of the other terminals.
For example, the conference server encrypts the encrypted call origination data of terminal 1 with the keys of terminals 2 and 3, respectively, transmits the call origination data encrypted with the key of terminal 2 to terminal 2, and transmits the call origination data encrypted with the key of terminal 3 to terminal 3. After each terminal receives the encrypted conversation speech data sent by the conference server, the conversation speech data can be obtained only by decrypting the encrypted conversation speech data by using the own key.
In the above embodiment, the terminal obtains the bootstrap identifier and the key in the GBA authentication process with the bootstrap server, the conference server receives the multi-party call access request of each terminal, including the bootstrap identifier of the terminal, and obtains the key of each terminal from the bootstrap server according to the bootstrap identifier of each terminal. Each terminal can send the conversation speech data encrypted by the key of the terminal to the conference server, and the conference server decrypts the encrypted conversation speech data by using the key of the terminal for each terminal, and then encrypts the data by using the keys of other terminals and sends the encrypted data to other terminals respectively. The method of the embodiment can realize the encrypted transmission of the call data of each terminal in the multi-party call process, and improves the safety of the multi-party call process.
In addition, through the GBA guide framework, the key negotiation of each call terminal is realized, and the key does not need to be transmitted and distributed to the terminal. And each terminal participating in the multi-party call respectively holds different session keys, the keys cannot be leaked even if a single party exits in the call process, and the session keys of the call terminals are subjected to associated management by the conference server, so that the call data can be monitored while decryption and safe redistribution of the call data are realized.
A flow diagram of additional embodiments of the disclosed multi-party call method is described below in conjunction with fig. 2. As shown in fig. 2, the method of this embodiment includes: steps S202 to S230, the method of this embodiment may be performed for each terminal.
In step S202, the terminal sends a multi-party call access request to the conference server, and correspondingly, the conference service receives the multi-party call access request sent by the terminal.
In step S204, the conference server sends a request for authentication guidance to the terminal when the multi-party call access request does not include the guidance identifier of the terminal.
The conference server may determine whether the multi-party call access request includes a bootstrap identification of the terminal, and if not, send a bootstrap authentication requirement to the terminal. The bootstrapping authentication requirements include, for example: an identification of a boot server.
In step S206, the terminal sends a GBA bootstrap request to the bootstrap server, and accordingly, the bootstrap server receives the GBA bootstrap request sent by the terminal.
The GBA bootstrap request may be an HTTP request.
In step S208, the bootstrap server performs a GBA authentication procedure with the terminal, and generates a bootstrap identifier of the terminal and a root key corresponding to the terminal.
In some embodiments, the bootstrap server obtains all security parameter settings and authentication vectors (AV, AV ═ RAND | | AUTN | | XRES | | CK | | IK) of the terminal from the home subscription server through the reference point Zh. The home subscription Server may be an HSS, a UDM (Unified Data Management Function), an AUSF (Authentication Server Function), or the like. The bootstrapping server sends the random numbers RAND and AUTN (no CK, IK and XRES sent) to the terminal in a 401 message. And the terminal calculates the AUTN value by using the RAND value, compares the AUTN value with the AUTN value sent by the guide server, and successfully authenticates the network if the AUTN value is consistent with the AUTN value sent by the guide server. The terminal also calculates CK, IK and RES. Thus, both the bootstrapping server and the terminal have the keys IK and CK. The terminal sends another HTTP request to the bootstrapping server containing the digest AKA response (calculated using RES). The bootstrapping server compares the digest AKA response with that calculated using XRES, thereby authenticating the terminal. If the authentication is successful, the bootstrap server generates a root key Ks through CK and IK. And encoded according to RAND and bootstrapping server name to produce a B-TID value (bootstrapping identity) in the format of NAI.
In step S210, the boot server returns the boot identifier of the terminal and the lifetime of the root key to the terminal.
For example, the bootstrap server sends a 200OK message to the terminal to notify that the authentication is successful, where the message includes the bootstrap identifier and may further include the lifetime of the root key Ks. The method comprises the steps that the bootstrap server further generates the life cycle of a root key corresponding to the terminal in the GBA authentication process with the terminal, the life cycle of the root key corresponding to the terminal is returned to the terminal, the terminal and the bootstrap server jointly monitor the life cycle of the root key, the bootstrap server and the terminal carry out the GBA authentication process again under the condition that the life cycle of the root key is expired, and a new root key corresponding to the terminal and the life cycle of the new root key are generated. The bootstrap server returns the lifetime of the new root key to the terminal. If a new guide identifier is generated in the process of GBA authentication again, the terminal needs to send the new guide identifier to the conference server, and the conference server subsequently acquires the key of the terminal according to the new guide identifier.
In step S212, the terminal generates a root key, and generates a key of the terminal from the root key and the identification of the conference server.
The terminal also generates a root key Ks from CK and IK. And generating a key Ks _ NAF of the terminal according to the root key Ks and the identification of the conference server. The terminal records the root key Ks and the corresponding lifetime.
In step S214, the terminal sends a multi-party call access request to the conference server again, where the multi-party call access request includes a guidance identifier.
In step S216, the conference server transmits a key acquisition request to the guidance server.
The key acquisition request may include: a guidance identity of the terminal and an identity of the conference server.
In step S218, the guidance server searches for a root key corresponding to the terminal of the terminal according to the guidance identifier of the terminal, and generates a key of the terminal according to the root key corresponding to the terminal and the identifier of the conference server.
And generating a key Ks _ NAF of the terminal according to the root key Ks of the terminal and the identification of the conference server.
In step S220, the guidance server adds the key of the terminal to the key acquisition response and sends the key acquisition response to the conference server, and accordingly, the conference server receives the key acquisition response returned by the guidance server.
In step S222, the conference server stores the guidance identifier of the terminal, the identifier of the terminal, and the key of the terminal in association with each other.
In step S224, the conference server transmits a multi-party call access response message to the terminal.
The multi-party call access response message is, for example, an SDP _ Answer message, and includes, for example: the conference server has acquired indication information of the key of the terminal.
In step S226, the terminal encrypts the talk burst data with the key, and transmits the encrypted talk burst data to the conference server.
In step S228, the conference server searches for the key of the terminal, and decrypts the encrypted talk burst data of the terminal based on the key of the terminal.
And the terminal sends the encrypted conversation speaking data and the identifier or the guide identifier of the terminal to the conference server. And the conference server searches the key of the terminal according to the identifier or the guide identifier of the terminal.
In step S230, the conference server encrypts the decrypted speech data of the terminal with the key of each of the other terminals, and then transmits the encrypted speech data to each of the other terminals.
Some application examples of the method of multi-party calling of the present disclosure are described below in conjunction with fig. 3. As shown in fig. 3, the entire system may include the following parts.
BSF: the guide server is responsible for guide authentication of each terminal, and a key and a guide identifier corresponding to each terminal are derived between the guide authentication; and provided to the conference server. HSS: and the home subscriber server provides authentication key data to the guide server. A terminal: and the terminal participating in the multi-party call is used as the UE in the GBA architecture. A conference server: and inquiring a corresponding key according to the guide identification uploaded by each terminal, and realizing decryption and safe redistribution of the call data.
As shown in fig. 3, each terminal requests the conference server to join the multi-party call, and the conference server returns a request for guiding authentication to each terminal; the terminal 1 requests the bootstrap authentication from the bootstrap server BSF, the BSF requests the authentication vector from the home subscription server, and the terminal 1 and the terminal complete AKA authentication. The guide server generates a new guide identifier B-TID for the guide authentication process, generates and stores a root key of each terminal, and returns the guide identifier B-TID and the lifetime of the root key to the terminal 1. Similarly, terminal 2 and terminal 3 … … also accomplish the above process, and each calling terminal obtains the bootstrap identifier B-TID, and generates and distributes independent and unique keys (corresponding to session key 1, session key 2, session key 3 … … session key N) locally at the terminal.
After the guiding authentication is completed, the terminal 1 sends the acquired guiding identification to the conference server and requests to join the call again; the conference server carries the guide identifier of the terminal 1, queries and stores the corresponding session key to the BSF, and returns a response to the terminal 1. Similarly, the terminal 2, the terminal 3 … … and the terminal N also complete the above steps to join the multi-party call. When the terminal N speaks, the terminal N encrypts data using the session key N and sends it to the conference server. The conference server decrypts the encrypted data using the session key N, encrypts the call data using the session key 2 and the session key 3, and transmits the encrypted call data to the terminal 2 and the terminal 3, respectively. By analogy, when the terminal 2 speaks, the terminal 2 encrypts the call by using the session key 2 and sends the call to the conference server, the conference server decrypts the call plaintext by using the session key 2, and then encrypts the call by using the session key 1 and the session key 3 respectively and sends the encrypted call to the terminal 1 and the terminal 3, … …
When each terminal listens to the speaking content, the encrypted conversation data distributed by the conference server is decrypted by using the respective session key, so that the multi-party conversation security encryption and decryption are realized. After any terminal quits the multi-party call, the corresponding session key is not used any more, and the call safety is not influenced even if the key is leaked.
In the embodiment of the disclosure, each party terminal sends the respective guiding identification to the multi-party call server after completing the guiding authentication, the multi-party call server obtains the session key of all call terminals from the guiding server through the guiding identification and establishes the key association relation of the call, in the multi-party call process, the speaking party encrypts the call data and sends the encrypted call data to the multi-party call server, and the multi-party call server decrypts the call data and then encrypts and respectively sends the encrypted call data by the keys of all listening parties, so that the high-safety multi-party call encryption is realized. In the process, the authentication and the negotiation of respective conversation keys are efficiently realized based on the original safe and reliable mobile network authentication mechanism, each party in the conversation has a unique conversation key, and the safety risks of key distribution and key leakage are avoided.
The scheme disclosed by the invention is based on a GBA (guaranteed bit architecture) guide framework, and the session key agreement, authentication and key agreement between each call terminal and a guide server are realized by utilizing an AKA (authentication and authorization) authentication mechanism, a root key is generated according to the card data shared by a network and a user card, a terminal card slot is not required to be occupied for storing the key, the session key is not required to be transmitted and distributed to each terminal, the security risk of key transmission is avoided, and the safety is high; similar architecture and flow can be applied to a 5G network, and the portability is high; each terminal participating in the multi-party call respectively holds different session keys, and the keys cannot be leaked even if a single party exits in the call process. The conference server performs associated management on the session key of the call terminal, realizes decryption and safe redistribution of call data, and can supervise the call data.
The present disclosure also provides a conference server, described below in conjunction with fig. 4.
Fig. 4 is a block diagram of some embodiments of a conferencing server of the present disclosure. As shown in fig. 4, the conference server 40 of this embodiment includes: a first receiving module 402, an obtaining module 404, a second receiving module 406, a decrypting module 408, and a distributing module 410.
A first receiving module 402, configured to receive a multi-party call access request sent by each terminal, where the multi-party call access request sent by each terminal includes: and the terminal and the bootstrap server are distributed in the GBA authentication process.
An obtaining module 404, configured to obtain, from the guidance identifier of each terminal, a key of each terminal to the guidance server.
In some embodiments, the obtaining module 404 is configured to send a key obtaining request to the bootstrap server, where the key obtaining request includes: a guide identifier of the terminal and an identifier of the conference server; receiving a key acquisition response returned by the bootstrap server, wherein the key acquisition response comprises: and the guiding server generates a key of the terminal according to the root key corresponding to the terminal and the identification of the conference server.
In some embodiments, the key of the terminal is generated by the terminal according to the identification of the root key and the conference server after the terminal generates the root key in the GBA authentication process with the bootstrap server.
A second receiving module 406, configured to receive the talk data encrypted by using the own key and sent by each terminal.
And a decryption module 408, configured to decrypt, for each terminal, the encrypted talk burst data of the terminal according to the key of the terminal.
The distributing module 410 is configured to, for each terminal, encrypt the decrypted talk burst data of the terminal with a key of each other terminal, and then send the encrypted talk burst data to each other terminal.
In some embodiments, the first receiving module 402 is configured to receive the multi-party call access request sent by each terminal through a proposed SDP _ Offer message of the session description protocol. The conference server 40 further includes: a sending module 412, configured to send, to each terminal, an SDP _ Answer message of a session description protocol to the terminal, where the SDP _ Answer message includes: the conference server has acquired indication information of the key of the terminal.
In some embodiments, the sending module 412 is further configured to send a bootstrapping authentication requirement to the terminal in a case that the multiparty call access request sent by the receiving terminal does not include a bootstrapping identifier of the terminal, where the bootstrapping authentication requirement includes: and the identifier of the bootstrap server, so that the terminal and the bootstrap server complete the GBA authentication process and acquire the bootstrap identifier according to the requirement of bootstrap authentication.
The present disclosure also provides a system for multi-party calling, which is described below with reference to fig. 5.
Fig. 5 is a block diagram of some embodiments of the disclosed multi-party call system. As shown in fig. 5, the system 5 of this embodiment includes: the conference server 40 of any of the foregoing embodiments, and a plurality of terminals 52.
The terminal 52 is configured to send a multi-party call access request to the conference server 40, send call speech data encrypted by using its own key to the conference server 40, receive encrypted call speech data of each other terminal sent by the conference server 40, and decrypt the received encrypted call speech data by using its own key.
In some embodiments, the system 5 further comprises: and a guidance server 54 for providing the key of each terminal 52 to the conference server according to the guidance identification of each terminal 52.
In some embodiments, the terminal 52 is further configured to receive a bootstrapping authentication request sent by the conference server 40, a GBA bootstrapping request sent to the bootstrapping server 54, perform a GBA authentication procedure with the bootstrapping server 54, and receive a bootstrapping identifier generated by the bootstrapping server 54. Accordingly, the bootstrap server 54 is configured to receive the GBA bootstrap request sent by the terminal 52; performing a GBA authentication process with the terminal 52, and generating a bootstrap identifier of the terminal 52 and a root key corresponding to the terminal; the bootstrap identification of the terminal 52 is returned to the terminal 52.
In some embodiments, the terminal 52 is further configured to generate a root key during GBA authentication with the bootstrap server 54, and to generate a key based on the root key and the identity of the conference server.
In some embodiments, the bootstrap server 54 is further configured to further generate a lifetime of the root key corresponding to the terminal 52 during the GBA authentication process performed on the terminal 52, and return the lifetime of the root key corresponding to the terminal 52. The bootstrap server 54 is further configured to monitor a lifetime of the root key corresponding to the terminal 52, and when the lifetime of the root key expires, perform the GBA authentication procedure with the terminal 52 again, and generate a new root key and a lifetime of the new root key corresponding to the terminal 52; the lifetime of the new root key is returned to the terminal 52.
In some embodiments, the terminal 52 is further configured to receive a lifetime of the root key sent by the bootstrap server 54, monitor the lifetime of the corresponding root key, perform the GBA authentication procedure with the bootstrap server 54 again when the lifetime of the root key expires, generate a new root key, and receive the lifetime of the new root key sent by the bootstrap server 54.
In some embodiments, the guidance server 54 is further configured to receive a key obtaining request sent by the conference server 40, and search a root key corresponding to the terminal 52 according to the guidance identifier of the terminal 52; and generating a key of the terminal 52 according to the root key corresponding to the terminal 52 and the identification of the conference server 40, adding the key of the terminal 52 into a key acquisition response, and sending the key to the conference server 40.
In some embodiments, the system 5 further comprises: a home subscription server 56 for providing authentication critical data to the bootstrapping server 54 during GBA authentication.
The electronic devices in the embodiments of the present disclosure, such as the conference server, the terminal, the guidance server, and the like, may each be implemented by various computing devices or computer systems, which are described below in conjunction with fig. 6 and 7.
Fig. 6 is a block diagram of some embodiments of an electronic device of the present disclosure. As shown in fig. 6, the electronic apparatus 60 of this embodiment includes: a memory 610 and a processor 620 coupled to the memory 610, the processor 620 configured to perform a method of multi-party calling in any of the embodiments of the present disclosure based on instructions stored in the memory 610.
Fig. 7 is a block diagram of further embodiments of an electronic device of the present disclosure. As shown in fig. 7, the electronic apparatus 70 of this embodiment includes: memory 710 and processor 720 are similar to memory 610 and processor 620, respectively. An input output interface 730, a network interface 740, a storage interface 750, and the like may also be included. These interfaces 730, 740, 750, as well as the memory 710 and the processor 720, may be connected, for example, by a bus 760. The input/output interface 730 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 740 provides a connection interface for various networking devices, such as a database server or a cloud storage server. The storage interface 750 provides a connection interface for external storage devices such as an SD card and a usb disk.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only exemplary of the present disclosure and is not intended to limit the present disclosure, so that any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (13)
1. A method of multi-party calling, comprising:
the conference server receives a multi-party call access request sent by each terminal, wherein the multi-party call access request sent by each terminal comprises: a bootstrap identifier of the terminal, the bootstrap identifier being allocated by the terminal and the bootstrap server in a Generic Bootstrapping Architecture (GBA) authentication process;
the conference server acquires the key of each terminal from the guidance server according to the guidance identifier of each terminal;
the conference server receives conversation speaking data which are respectively sent by each terminal and encrypted by adopting own secret key;
the conference server decrypts the encrypted conversation speech data of the terminal according to the secret key of the terminal aiming at each terminal;
and the conference server encrypts the decrypted conversation speech data of the terminal by adopting the key of each other terminal aiming at each terminal and respectively sends the encrypted conversation speech data to each other terminal.
2. The method of claim 1, wherein the conference server receives a multi-party call access request transmitted by each terminal through a proposed SDP _ Offer message of a session description protocol;
after the conference server obtains the key of each terminal from the guidance server according to the guidance identifier of each terminal, the method further includes:
the conference server sends a response SDP _ Answer message of a session description protocol to each terminal, wherein the SDP _ Answer message comprises: the conference server has obtained indication information of a key of the terminal.
3. The method of claim 1, further comprising:
the conference server receives a multi-party call access request sent by each terminal, and sends a guidance authentication requirement to the terminal under the condition that the multi-party call access request does not include a guidance identifier of the terminal, wherein the guidance authentication requirement comprises: and the identifier of the bootstrap server is used for enabling the terminal to complete the GBA authentication process with the bootstrap server and acquire the bootstrap identifier according to the bootstrap authentication requirement.
4. The method of claim 3, further comprising: for each of the terminals it is possible to identify,
the bootstrap server receives a GBA bootstrap request sent by the terminal, wherein the GBA bootstrap request is sent after the terminal receives the bootstrap authentication request;
the bootstrap server and the terminal perform a GBA authentication process and generate a bootstrap identifier of the terminal and a root key corresponding to the terminal;
and the guide server returns the guide identification of the terminal to the terminal.
5. The method of claim 4, wherein the conference server obtaining the key of each terminal from the guidance server according to the guidance identifier of each terminal comprises: for each of the terminals it is possible to identify,
the conference server sends a key acquisition request to the guidance server, wherein the key acquisition request comprises: a guide identifier of the terminal and an identifier of the conference server;
the conference server receives a key acquisition response returned by the guidance server, wherein the key acquisition response comprises: and the guiding server generates the key of the terminal according to the root key corresponding to the terminal and the identification of the conference server.
6. The method of claim 5, further comprising:
after receiving a key acquisition request sent by the conference server, the guide server searches a root key corresponding to the terminal according to the guide identifier of the terminal;
and the guide server generates a key of the terminal according to the root key corresponding to the terminal and the identification of the conference server, adds the key of the terminal into the key acquisition response and sends the key to the conference server.
7. The method of claim 6, wherein the bootstrap server further generates a lifetime of a root key corresponding to the terminal during GBA authentication with the terminal, and the bootstrap server further returns the lifetime of the root key corresponding to the terminal;
the method further comprises the following steps:
under the condition that the lifetime of the root key is expired, the bootstrap server and the terminal perform the GBA authentication process again, and a new root key corresponding to the terminal and the lifetime of the new root key are generated;
and the guide server returns the life cycle of the new root key to the terminal.
8. The method of claim 1, wherein the key of the terminal is generated by the terminal according to the root key and the identification of the conference server after the terminal generates the root key in the GBA authentication process with the bootstrap server.
9. A conference server, comprising:
the first receiving module is used for receiving a multi-party call access request sent by each terminal, wherein the multi-party call access request sent by each terminal comprises: a bootstrap identifier of the terminal, the bootstrap identifier being allocated by the terminal and the bootstrap server in a Generic Bootstrapping Architecture (GBA) authentication process;
the acquisition module is used for acquiring the key of each terminal from the guidance server according to the guidance identifier of each terminal;
the second receiving module is used for receiving the conversation speaking data which are respectively sent by each terminal and encrypted by adopting the own secret key;
the decryption module is used for decrypting the encrypted conversation speech data of the terminal aiming at each terminal according to the secret key of the terminal;
and the distribution module is used for encrypting the decrypted conversation speech data of the terminal by adopting the keys of other terminals aiming at each terminal and then respectively sending the encrypted conversation speech data to other terminals.
10. A system for multi-party calling, comprising: the conference server of claim 9, and a plurality of terminals;
each terminal is used for sending a multi-party call access request to the conference server, sending the call speaking data encrypted by the own secret key to the conference server, receiving the encrypted call speaking data of other terminals sent by the conference server, and decrypting the received encrypted call speaking data by using the own secret key.
11. The system of claim 10, further comprising:
and the guide server is used for providing the key of each terminal for the conference server according to the guide identification of each terminal.
12. An electronic device, comprising:
a processor; and
a memory coupled to the processor for storing instructions that, when executed by the processor, cause the processor to perform the method of multi-party calling as claimed in any of claims 1-8.
13. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the steps of the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011076873.2A CN114338618A (en) | 2020-10-10 | 2020-10-10 | Multi-party call method, system, conference server and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011076873.2A CN114338618A (en) | 2020-10-10 | 2020-10-10 | Multi-party call method, system, conference server and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114338618A true CN114338618A (en) | 2022-04-12 |
Family
ID=81031799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011076873.2A Pending CN114338618A (en) | 2020-10-10 | 2020-10-10 | Multi-party call method, system, conference server and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338618A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760625A (en) * | 2022-04-15 | 2022-07-15 | 中国电信股份有限公司 | Encrypted call method, device and system |
| CN114978485A (en) * | 2022-04-21 | 2022-08-30 | 中国电信股份有限公司 | Voice data transmission method, system, electronic device and storage medium |
| CN115766130A (en) * | 2022-11-02 | 2023-03-07 | 中国联合网络通信集团有限公司 | Conference encryption method and device, electronic equipment and storage medium |
| CN116545774A (en) * | 2023-07-05 | 2023-08-04 | 四川西盾科技有限公司 | Audio and video conference security method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1870500A (en) * | 2006-01-24 | 2006-11-29 | 华为技术有限公司 | Method of strengthening universal authority identifying structure used for non-IMS terminal |
| CN101039311A (en) * | 2006-03-16 | 2007-09-19 | 华为技术有限公司 | Identification web page service network system and its authentication method |
| CN101197674A (en) * | 2007-12-10 | 2008-06-11 | 华为技术有限公司 | Encrypted communication method, server and encrypted communication system |
| CN102595389A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Method and system for MTC (Machine Type Communication) servers to share key |
| EP2785011A1 (en) * | 2013-03-27 | 2014-10-01 | Gemalto SA | Method to establish a secure voice communication using generic bootstrapping architecture |
| CN111131741A (en) * | 2019-12-13 | 2020-05-08 | 中移(杭州)信息技术有限公司 | Multi-party video call method, system, device and computer readable storage medium |
-
2020
- 2020-10-10 CN CN202011076873.2A patent/CN114338618A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1870500A (en) * | 2006-01-24 | 2006-11-29 | 华为技术有限公司 | Method of strengthening universal authority identifying structure used for non-IMS terminal |
| CN101039311A (en) * | 2006-03-16 | 2007-09-19 | 华为技术有限公司 | Identification web page service network system and its authentication method |
| CN101197674A (en) * | 2007-12-10 | 2008-06-11 | 华为技术有限公司 | Encrypted communication method, server and encrypted communication system |
| CN102595389A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Method and system for MTC (Machine Type Communication) servers to share key |
| EP2785011A1 (en) * | 2013-03-27 | 2014-10-01 | Gemalto SA | Method to establish a secure voice communication using generic bootstrapping architecture |
| CN111131741A (en) * | 2019-12-13 | 2020-05-08 | 中移(杭州)信息技术有限公司 | Multi-party video call method, system, device and computer readable storage medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760625A (en) * | 2022-04-15 | 2022-07-15 | 中国电信股份有限公司 | Encrypted call method, device and system |
| CN114760625B (en) * | 2022-04-15 | 2024-03-01 | 中国电信股份有限公司 | Encryption call method, device and system |
| CN114978485A (en) * | 2022-04-21 | 2022-08-30 | 中国电信股份有限公司 | Voice data transmission method, system, electronic device and storage medium |
| CN114978485B (en) * | 2022-04-21 | 2023-09-08 | 中国电信股份有限公司 | Voice data transmission method, system, electronic equipment and storage medium |
| CN115766130A (en) * | 2022-11-02 | 2023-03-07 | 中国联合网络通信集团有限公司 | Conference encryption method and device, electronic equipment and storage medium |
| CN115766130B (en) * | 2022-11-02 | 2024-04-19 | 中国联合网络通信集团有限公司 | Conference encryption method and device, electronic equipment and storage medium |
| CN116545774A (en) * | 2023-07-05 | 2023-08-04 | 四川西盾科技有限公司 | Audio and video conference security method and system |
| CN116545774B (en) * | 2023-07-05 | 2023-09-15 | 四川西盾科技有限公司 | Audio and video conference security method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10742418B2 (en) | Authentication method, authentication apparatus, and authentication system | |
| US20190068591A1 (en) | Key Distribution And Authentication Method And System, And Apparatus | |
| EP3422629B1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
| US10903987B2 (en) | Key configuration method, key management center, and network element | |
| CN114338618A (en) | Multi-party call method, system, conference server and electronic equipment | |
| RU2335866C2 (en) | Method of cryptographic key forming and distribution in mobile communication system and corresponding mobile communication system | |
| WO2020221252A1 (en) | Method and apparatus for sending terminal sequence number and authentication method and apparatus | |
| US20070086590A1 (en) | Method and apparatus for establishing a security association | |
| CN103534975A (en) | Discovery of security associations for key management relying on public keys | |
| EP2426852A1 (en) | Method and system for implementing secure forking calling session in ip multi-media subsystem | |
| CN104683291B (en) | Session key negotiation method based on IMS system | |
| CN113347215B (en) | Encryption method for mobile video conference | |
| CN111050322A (en) | GBA-based client registration and key sharing method, device and system | |
| EP4184821A1 (en) | Ims data channel-based communication method and device | |
| CN112737774A (en) | Data transmission method, device and storage medium in network conference | |
| CN112436936B (en) | Cloud storage method and system with quantum encryption function | |
| WO2023160420A1 (en) | Group message encryption method and apparatus, device and storage medium | |
| CN111835997B (en) | Cloud video conference system based on quantum key encryption and decryption method thereof | |
| CN104243146A (en) | Encryption communication method and device and terminal | |
| CN103973543A (en) | Method and device for instant messaging | |
| CN114630290A (en) | Key agreement method, device, equipment and storage medium for voice encryption communication | |
| CN109889763B (en) | Call establishment method, device and storage medium of conference television system | |
| WO2017197968A1 (en) | Data transmission method and device | |
| US20090136043A1 (en) | Method and apparatus for performing key management and key distribution in wireless networks | |
| CN110830240B (en) | Communication method and device of terminal and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |