CN101635823B - Method and system of terminal for encrypting videoconference data - Google Patents
Method and system of terminal for encrypting videoconference data Download PDFInfo
- Publication number
- CN101635823B CN101635823B CN 200910090587 CN200910090587A CN101635823B CN 101635823 B CN101635823 B CN 101635823B CN 200910090587 CN200910090587 CN 200910090587 CN 200910090587 A CN200910090587 A CN 200910090587A CN 101635823 B CN101635823 B CN 101635823B
- Authority
- CN
- China
- Prior art keywords
- terminal
- videoconference server
- authentication
- videoconference
- autn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a method of a terminal for encrypting videoconference data, which comprises the following steps: generating a network authentication token (AUTN) by a terminal in authentication with a videoconference server; carrying random passwords (RAND) by the videoconference server in media format negotiation requests sent to the terminal after the authentication is succeeded; calculating an encryption key by the terminal by combining the AUTN and the RAND; carrying out negotiation of encryption key and encryption calculation with the videoconference server; and carrying out encryption communication between the two parties after the negotiation is unified. The invention also discloses a system of a terminal for encrypting videoconference data. The method and the system can be used for encrypting videoconference data and ensuring the confidential transmission of the videoconference data. Because user names registered in each terminal are different in a videoconference, encryption keys generated by each terminal are different. In the communication between a terminal and a server, the invention can effectively prevent a third party from eavesdropping.
Description
Technical field
The present invention relates to the video conferencing technology in the communications field, relate in particular to a kind of terminal the videoconference data based on IP multimedia system (IMS) is carried out method of encrypting and system.
Background technology
Development along with communication network, third generation digital communication (3G) system is drawn close to Long Term Evolution (LTE) system gradually, therefore, mobile operator need introduce the framework in IMS territory existing communication service is controlled, and then is wherein a kind of business based on the video conference of IMS.
At present, 3G terminal has reached the ability that inserts the IMS video conference, and a plurality of operator is also in the video conference of greatly developing based on IMS.The IMS video conference is the concentrated meeting, need the IMS core net that the application server support is provided, as: professional type CSCF (S-CSCF) entity that the IMS core net provides is used for the negotiation of convention business conversation initialized protocol (SIP), media resource controlled function (MRFC) entity that the IMS core net provides and media resource processing capacity (MRFP) entity are used to handle processing and the switching and the right to speak of various Media Streams, and the conference policy server that the IMS core net provides is used to manage the conferencing policy that loads user and operator's formulation.SIP is adopted in the IMS video conference on chain of command, multiple authentication has been stipulated to the transmission of SIP signaling in third generation partner program (3GPP) and the Internet engineering duty group (IETF), guarantee the method for safety, guaranteed the level security of transmitted information on the chain of command, but also the data of IMS video conference are not encrypted in the prior art, that is: the fail safe of transmitted information does not guarantee on user's face, terminal for illegal access video conferencing system, voice data in the video conference and video data etc. all can be revealed, again because IMS belongs to IP network, grab newspaper if malicious user carries out the whole network on IP network, the data of video conference are easy to be acquired.As seen, the fail safe of existing videoconference data is not protected.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of terminal that videoconference data is carried out method of encrypting and system, can realize the data of video conference are encrypted.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of terminal videoconference data is carried out method of encrypting, this method comprises:
Terminal with the videoconference server authentication process in produce network authentication token AUTN, after the authentication success, videoconference server request and terminal are carried out media formats and are consulted, employing Session Description Protocol SDP is a negotiation mechanism, and the capable m of SDP medium is expanded; M=SEC 0 DES of described expansion gained IDEA RC2 RC4 RC5RAND;
Terminal is carried out the media formats negotiation after receiving request, and in conjunction with the random password RAND among the m entrained in the request and AUTN utilization AKA algorithm computation RES, encryption key CK and IK; The cryptographic algorithm notice videoconference server that terminal will be calculated the value RES corresponding with encryption key CK of gained or IK and be supported;
Videoconference server will be made comparisons in conjunction with the value that the value RES corresponding with encryption key CK of random password RAND and AUTN utilization AKA algorithm computation gained or IK and terminal are sent out, and notify terminal with comparative result, when determining that comparative result is unified, begin to carry out both sides' coded communication;
Wherein, the production process of described AUTN is: terminal sends a request message to its inner user identification module SIM, request obtains the Electronic Serial Number ESN of SIM, after terminal is received the ESN that SIM returns, adopt Digest mechanism that the authentication computing is carried out in the title and the IP address of ESN, videoconference server, terminal calculates 128 response response, and described response is AUTN;
Need during described SEC presentation medium format negotiation hold consultation to encryption key; The negotiation message that described 0 expression videoconference server will be carried m is issued terminal; Described DES, IDEA, RC2, RC4 and RC5 represent dissimilar cryptographic algorithm respectively.
Wherein, in described terminal and the videoconference server authentication process, further comprise:
Behind the failed authentication, terminal re-execute and videoconference server between authentication operations.
Further, described videoconference server will be calculated in the process that value that the value RES corresponding with encryption key CK of gained or IK and terminal send out makes comparisons, and also comprise:
If value RES that terminal is corresponding with the encryption key CK of videoconference server or the comparative result disunity of IK, then terminal re-execute and videoconference server between the media formats negotiation.
In the such scheme, described terminal and videoconference server are carried out the process of authentication, are specially:
Terminal generates participates in the required user name of video conference, initiates register requirement according to user name to videoconference server afterwards, and videoconference server notice terminal need be carried out authentication;
Terminal is carried out the authentication computing and is obtained preserving behind the AUTN, and notifies videoconference server with AUTN;
Videoconference server is carried out authentication to the AUTN that receives, will determine that information returns to terminal when determining the authentication success.
The system that the present invention also provides a kind of terminal that videoconference data is encrypted, this system comprises: terminal and videoconference server; Wherein,
Described terminal, be used to carry out and videoconference server between authentication operations, and in authentication process, produce network authentication token AUTN; Determine to pass through authentication, and after receiving the request that videoconference server is sent out, carry out and videoconference server between the media formats negotiation, and the random password RAND that sends out among the m entrained in asking in conjunction with AUTN and videoconference server uses AKA algorithm computation RES, encryption key CK and IK; And the cryptographic algorithm notice videoconference server that will calculate the value RES corresponding of gained or IK and be supported with encryption key CK, receive the comparative result that videoconference server sends out unified after, carry out and videoconference server between coded communication;
Described videoconference server is used to carry out the authentication operations with terminal room; Request is carried out the media formats negotiation with terminal, and adopting Session Description Protocol SDP is negotiation mechanism, and the capable m of SDP medium is expanded; M=SEC 0 DES of described expansion gained IDEA RC2 RC4 RC5 RAND; The value RES corresponding of the calculating gained that receiving terminal is sent out or IK and the cryptographic algorithm of being supported with encryption key CK;
Also be used for and make comparisons in conjunction with the value that the value RES corresponding with encryption key CK of random password RAND and AUTN utilization AKA algorithm computation gained or IK and terminal are sent out, and notify terminal with comparative result, when determining that comparative result is unified, begin to carry out both sides' coded communication;
Wherein, the process that described terminal produces AUTN is: send a request message to its inner user identification module SIM, request obtains the Electronic Serial Number ESN of SIM, after receiving the ESN that SIM returns, adopt Digest mechanism that the authentication computing is carried out in the title and the IP address of ESN, videoconference server, obtain 128 response response, described response is AUTN;
Need during described SEC presentation medium format negotiation hold consultation to encryption key; The negotiation message that described 0 expression videoconference server will be carried m is issued terminal; Described DES, IDEA, RC2, RC4 and RC5 represent dissimilar cryptographic algorithm respectively.
Wherein, described terminal is further used for determining by after the authentication, re-execute and videoconference server between authentication operations; Accordingly,
Described videoconference server is further used for determining that terminal not by after the authentication, re-executes the authentication operations with terminal room.
Wherein, described terminal, when being further used for determining the comparative result disunity of value RES corresponding or IK with the encryption key CK of videoconference server, re-execute and videoconference server between the media formats negotiation; Accordingly,
Described videoconference server when being further used for determining the comparative result disunity of value RES corresponding with the encryption key CK of terminal or IK, re-executes the media formats negotiation with terminal room.
In the such scheme, the authentication operations between described terminal execution and videoconference server, and in authentication process, produce AUTN, be specially:
Generate to participate in the required user name of video conference, initiate register requirement to videoconference server afterwards, receive that carrying out the authentication computing after the authentication notice of videoconference server obtains preserving behind the AUTN, and notify videoconference server AUTN.
Terminal provided by the invention is carried out method of encrypting and system to videoconference data, terminal with the videoconference server authentication process in produce AUTN, after the authentication success, videoconference server consults to carry RAND in the request at the media formats that sends to terminal, terminal calculates encryption key in conjunction with AUTN and RAND, carry out the negotiation of encryption key and cryptographic algorithm afterwards with videoconference server, consult to begin after reunification to carry out both sides' coded communication.The present invention can realize the data of video conference are encrypted, guarantee the confidentiality transmission of videoconference data, because the user name difference of each endpoint registration in the video conference, so encryption key difference of each terminal generation, in the process of terminal and server communication, prevent that effectively the third party from eavesdropping.
Description of drawings
Fig. 1 carries out method of encrypting realization flow schematic diagram for terminal of the present invention to videoconference data;
Fig. 2 is the schematic flow sheet of the present invention's one specific embodiment;
The system configuration schematic diagram that Fig. 3 encrypts videoconference data for terminal of the present invention.
Embodiment
Basic thought of the present invention is: terminal with the videoconference server authentication process in produce network authentication token (AUTN), after the authentication success, videoconference server consults to carry random password (RAND) in the request at the media formats that sends to terminal, terminal calculates encryption key in conjunction with AUTN and RAND, carry out the negotiation of encryption key and cryptographic algorithm afterwards with videoconference server, consult to begin after reunification to carry out both sides' coded communication.
Wherein, if failed authentication, terminal re-execute and videoconference server between authentication operations.
Further, if the encryption key of terminal and videoconference server is consulted disunity, then terminal re-execute and videoconference server between the media formats negotiation.
Below in conjunction with drawings and the specific embodiments the present invention is described in further detail.
Fig. 1 carries out method of encrypting realization flow schematic diagram for terminal of the present invention to videoconference data, and as shown in Figure 1, this flow process may further comprise the steps:
Step 101: terminal with the videoconference server authentication process in produce AUTN;
Step 102: after the authentication success, videoconference server consults to carry RAND in the request at the media formats that sends to terminal;
Step 103: terminal calculates encryption key in conjunction with AUTN and RAND;
Step 104: terminal and videoconference server are carried out the negotiation of encryption key and cryptographic algorithm, consult to begin after reunification to carry out both sides' coded communication.
Fig. 2 is the schematic flow sheet of the present invention's one specific embodiment, and as shown in Figure 2, this flow process may further comprise the steps:
Step 201: terminal generates participates in the required user name of video conference;
Be specially: terminal sends a request message to its inner user identification module (SIM), request obtains international mobile subscriber identity (IMSI), after terminal is received the IMSI that SIM returns, IMSI is organized into the generic resource identifier (URI) that form is imsi@imsi.ctcims.cn, terminal is defined as its own user name with URI, carries out mutual terminal iidentification as terminal and videoconference server.
Step 202: terminal is initiated register requirement according to the user name that generates to videoconference server, and videoconference server notice terminal need be carried out authentication;
Be specially: terminal is initiated register requirement according to the user name that has generated to videoconference server, videoconference server receives that will reply request message after the register requirement returns to terminal, carry code 401 in the message, the terminal of notice relative users name needs authentication, and notifies terminal with authentication information.Here, described authentication information can comprise: the title of videoconference server, IP address etc. are used for follow-up terminal and carry out the authentication computing.
Step 203: terminal is carried out the authentication computing and is obtained preserving behind the AUTN, and notifies videoconference server with AUTN;
Be specially: terminal sends a request message to its inner SIM, request obtains the Electronic Serial Number (ESN) of SIM, after terminal is received the ESN that SIM returns, adopt Digest mechanism that the authentication computing is carried out in the title of ESN, videoconference server, IP address etc., terminal calculates 128 response response, terminal is defined as AUTN with this response response, and terminal is preserved AUTN, and notifies videoconference server with AUTN.
Here, the related AUTN of described AUTN and IMS video conference chain of command is different, AUTN on the chain of command is 128 bit value that produced by the network authentication center when the IMS network registry, is unique constant after the each registration of terminal, removes nonterminal and withdraws from meeting or cancellation.The present invention considers after terminal has only the authentication success just can participate in the video conference in conjunction with the characteristics of the AUTN on the chain of command, therefore the response that produces in the terminal authentication is defined as AUTN here, also is 128 just.
Step 204: videoconference server is carried out authentication to the AUTN that receives, after the authentication success, will determine that information returns to terminal;
Be specially: the AUTN that videoconference server is sent out terminal carries out authentication, if equate with the AUTN that self calculates gained, then shows the authentication success, and the message of carrying code 200OK is sent to terminal, and the notice terminal authentication is successful.Here, videoconference server according to self the storage terminal in SIM encrypted message and use the AK algorithm computation to obtain AUTN, the encrypted message of SIM has been stored in the videoconference server before SIM networks, and the process that described videoconference server is calculated AUTN is a prior art.
Further, the AUTN of gained is unequal with the AUTN of terminal calculating gained if videoconference server self is calculated, and the message that then will carry code 403 sends to terminal, illustrates that terminal do not pass through authentication, the authentication process failure need be returned step 101 and re-execute authentication operations.
Step 205: videoconference server request and terminal are carried out media formats and are consulted the cryptographic algorithm of adding key agreement field and support in request;
Be specially: videoconference server sends Invite message to terminal and invites terminal to add video conference, and require terminal to begin to carry out the media formats negotiation with videoconference server, adopting Session Description Protocol (SDP) is negotiation mechanism, in the capable m of SDP medium, add the SEC type field, expression need be carried out encryption key and consult, and list the cryptographic algorithm of being supported, obtain m=SEC 0 DES IDEA RC2 RC4 RC5 RAND.
Here, the capable m of described SDP medium is used to consult audio frequency, concrete parameter such as coding and decoding video form, m=<medium〉<port〉<transmit<format list 〉, the present invention expands the capable m of medium, be defined as m=SEC 0 DES IDEA RC2 RC4 RC5 RAND increased the SEC type field, what SEC represented the needs negotiation is encryption key, 0 expression videoconference server will be carried the negotiation message of m and be issued terminal, 1 expression terminal will be carried the negotiation message of m and be issued videoconference server, DES IDEA RC2 RC4 RC5 represent different encryption algorithm type, what RAND represented the negotiation message transmission is random password.
In this step, the DES among the m IDEA RC2 RC4 RC5 represent that videoconference server supports DES, IDEA, RC2, RC4 and RC5 cryptographic algorithm, be used for follow-uply carrying out the negotiation of cryptographic algorithm with terminal.
Step 206: terminal is carried out the media formats negotiation after receiving request, and calculates encryption key in conjunction with RAND among the m entrained in the request and AUTN;
Be specially: terminal is carried out media formats and is consulted, and the RAND among the taking-up m, terminal sends the Authentication request message to its inner SIM afterwards, the AUTN that carries RAND in the request message and store before, SIM draws RES, CK and three values of IK in conjunction with RAND and AUTN utilization AKA algorithm computation, and the Authentication Response message that will carry RES, CK and IK returns to terminal.Wherein, described CK is required encryption key.
Step 207: the cryptographic algorithm notice videoconference server that terminal will be calculated the value corresponding with encryption key of gained and be supported;
Be specially: terminal will be calculated the RES corresponding with encryption key CK of gained and the cryptographic algorithm of being supported, notify videoconference server as DES, that is: the message of carrying code 200OK that will contain m=SEC 1 DES RES sends to videoconference server, then finished the negotiation of cryptographic algorithm, the follow-up des encryption algorithm that will adopt is encrypted.Here, a kind of identical in the cryptographic algorithm that described terminal is supported and the step 205 in several cryptographic algorithm of videoconference server support, that is: terminal obtains identical cryptographic algorithm with server negotiate; RES is replaced RAND among the m that videoconference server sends out, be used for follow-up negotiation key.
Among the present invention, also can calculate the IK notice videoconference server corresponding of gained, i.e. m=SEC 1 DES IK in addition with CK.Here, directly CK is not notified the purpose of videoconference server to be: message transmission is a plaintext transmission between terminal and videoconference server, gets if information is stolen, and the encryption key CK that carries in the information has just revealed, and the confidentiality of key does not ensure.
Step 208: videoconference server will be calculated the value corresponding with encryption key of gained and value that terminal is sent out is made comparisons, and notify terminal with comparative result;
Be specially: videoconference server will compare in conjunction with the RES of RAND and AUTN utilization AKA algorithm computation gained or IK and the RES or the IK of the terminal calculating gained of receiving, because there are one-to-one relationship in RES or IK and encryption key, if both RES or IK are unified, prove that then videoconference server is identical with the encryption key of terminal, videoconference server sends to terminal with ACK message, unified with notice terminal encryption key agreement, can begin to carry out coded communication; If both RES or IK disunity, the encryption key that then proves videoconference server and terminal is inequality, and videoconference server sends to terminal with NACK message, with notice terminal encryption key disunity, need return step 205, restart to carry out the media formats negotiations process.
Here, the skimble-scamble reason of the RES of described terminal and videoconference server or IK may be issued in the process of videoconference server for the message that: terminal will contain RES or IK and be maliciously tampered.
Step 209: terminal is carried out both sides' coded communication with videoconference server after receiving unified comparative result;
Be specially: encryption key and cryptographic algorithm that the terminal utilization is consulted to determine are encrypted local video data, voice data etc., utilize real time transport protocol (RTP) to pack encrypted data, and send to videoconference server; For the data that videoconference server is sent, terminal is play after with the data decryption of receiving.
The system configuration schematic diagram that Fig. 3 encrypts videoconference data for terminal of the present invention, as shown in Figure 3, this system comprises: terminal and videoconference server; Wherein,
Described terminal, be used to carry out and videoconference server between authentication operations, and in authentication process, produce AUTN; Determine by carry out after the authentication and videoconference server between the media formats negotiation, and calculate encryption key in conjunction with the RAND that AUTN and videoconference server are sent out; Carry out the negotiation of encryption key and cryptographic algorithm with videoconference server, determine that negotiation is carried out after reunification and videoconference server between coded communication;
Described videoconference server is used to carry out the authentication operations with terminal room; Determine that terminal passes through to carry out after the authentication media formats negotiation with terminal room, the media formats that carries RAND is consulted request send to terminal; Carry out the negotiation of encryption key and cryptographic algorithm with terminal, determine that negotiation carries out the coded communication with terminal room after reunification.
Here, the authentication operations between described terminal execution and videoconference server, and in authentication process, produce AUTN, be specially:
Generate to participate in the required user name of video conference, initiate register requirement to videoconference server afterwards, receive that carrying out the authentication computing after the authentication notice of videoconference server obtains preserving behind the AUTN, and notify videoconference server AUTN.
Described terminal is further used for determining by after the authentication, re-execute and videoconference server between authentication operations; Accordingly,
Described videoconference server is further used for determining that terminal not by after the authentication, re-executes the authentication operations with terminal room.
Described terminal, when being further used for determining to consult disunity with the encryption key of videoconference server, re-execute and videoconference server between the media formats negotiation; Accordingly,
Described videoconference server when being further used for the encryption key negotiation disunity of definite and terminal, re-executes the media formats negotiation with terminal room.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a terminal is carried out method of encrypting to videoconference data, it is characterized in that, this method comprises:
Terminal with the videoconference server authentication process in produce network authentication token AUTN, after the authentication success, videoconference server request and terminal are carried out media formats and are consulted, employing Session Description Protocol SDP is a negotiation mechanism, and the capable m of SDP medium is expanded; M=SEC 0 DES of described expansion gained IDEA RC2 RC4 RC5 RAND;
Terminal is carried out the media formats negotiation after receiving request, and in conjunction with the random password RAND among the m entrained in the request and AUTN utilization AKA algorithm computation RES, encryption key CK and IK; The cryptographic algorithm notice videoconference server that terminal will be calculated the value RES corresponding with encryption key CK of gained or IK and be supported;
Videoconference server will be made comparisons in conjunction with the value that the value RES corresponding with encryption key CK of random password RAND and AUTN utilization AKA algorithm computation gained or IK and terminal are sent out, and notify terminal with comparative result, when determining that comparative result is unified, begin to carry out both sides' coded communication;
Wherein, the production process of described AUTN is: terminal sends a request message to its inner user identification module SIM, request obtains the Electronic Serial Number ESN of SIM, after terminal is received the ESN that SIM returns, adopt Digest mechanism that the authentication computing is carried out in the title and the IP address of ESN, videoconference server, terminal calculates 128 response response, and described response is AUTN;
Need during described SEC presentation medium format negotiation hold consultation to encryption key; The negotiation message that described 0 expression videoconference server will be carried m is issued terminal; Described DES, IDEA, RC2, RC4 and RC5 represent dissimilar cryptographic algorithm respectively.
2. terminal according to claim 1 is carried out method of encrypting to videoconference data, it is characterized in that, in described terminal and the videoconference server authentication process, further comprises:
Behind the failed authentication, terminal re-execute and videoconference server between authentication operations.
3. terminal according to claim 1 and 2 is carried out method of encrypting to videoconference data, it is characterized in that, described videoconference server will be calculated in the process that value that the value RES corresponding with encryption key CK of gained or IK and terminal send out makes comparisons, and also comprise:
If value RES that terminal is corresponding with the encryption key CK of videoconference server or the comparative result disunity of IK, then terminal re-execute and videoconference server between the media formats negotiation.
4. terminal according to claim 1 and 2 is carried out method of encrypting to videoconference data, it is characterized in that, described terminal and videoconference server are carried out the process of authentication, are specially:
Terminal generates participates in the required user name of video conference, initiates register requirement according to user name to videoconference server afterwards, and videoconference server notice terminal need be carried out authentication;
Terminal is carried out the authentication computing and is obtained preserving behind the AUTN, and notifies videoconference server with AUTN;
Videoconference server is carried out authentication to the AUTN that receives, will determine that information returns to terminal when determining the authentication success.
5. the system that terminal is encrypted videoconference data is characterized in that, this system comprises: terminal and videoconference server; Wherein,
Described terminal, be used to carry out and videoconference server between authentication operations, and in authentication process, produce network authentication token AUTN; Determine to pass through authentication, and after receiving the request that videoconference server is sent out, carry out and videoconference server between the media formats negotiation, and the random password RAND that sends out among the m entrained in asking in conjunction with AUTN and videoconference server uses AKA algorithm computation RES, encryption key CK and IK; And the cryptographic algorithm notice videoconference server that will calculate the value RES corresponding of gained or IK and be supported with encryption key CK, receive the comparative result that videoconference server sends out unified after, carry out and videoconference server between coded communication;
Described videoconference server is used to carry out the authentication operations with terminal room; Request is carried out the media formats negotiation with terminal, and adopting Session Description Protocol SDP is negotiation mechanism, and the capable m of SDP medium is expanded; M=SEC 0 DES of described expansion gained IDEA RC2 RC4 RC5 RAND; The value RES corresponding of the calculating gained that receiving terminal is sent out or IK and the cryptographic algorithm of being supported with encryption key CK;
Also be used for and make comparisons in conjunction with the value that the value RES corresponding with encryption key CK of random password RAND and AUTN utilization AKA algorithm computation gained or IK and terminal are sent out, and notify terminal with comparative result, when determining that comparative result is unified, begin to carry out both sides' coded communication;
Wherein, the process that described terminal produces AUTN is: send a request message to its inner user identification module SIM, request obtains the Electronic Serial Number ESN of SIM, after receiving the ESN that SIM returns, adopt Digest mechanism that the authentication computing is carried out in the title and the IP address of ESN, videoconference server, obtain 128 response response, described response is AUTN;
Need during described SEC presentation medium format negotiation hold consultation to encryption key; The negotiation message that described 0 expression videoconference server will be carried m is issued terminal; Described DES, IDEA, RC2, RC4 and RC5 represent dissimilar cryptographic algorithm respectively.
6. the system that terminal according to claim 5 is encrypted videoconference data is characterized in that, described terminal is further used for determining by after the authentication, re-execute and videoconference server between authentication operations; Accordingly,
Described videoconference server is further used for determining that terminal not by after the authentication, re-executes the authentication operations with terminal room.
7. the system of videoconference data being encrypted according to claim 5 or 6 described terminals, it is characterized in that, described terminal, when being further used for determining the comparative result disunity of value RES corresponding or IK with the encryption key CK of videoconference server, re-execute and videoconference server between the media formats negotiation; Accordingly,
Described videoconference server when being further used for determining the comparative result disunity of value RES corresponding with the encryption key CK of terminal or IK, re-executes the media formats negotiation with terminal room.
8. the system of videoconference data being encrypted according to claim 5 or 6 described terminals is characterized in that, described terminal carry out and videoconference server between authentication operations, and in authentication process, produce AUTN, be specially:
Generate to participate in the required user name of video conference, initiate register requirement to videoconference server afterwards, receive that carrying out the authentication computing after the authentication notice of videoconference server obtains preserving behind the AUTN, and notify videoconference server AUTN.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910090587 CN101635823B (en) | 2009-08-27 | 2009-08-27 | Method and system of terminal for encrypting videoconference data |
| PCT/CN2010/072870 WO2011022999A1 (en) | 2009-08-27 | 2010-05-18 | Method and system for encrypting video conference data by terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910090587 CN101635823B (en) | 2009-08-27 | 2009-08-27 | Method and system of terminal for encrypting videoconference data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101635823A CN101635823A (en) | 2010-01-27 |
| CN101635823B true CN101635823B (en) | 2011-09-21 |
Family
ID=41594859
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910090587 Active CN101635823B (en) | 2009-08-27 | 2009-08-27 | Method and system of terminal for encrypting videoconference data |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101635823B (en) |
| WO (1) | WO2011022999A1 (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635823B (en) * | 2009-08-27 | 2011-09-21 | 中兴通讯股份有限公司 | Method and system of terminal for encrypting videoconference data |
| CN102594794B (en) * | 2011-12-24 | 2015-04-29 | 华为技术有限公司 | Access method and device of media encryption conference |
| CN102647420A (en) * | 2012-03-31 | 2012-08-22 | 苏州阔地网络科技有限公司 | Control method and system for preventing illegal connection |
| CN104753870B (en) * | 2013-12-30 | 2018-09-28 | 中国移动通信集团公司 | a kind of data transmission method and system |
| CN103914541B (en) * | 2014-04-03 | 2017-08-01 | 小米科技有限责任公司 | The method and device of information search |
| CN105246070A (en) * | 2014-06-17 | 2016-01-13 | 中兴通讯股份有限公司 | Encryption processing method and encryption processing device for communication |
| CN105205645A (en) * | 2014-06-30 | 2015-12-30 | 江苏韦度一号信息科技有限公司 | Digital office system |
| CN104579628B (en) * | 2015-01-07 | 2017-10-17 | 中国人民解放军国防科学技术大学 | Audio conferencing security system and time slot scrambling |
| CN107026830A (en) * | 2016-02-02 | 2017-08-08 | 上海格尔软件股份有限公司 | The safety method that a kind of application program is upgraded automatically |
| CN105959264A (en) * | 2016-04-25 | 2016-09-21 | 四川联友电讯技术有限公司 | Method for improving information security of fragmentized asynchronous conference system |
| CN107426521A (en) * | 2016-05-24 | 2017-12-01 | 中兴通讯股份有限公司 | A kind of video call method and terminal |
| CN107124266B (en) * | 2017-03-07 | 2020-10-27 | 苏州科达科技股份有限公司 | Video communication system and method based on quantum encryption |
| CN107948676A (en) * | 2017-12-08 | 2018-04-20 | 苏州科达科技股份有限公司 | Method of transmitting video data and device |
| CN108055262B (en) * | 2017-12-11 | 2020-08-18 | 苏州科达科技股份有限公司 | Video conference terminal registration method, terminal and gatekeeper |
| CN108833943B (en) * | 2018-04-24 | 2020-12-08 | 苏州科达科技股份有限公司 | Code stream encryption negotiation method and device and conference terminal |
| CN109041205A (en) * | 2018-08-23 | 2018-12-18 | 刘高峰 | Client registers method, apparatus and system |
| CN110602432B (en) * | 2019-08-23 | 2021-01-26 | 苏州米龙信息科技有限公司 | Conference system based on biological recognition and conference data transmission method |
| CN112016082B (en) * | 2020-10-26 | 2021-01-22 | 成都掌控者网络科技有限公司 | Authority list safety control method |
| CN112672098B (en) * | 2020-12-30 | 2022-09-20 | 北京真视通数字科技有限公司 | Cloud video conference encryption method, device and system |
| CN113347215B (en) * | 2021-08-09 | 2021-10-01 | 北京电信易通信息技术股份有限公司 | Encryption method for mobile video conference |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859087A (en) * | 2005-12-30 | 2006-11-08 | 华为技术有限公司 | Key consulting method and its system for customer end and server |
| CN101197673A (en) * | 2006-12-05 | 2008-06-11 | 中兴通讯股份有限公司 | Fixed network access into IMS bidirectional authentication and key distribution method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1626598A1 (en) * | 2004-06-21 | 2006-02-15 | Axalto SA | Method for securing an authentication and key agreement protocol |
| CN101176296A (en) * | 2005-03-11 | 2008-05-07 | 艾利森电话股份有限公司 | Network assisted terminal to SIMM/UICC key establishment |
| CN101635823B (en) * | 2009-08-27 | 2011-09-21 | 中兴通讯股份有限公司 | Method and system of terminal for encrypting videoconference data |
-
2009
- 2009-08-27 CN CN 200910090587 patent/CN101635823B/en active Active
-
2010
- 2010-05-18 WO PCT/CN2010/072870 patent/WO2011022999A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859087A (en) * | 2005-12-30 | 2006-11-08 | 华为技术有限公司 | Key consulting method and its system for customer end and server |
| CN101197673A (en) * | 2006-12-05 | 2008-06-11 | 中兴通讯股份有限公司 | Fixed network access into IMS bidirectional authentication and key distribution method |
Non-Patent Citations (1)
| Title |
|---|
| 刘峰等.3G认证与密钥分配协议的改进.《计算机工程与设计》.2006,第27卷(第14期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011022999A1 (en) | 2011-03-03 |
| CN101635823A (en) | 2010-01-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101635823B (en) | Method and system of terminal for encrypting videoconference data | |
| US7676041B2 (en) | Method for creating and distributing cryptographic keys in a mobile radio system and corresponding mobile radio system | |
| KR101461455B1 (en) | Authentication method, system and device | |
| CN101102185B (en) | Media security for IMS session | |
| WO2015180654A1 (en) | Method and apparatus for achieving secret communications | |
| CN101379802B (en) | Method and device for the encoded transmission of media data between the media server and the subscriber terminal | |
| US8990563B2 (en) | Sending protected data in a communication network | |
| CN101449510B (en) | Method and devices for encoding and decoding media data | |
| CN101719825A (en) | Method and system for realizing safe bifurcation call session in IP multimedia subsystem | |
| CN101222320B (en) | Method, system and device for media stream safety context negotiation | |
| CN104683098A (en) | Implementation method, equipment and system of secure communication service | |
| CN101227272A (en) | System and method for obtaining media stream protection cryptographic key | |
| CN108833943A (en) | The encrypted negotiation method, apparatus and conference terminal of code stream | |
| EP3248355B1 (en) | Enhanced establishment of ims session with secure media | |
| CN100544247C (en) | The negotiating safety capability method | |
| WO2017197968A1 (en) | Data transmission method and device | |
| CN102025485B (en) | Key negotiation method, key management server and terminal | |
| Chen et al. | An efficient end-to-end security mechanism for IP multimedia subsystem | |
| CN101222612A (en) | Method and system for safely transmitting media stream | |
| CN105827661B (en) | Method and device for secure communication | |
| Traynor et al. | Vulnerabilities in Voice over IP | |
| Alsmairat | Securing SIP in VoIP Domain | |
| WO2008083620A1 (en) | A method, a system and an apparatus for media flow security context negotiation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |