CN108696512A - Across encrypted bit stream machinery of consultation, device and the conference facility of agreement - Google Patents
Across encrypted bit stream machinery of consultation, device and the conference facility of agreement Download PDFInfo
- Publication number
- CN108696512A CN108696512A CN201810374991.8A CN201810374991A CN108696512A CN 108696512 A CN108696512 A CN 108696512A CN 201810374991 A CN201810374991 A CN 201810374991A CN 108696512 A CN108696512 A CN 108696512A
- Authority
- CN
- China
- Prior art keywords
- signaling
- encrypted
- conference terminal
- agreement
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
- H04L65/403—Arrangements for multi-party communication, e.g. for conferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
Abstract
The invention discloses a kind of encrypted bit stream machinery of consultation, device and conference facility across agreement, wherein method includes:Receive the first protocol connection request signaling of the first conference terminal transmission;Second protocol connection request signaling is sent to the second conference terminal;Receive second protocol first signaling of second conference terminal based on the second protocol connection request signaling feedback;It preserves the principal and subordinate to determine, first the first signaling of agreement is sent to first conference terminal;Receive first the second signaling of agreement that first conference terminal is sent.The control that the present invention passes through interaction sequential, communicating pair is enable to negotiate code stream key, the conversion of part is encrypted to different agreement can realize the coded communication between different agreement, ensure that in same video conferencing system using the coded communication that can realize code stream between the conference terminal of different communication protocol.
Description
Technical field
The present invention relates to video conferencing technology fields, and in particular to a kind of across the encrypted bit stream machinery of consultation of agreement, device
And conference facility.
Background technology
In recent years, under the promotion of Internet rapid developments, people are to safe efficient, belt-tightening video conference
System is increasingly paid close attention to.Video conferencing system links up the conference terminal in two or more places by network, makes to be in different
The member on ground can discuss with regard to same subject under discussion, can not only hear the sound of spokesman between each other but also can also be seen that
The image and background of spokesman, while the information such as data, word, chart in relation to subject under discussion can also be exchanged.In video
In every technology of conference system, protocol technology is undoubtedly one of core technology.
However, in video conferencing system each conference terminal difference, can cause each conference terminal carry out audio and video
When bit stream, the signaling protocol of the audio-video code stream format negotiated is different;It will appear in same video conferencing system
Audio-video code stream is transmitted using the signaling protocol of multiple format, influences the effect of video conference.
In the prior art, for solve code stream between different agreement to logical, defined in some standards non-encrypted to logical
Scheme.For example, in video conferencing system frequently with session initiation protocol (Session Initiation Protocol,
Referred to as SIP) and H.323 agreement, wherein RFC4123 " Session Initiation Protocol (SIP)-
H.323Interworking Requirements " is that IETF2005 is formally announced July, define gateway H.323 and
Intercommunication operation is completed between SIP.
But the transmission of code stream is typically all to be realized to logical scheme using non-encrypted between multi-protocols in the prior art
, it is relatively low across the safety of agreement bit stream.And with the fast development of the communication technology, requirement of the people to safety is more next
It is higher, it is non-encrypted that demand of the people to across agreement bit stream safety has been unable to logical scheme.
Invention content
In view of this, an embodiment of the present invention provides a kind of encrypted bit stream machinery of consultation, device and meetings across agreement to set
It is standby, to solve the problems, such as that across agreement bit stream safety is low.
According in a first aspect, an embodiment of the present invention provides a kind of encrypted bit stream machineries of consultation across agreement, including:It receives
The first protocol connection request signaling that first conference terminal is sent carries encrypted bit stream in the first protocol connection request signaling
Information and encrypted first code stream key;
Second protocol connection request signaling is sent to the second conference terminal, is carried in the second protocol connection request signaling
The encrypted bit stream information and the encrypted first code stream key;
Second protocol first of second conference terminal based on the second protocol connection request signaling feedback is received to believe
It enables, the first signaling of the second protocol carries principal and subordinate's decision and first message body, and the first message body includes negotiating
Encrypted bit stream information and encrypted encrypted bit stream information;
It preserves the principal and subordinate to determine, first the first signaling of agreement, first agreement is sent to first conference terminal
First signaling carries the first message body;
First the second signaling of agreement that first conference terminal is sent is received, second signaling of the first agreement is used for table
Show the end that encrypted bit stream is negotiated.
The present invention carries out encrypted bit stream information and code stream key between the conference terminal using different agreement communication
Negotiate (the first agreement is corresponding with the first conference terminal, and second protocol is corresponding with the second conference terminal), and is determined according to principal and subordinate's message
Use the subsequent code stream of code stream key pair of which conference terminal to be encrypted surely;That is the control of the invention by interaction sequential,
Communicating pair is enable to negotiate code stream key and encrypted bit stream information, and the conversion by encrypting part to different agreement
It can realize the coded communication between different agreement, ensure that the meeting for using different communication protocol in same video conferencing system
The coded communication that code stream can be realized between view terminal realizes the safety across agreement to logical.
With reference to first aspect, in first aspect first embodiment, first for receiving the first conference terminal and sending
Before the step of protocol connection request signaling, further include:
Registration request is sent to server, public key is carried in the registration request;
The version number using main cipher table and the main cipher table after the public key encryption that server is sent is received,
Wherein, the master key in the main cipher table is corresponded with label;
The encrypted main cipher table is decrypted using private key corresponding with the public key, obtains the main password
Table.
The present invention is to add by sending public key, i.e., the master key table obtained from server end registration when to server registration
Close form, the reliability of master key table transmission is ensure that, to further improve the safety of master key.
First embodiment with reference to first aspect, in first aspect second embodiment, the encrypted bit stream packet
Include the version number of the main cipher table of the first conference terminal;
Before described the step of sending second protocol connection request signaling to the second conference terminal, further include:
Judge whether the version number of the main cipher table of the first conference terminal matches with the version number of itself main cipher table;
When the version number of itself main cipher table and the version number of the main cipher table of the first conference terminal mismatch, according to
The height of version number re-starts registration to the server, to update the version number.
The present invention is by before encrypted bit stream information reconciliation, by matching master key table, to ensure that communicating pair uses
Be same main cipher table, can ensure that both sides according to label are same master keys, so as to correctly decrypt code
Stream secrete key.
Second embodiment with reference to first aspect, in first aspect third embodiment, the encrypted bit stream information is also
Including:Several Encryption Algorithm and the first label, first label in the main cipher table for uniquely determining the master
Key.
Third embodiment with reference to first aspect, in the 4th embodiment of first aspect, after the encryption negotiated
Code stream key, including:
When first conference terminal is main, the encrypted code stream key is determined by encrypted code stream key;
Or,
When first conference terminal be from when, the encrypted code stream key is believed by the encrypted bit stream that negotiates
The second code stream secrete key that breath and second conference terminal generate determines.
In the encryption rule of the second protocol of the present invention, code stream key is determined by master (master), therefore, encrypted code
Stream secrete key realizes the negotiation of code stream key by interaction twice;Specifically, after obtaining principal and subordinate's message, which final decision uses
The code stream key of side;By timing control, the negotiation of code stream key can be realized between different agreements.
According to second aspect, the embodiment of the present invention additionally provides a kind of encrypted bit stream machinery of consultation across agreement, including:
The second protocol connection request signaling for receiving the transmission of the second conference terminal, in the second protocol connection request signaling
Carry encrypted bit stream information;
The first protocol connection request signaling is sent to the first conference terminal, is carried in the first protocol connection request signaling
The encrypted bit stream information;
Receive first agreement second letter of first conference terminal based on the first protocol connection request signaling feedback
It enables, second signaling of the first agreement carries second message body, and the second message body includes the encrypted bit stream information negotiated
And encrypted first code stream key;
The first signaling of second protocol is sent to second conference terminal, the first signaling of the second protocol carries the association
The encrypted bit stream information and the encrypted first code stream key that quotient goes out;
Receive second protocol second signaling of second conference terminal based on the first signaling feedback of the second protocol, institute
It states the second signaling of second protocol and carries the encrypted code stream key negotiated and principal and subordinate's decision;
It preserves the principal and subordinate to determine, second protocol third signaling, the second protocol is sent to first conference terminal
Third signaling is used to indicate the end that encrypted bit stream is negotiated.
The present invention carries out encrypted bit stream information and code stream key between the conference terminal using different agreement communication
Negotiate, and determines to be encrypted using the subsequent code stream of code stream key pair of which conference terminal according to principal and subordinate's message;That is this hair
The bright control by interaction sequential so that communicating pair can negotiate code stream key and encrypted bit stream information, and by right
The conversion of different agreement encryption part can realize the coded communication between different agreement, ensure that in same video conferencing system
The coded communication that code stream can be realized between the middle conference terminal using different communication protocol, the safety realized across agreement are right
It is logical.
According to the third aspect, an embodiment of the present invention provides a kind of encrypted bit stream consulting devices across agreement, including:
First receiving module, the first protocol connection request signaling for receiving the transmission of the first conference terminal, described first
Encrypted bit stream information and several encrypted first code stream keys are carried in protocol connection request signaling;
First sending module, for sending second protocol connection request signaling, the second protocol to the second conference terminal
The encrypted bit stream information and the encrypted first code stream key are carried in connection request signaling;
Second receiving module is based on the second protocol connection request signaling feedback for receiving second conference terminal
The first signaling of second protocol, the first signaling of the second protocol carry principal and subordinate determine and first message body, described first disappears
It includes the encrypted bit stream information negotiated and encrypted encrypted bit stream information to cease body;
Second sending module, determines for preserving the principal and subordinate, and the first agreement first is sent to first conference terminal
Signaling, first signaling of the first agreement carry the first message body;
Third receiving module, first the second signaling of agreement sent for receiving first conference terminal, described first
The second signaling of agreement is used to indicate the end that encrypted bit stream is negotiated.
According to fourth aspect, an embodiment of the present invention provides a kind of encrypted bit stream consulting devices across agreement, including:
4th receiving module, the second protocol connection request signaling for receiving the transmission of the second conference terminal, described second
Encrypted bit stream information is carried in protocol connection request signaling;
Third sending module, for sending the first protocol connection request signaling, first agreement to the first conference terminal
The encrypted bit stream information is carried in connection request signaling;
5th receiving module is based on the first protocol connection request signaling feedback for receiving first conference terminal
First the second signaling of agreement, second signaling of the first agreement carries second message body, and the second message body includes negotiating
The encrypted bit stream information gone out and encrypted first code stream key;
4th sending module, for sending the first signaling of second protocol, the second protocol to second conference terminal
The encrypted bit stream information negotiated described in the carrying of first signaling and the encrypted first code stream key;
6th receiving module, for receiving second conference terminal based on the first signaling feedback of the second protocol
Two the second signalings of agreement, the second signaling of the second protocol carries the encrypted code stream key negotiated and principal and subordinate determines;
5th sending module, determines for preserving the principal and subordinate, and second protocol third is sent to first conference terminal
Signaling, the second protocol third signaling are used to indicate the end that encrypted bit stream is negotiated.
According to the 5th aspect, an embodiment of the present invention provides a kind of conference facilities, including:Memory and processor, it is described
Connection is communicated between memory and the processor, computer instruction is stored in the memory, and the processor is logical
It crosses and executes the computer instruction, to execute any one embodiment or second aspect of first aspect or first aspect
Described in the encrypted bit stream machinery of consultation across agreement.
It is described computer-readable an embodiment of the present invention provides a kind of computer readable storage medium according to fourth aspect
Storage medium stores computer instruction, and the computer instruction is for making the computer execute first aspect or first aspect
Any one embodiment or second aspect described in the encrypted bit stream machinery of consultation across agreement.
Description of the drawings
The features and advantages of the present invention can be more clearly understood by reference to attached drawing, attached drawing is schematically without that should manage
Solution is carries out any restrictions to the present invention, in the accompanying drawings:
Fig. 1 shows the method stream that one of the encrypted bit stream machinery of consultation across agreement in the embodiment of the present invention specifically illustrates
Cheng Tu;
Fig. 2 shows a sides specifically illustrated across the encrypted bit stream machinery of consultation of agreement in another embodiment of the present invention
Method flow chart;
Fig. 3 shows a side specifically illustrated of the encrypted bit stream machinery of consultation across agreement in another embodiment of the present invention
Method flow chart;
Fig. 4 shows that the first conference terminal master in the embodiment of the present invention exhales the interaction diagrams of the second conference terminal;
Fig. 5 shows that the first conference terminal master in another embodiment of the present invention exhales the interaction diagrams of the second conference terminal;
Fig. 6 shows that the second conference terminal master in the embodiment of the present invention exhales the interaction diagrams of the first conference terminal;
Fig. 7 is to show that main exhale carrying SDP one specifically shows in sip terminal call encryption flow in the embodiment of the present invention
The method flow diagram of meaning;
Fig. 8 be show in the embodiment of the present invention in sip terminal call encryption flow it is main exhale one that does not carry SDP it is specific
The method flow diagram of signal;
Fig. 9 shows a flow specifically illustrated of gateway registration in the embodiment of the present invention;
Figure 10 shows that sip server in the embodiment of the present invention updates the stream specifically illustrated of main cipher table to gateway
Journey;
Figure 11 shows that sip terminal master in the embodiment of the present invention exhales a flow specifically illustrated of H.323 terminal;
Figure 12 shows that H.323 terminal master exhales a flow specifically illustrated of sip terminal in the embodiment of the present invention;
Figure 13 shows a structure specifically illustrated of the encrypted bit stream consulting device across agreement in the embodiment of the present invention
Figure;
Figure 14 shows what one of the encrypted bit stream consulting device across agreement in another embodiment of the present invention specifically illustrated
Structure chart;
Figure 15 shows a structure chart specifically illustrated of conference facility in the embodiment of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those skilled in the art are not having
There is the every other embodiment obtained under the premise of making creative work, shall fall within the protection scope of the present invention.
It should be noted that the first conference terminal in the present invention is based on the first protocol communication, the second conference terminal base
In second protocol communication, the first agreement is different from second protocol.In addition, the first code stream key generates for the first conference terminal
, second code stream secrete key is what the second conference terminal generated.
Wherein, technical scheme of the present invention includes following concept:
Master key:For encrypting the key of audio-video code stream key.
Main cipher table:Exactly one set for having multiple master key tables, there are one No. mki for each master key in set
To correspond to.
Sip terminal:Indicate the terminal or MCU using Session Initiation Protocol;
H.323 terminal:Indicate the terminal or MCU using H.323 agreement.
H.323-SIP gateway:It indicates to carry out the gateway that H.323 agreement and Session Initiation Protocol are converted mutually.
Technical scheme of the present invention includes following abbreviation:
EAn:The algorithm set of all supports, such as:3DES, AES128, AES256 etc..
EAx:Selected Encryption Algorithm selects a kind of Encryption Algorithm as EAx in EAn.
EKn:Shi Yong [EAn, Zhu Miyao ]Encrypt the set after code stream secret key.
EKx:Shi Yong [EAx, Zhu Miyao ]Encrypt the value after code stream secret key.
ver:Main cipher table version number is made of main cipher table generated time+ID.For confirming master that communicating pair uses
Cipher table is consistent.
mki:Master key in main cipher table is No. id corresponding, is a non-zero positive integer, and identical main cipher table corresponds to
Mki possess identical master key.If mki is 0, shows the key without master key table, just given tacit consent to all products
A master key.
The present invention realizes that the coded communication between the conference terminal of different agreement specifically passes through meeting by conference facility
The sequential that equipment controls interacting message between conference terminal is discussed, and agreement encryption part is converted so that in same meeting
In system, can realize information across protocol security to logical.
Fig. 1 shows that the flow of the encrypted bit stream machinery of consultation across agreement in the embodiment of the present invention, this method include:
S101 receives the first protocol connection request signaling that the first conference terminal is sent.
Conference facility receives the first protocol connection request signaling that the first conference terminal is sent in the present invention, in the first agreement
Encrypted bit stream information and encrypted first code stream key are carried in connection request signaling.Wherein, the corresponding company of different agreement
It is different to connect the content carried in demand signalling and connection request signaling.For example, for Session Initiation Protocol, connection request signaling is
INVITE, corresponds to H.323 agreement, and connection request signaling is setup.
Conference facility is after receiving connection request signaling, by the analysis of the agreement construction to connection request signaling, just
It can obtain agreement used by connection request signaling.Used by conference facility determines connection request signaling after agreement
(in the present embodiment, determine that agreement used by connection request signaling is the first agreement, what as the first conference terminal was sent
The connection request signaling), it extracts the encrypted bit stream information carried in connection request signaling and encrypted first code stream is close
Key.
Wherein, the first code stream key and the first protocol connection request signaling are corresponding with the first conference terminal.Specifically,
One conference terminal generates the first code stream key, after being encrypted using encrypted bit stream information pair the first code stream key, is formed encrypted
First code stream key.
Due in encrypted bit stream information there may be multiple information that code stream is encrypted, after being formed and encrypting
Code stream key when, need to be encrypted to get to after several encryptions using all encryption information pair the first code stream keys
The first code stream key.Therefore, carried in the first protocol connection request signaling several encrypted first code stream keys and
Encrypted bit stream information.
S102 sends second protocol connection request signaling to the second conference terminal.
Due in connection request signaling encrypted bit stream information and encrypted first code stream key be with the first agreement
Signaling format indicate, conference facility after the encrypted bit stream information and encrypted first code stream key extracted, need
It is converted, encrypted bit stream information and encrypted first code stream key is converted into the signaling format of second protocol.
Conference facility will pass through transformed encrypted bit stream information and encrypted first code stream key, carry second
In protocol connection request signaling, it is sent to the second conference terminal.
S103 receives second protocol first signaling of second conference terminal based on second protocol connection request signaling feedback.
Wherein, the first signaling of second protocol carries principal and subordinate's decision and first message body, and first message body includes the first master
From message and the encrypted bit stream information negotiated.In addition, the first agreement and the main body of second protocol are that several signalings is real
Body, these entities exchange information by process as defined in agreement with the signaling entity of opposite end, to realize the communication between terminal
Control.That is, principal and subordinate be determined as the corresponding signaling entity of second protocol by the form of message determine master terminal in session and from
Terminal, so as not in subsequent communication process generate conflict and without solution.
Second conference terminal is after the second protocol connection request signaling for receiving conference facility transmission, from the connection request
Encrypted bit stream information is extracted in signaling, and is held consultation to the encrypted bit stream information, and the encrypted bit stream information negotiated is formed.
Meanwhile second conference terminal negotiate principal and subordinate's decision, and determined according to principal and subordinate and the encrypted bit stream that negotiates is believed
Breath, negotiates encrypted code stream key.
Second conference terminal is by the encrypted bit stream information negotiated and the encrypted code stream key negotiated with first
The form of message body carries in the first signaling of second protocol, is sent to conference facility;In addition, in the first signaling of second protocol
Also carry principal and subordinate's decision.
S104, preserves principal and subordinate and determines, first the first signaling of agreement is sent to the first conference terminal.
Wherein, first the first signaling of agreement carries first message body.Conference facility is receiving the transmission of the second conference terminal
The first signaling of second protocol when, preserve principal and subordinate therein and determine.In addition, will also be carried in the first signaling of second protocol first
Message body is converted into the signaling format of the first agreement, and carrying is sent to the progress of the first conference terminal in first the first signaling of agreement
Confirm.
S105 receives first the second signaling of agreement that the first conference terminal is sent.
Wherein, first the second signaling of agreement is used to indicate the end that encrypted bit stream is negotiated.
The present embodiment carries out encrypted bit stream information and code stream key between the conference terminal using different agreement communication
Negotiation (the first agreement is corresponding with the first conference terminal, and second protocol is corresponding with the second conference terminal), and according to principal and subordinate's message
Which determine to be encrypted using the subsequent code stream of code stream key pair of conference terminal;The control that i.e. present invention passes through interaction sequential
System so that communicating pair can negotiate code stream key and encrypted bit stream information, and by encrypting part to different agreement
Conversion can realize the coded communication between different agreement, ensure that and use different communication protocol in same video conferencing system
Conference terminal between can realize the coded communication of code stream, realize the safety across agreement to logical.
During subsequent communications, the first conference terminal and the second conference terminal are using the encrypted bit stream negotiated
The encrypted code stream key negotiated is decrypted in information, with the code stream key negotiated.First conference terminal with
And second conference terminal audio-video code stream is added using the code stream key negotiated and the encrypted bit stream information negotiated
Communication that is close, being directly encrypted.Wherein, the first conference terminal and the second conference terminal can directly be encrypted logical
Letter can also pass through conference facility and carry out transfer.When carrying out direct coded communication between conference terminal, it is necessary in code stream plus
In close negotiations process, the address of both sides conference terminal is taken.
In some optional embodiments of the present embodiment, the first agreement is Session Initiation Protocol, and the first conference terminal is SIP whole
End;Second protocol is that H.323 agreement, the second conference terminal are H.323 terminal.
Fig. 2 shows in another embodiment of the present invention across the flow chart of the encrypted bit stream machinery of consultation of agreement, this method packet
It includes:
S201 sends registration request to server.
Conference facility in the present embodiment is equivalent to the first agreement when with the first conference terminal with the first protocol communication
Terminal;When being communicated with second protocol with the second conference terminal, it is equivalent to the terminal of second protocol.Therefore, conference facility with
Before conference terminal carries out information exchange, need to be registered accordingly respectively.Wherein, correspond to second protocol, conference terminal
Rule when being registered to server according to second protocol carries out, and obtains register name and registered address.
Corresponding to the first agreement, conference facility sends registration request to server, to obtain master key table, while registering
Public key is carried in request.In conference facility, it is stored with private key corresponding with the public key.In conference facility for the first time to service
After device sends registration request, it is stored with the public key of corresponding conference facility in server, when subsequently being registered again, is not required to
Public key is sent, communication bandwidth has been saved.
For example, when the first agreement is Session Initiation Protocol, the registration request that conference facility is sent to server is REGISTER+
Public key, wherein REGISTER is registration request.
S202 receives the version number using main cipher table and main cipher table after public key encryption that server is sent.
Wherein, main cipher table is the set of all master keys, and label is corresponded with master key in main cipher table, i.e., one
A label corresponds to unique master key.
Server is if it is confirmed that main cipher table then can be used public key by conference facility with successful registration when sending 200OK
The conference facility is sent to after encryption.
Specifically, when the first agreement is Session Initiation Protocol, the message body that conference facility receives is after 200OK+ public key encryption
Main cipher table.
Wherein, encrypted main cipher table further includes the version number ver of master key table, and version number ver is by main cipher table
Generated time+ID forms, for confirming whether the main cipher table that communicating pair uses is consistent.For example, the version number of main cipher table
Ver is 20170607+20.
S203 is decrypted using the main cipher table after private key pair encryption corresponding with public key, obtains main cipher table.
Conference facility receives the reply of succeeding in registration of server, then gets master key with the private key decryption message body of oneself
Table.
Optionally, when conference facility first time is to server registration, server reply can provide a rule when succeeding in registration
It fixes time the time limit, conference facility will allow server to know that conference facility is within this time limit again to server registration to reach
Active state, otherwise, overtime not keep-alive registrar will remove the log-on message of conference facility.Conference facility is in rear continuation of insurance
When registration living, it is only necessary to the version number for taking main cipher table, to reduce communication bandwidth.
S204 receives the first protocol connection request signaling that the first conference terminal is sent.
The S101 of embodiment illustrated in fig. 1 is please referred in detail, and details are not described herein.
S205, judges whether the version number of the main cipher table of the first conference terminal matches with the version number of itself main cipher table.
In the present embodiment, encrypted bit stream information includes the version number ver of the main cipher table of the first conference terminal.The version number
Ver is made of main cipher table generated time+ID, for confirming whether the main cipher table that communicating pair uses is consistent.For example, master is close
The version number ver of code table is 20170607+20.
Conference facility needs the version number for judging itself main cipher table and the first meeting before carrying out follow-up interaction
Whether the version number of the main cipher table of terminal is consistent, can ensure to use same master key.
When the version number of the main cipher table of the first conference terminal and the version number of itself main cipher table mismatch, execute
S206;When the version numbers match of the version number of the main cipher table of the first conference terminal and itself main cipher table, S207.
S206 re-starts registration, with more new version number according to the height of version number to server.
Conference facility confirms that itself or the first conference terminal are needed to server again according to the height of version number
It is registered.When the version number of conference facility be less than the first conference terminal version number when, conference facility to server again into
Row registration, to update the version number of itself, then decides whether to continue to this time to call, if receiving, executes S207;Otherwise,
This time connection call request is hung up, connection call request next time is waited for.When the version number of conference facility is higher than the first conference terminal
Version number when, conference facility can hang up this time connection call request and carry reason and be sent to the first conference terminal.Wherein, it takes
The reason of band:It is called again after please updating main cipher table.
Specifically, when the first agreement is Session Initiation Protocol, the connection request signaling (INVITE) that the first conference terminal is sent is taken
The version number of the main cipher table of band is 20170607+20, and conference facility finds that the version number is different with oneself after receiving, such as
The version number of the main cipher table of fruit oneself is higher (for example being 20170608+21), then replying 400 (bad news), and warning is added
Head file (calls) again after please updating main cipher table.First conference terminal is actively re-registered to server to update certainly after receiving
Call-conference equipment again after oneself main cipher table.If conference facility receives the version number for finding oneself main cipher table after INVITE
(for example being 20170606+19) lower than the version number of the first conference terminal, then just to arrive first server update master close for conference facility
After code table, whether reselection continues to receive this time to call.
Optionally, if server will update main cipher table, the newest main cipher table of INFO signaling active push is used
To all terminals registered on that server, the message body of transmission is exactly the master after the public key encryption for using corresponding terminal
Cipher table, and carry reason:Update main cipher table.After terminal receives INFO signalings, updated main cipher table is extracted, and return
Multiple to reply 200OK to server, expression has received updated main cipher table.
S207 sends second protocol connection request signaling to the second conference terminal.
Wherein, encrypted bit stream information and encrypted first code stream key are carried in second protocol connection request signaling.
In the present embodiment, encrypted bit stream information further includes several Encryption Algorithm and the first label, and the first label is used in main cipher table
In uniquely determine master key.Second conference terminal negotiates an Encryption Algorithm from several Encryption Algorithm, corresponding with master key
Label together, form the encrypted bit stream information negotiated.
In addition, several encrypted first code stream keys carried in the connection request signaling that the first conference terminal is sent,
Specifically, after the first conference terminal is using master key and Encryption Algorithm pair the first code stream key encryption, after forming encryption
The first code stream key.
Remaining please refers to the description of the S102 of embodiment illustrated in fig. 1, and details are not described herein.
S208 receives second protocol first signaling of second conference terminal based on second protocol connection request signaling feedback.
Second conference terminal carries out master-slave negotiation after negotiating encrypted bit stream information, generates principal and subordinate and determines.Principal and subordinate determines
It is fixed determine the first conference terminal and the second conference terminal who be it is main, who be from.In addition, defined in second protocol by
Master (master) determines code stream key, therefore is determined according to principal and subordinate, negotiates encrypted code stream key, is divided into the following two kinds feelings
Condition:
When the first conference terminal be it is main when, code stream key is determined by the first conference terminal, i.e., encrypted code stream key by
Several encrypted first code stream keys determine.
When the first conference terminal be from when, code stream key is determined by the second conference terminal, i.e., encrypted code stream key by
The second code stream secrete key that the encrypted bit stream information negotiated and the second conference terminal generate determines.Specifically, the second meeting is whole
End is encrypted second code stream secrete key using the Encryption Algorithm and master key negotiated, forms encrypted code stream key.
The S103 of remaining detailed step embodiment shown in Figure 1, details are not described herein.
S209, preserves principal and subordinate and determines, first the first signaling of agreement is sent to the first conference terminal.
The S104 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S210 receives first the second signaling of agreement that the first conference terminal is sent.
The S105 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
Compared with embodiment illustrated in fig. 1, the present embodiment is before encrypted bit stream information reconciliation, by matching master key table,
To ensure that communicating pair uses same main cipher table, it can ensure that both sides according to label are same master keys, to
Code stream key can correctly be decrypted.
Fig. 3 shows the flow chart of the encrypted bit stream machinery of consultation across agreement in another embodiment of the present invention, this method packet
It includes:
S301 receives the second protocol connection request signaling that the second conference terminal is sent.
Wherein, encrypted bit stream information is carried in second protocol connection request signaling, does not carry encrypted code stream key.
Conference facility, can the company of obtaining by the analysis of the agreement construction to connection request signaling after receiving connection request signaling
Connect agreement used by demand signalling.(in this implementation after agreement used by conference facility determines connection request signaling
In example, determine that agreement used by connection request signaling is second protocol, second association that as the second conference terminal is sent
Discuss connection request signaling), extract the encrypted bit stream information carried in connection request signaling.
S302 sends the first protocol connection request signaling to the first conference terminal.
Wherein, encrypted bit stream information is carried in second protocol connection request signaling.With the S102 classes of embodiment illustrated in fig. 1
Seemingly, conference facility to the first conference terminal send the first protocol connection request signaling before, need to encrypted bit stream information into
Row conversion, that is, be converted into the signaling format of the first agreement.
S303 receives first agreement second signaling of first conference terminal based on the first protocol connection request signaling feedback.
Wherein, first the second signaling of agreement carries second message body, and second message body includes the encrypted bit stream letter negotiated
Breath and encrypted first code stream key.
First code stream key is generated by the first conference terminal;First conference terminal negotiates encrypted bit stream information first, then
It is encrypted using encrypted bit stream information pair the first code stream key negotiated, forms encrypted first code stream key.
First conference terminal disappears the encrypted bit stream information negotiated and encrypted first code stream key as second
Body is ceased, conference facility is sent in the form of first the second signaling of agreement.
S304 sends the first signaling of second protocol to the second conference terminal.
Wherein, the first signaling of second protocol carries the encrypted bit stream information negotiated and encrypted first code stream is close
Key.
S305 receives second protocol second signaling of second conference terminal based on the first signaling feedback of second protocol.
Wherein, the second signaling of second protocol carries the encrypted code stream key negotiated and principal and subordinate determines.
Conference facility is established whole with the second meeting after receiving first the second signaling of agreement that the first conference terminal is sent
The connection at end.Second conference terminal negotiates principal and subordinate's decision, and determine to assist according to principal and subordinate after establishing connection with conference facility
Quotient goes out encrypted code stream key.
The encrypted code stream key negotiated and principal and subordinate are determined to carry in second protocol second by the second conference terminal
Conference facility is sent in signaling.
S306, preserves principal and subordinate and determines, second protocol third signaling is sent to the first conference terminal.
Wherein, second protocol third signaling is used to indicate the end that encrypted bit stream is negotiated.In the present embodiment, second protocol
The encrypted code stream key that three signalings carry the encryption information negotiated and negotiate.
The present embodiment carries out encrypted bit stream information and code stream key between the conference terminal using different agreement communication
Negotiation, and determine to be encrypted using the subsequent code stream of code stream key pair of which conference terminal according to principal and subordinate's message;I.e. originally
The control that invention passes through interaction sequential so that communicating pair can negotiate code stream key and encrypted bit stream information, and pass through
The conversion of part is encrypted to different agreement can realize the coded communication between different agreement, ensure that in same video conference system
Using the coded communication that can realize code stream between the conference terminal of different communication protocol in system, the safety across agreement is realized
To logical.
Further include that conference facility is registered to server before S301 in some optional embodiments of the present embodiment
The step of, specifically identical as the S201 of embodiment illustrated in fig. 2 to S203, details are not described herein.
In other optional embodiments of the present embodiment, further include before S303:Carrying out main cipher table version number is
No matched judgement, specifically similar with the S205 of embodiment illustrated in fig. 2 to S206, details are not described herein.
In some optional embodiments of the present embodiment, encrypted code stream is negotiated according to principal and subordinate's decision in S305
Key can be divided into following two situations:
When the first conference terminal is main, encrypted code stream key is determined by encrypted first code stream key;
When the first conference terminal be from when, encrypted code stream key is by the encrypted bit stream information negotiated and the second meeting
The second code stream secrete key that terminal generates is discussed to determine.Optionally, the encrypted bit stream information negotiated includes that Encryption Algorithm and master are close
The corresponding label of key can determine that master key using the label;Second conference terminal using the Encryption Algorithm that negotiates and
Second code stream secrete key is encrypted in master key, forms encrypted code stream key.
The first conference terminal is provided in the present invention, two kinds of caller between conference facility and the second conference terminal
Method;The first exhales the second conference terminal for the first conference terminal master, and second is that the second conference terminal master exhales the first conference terminal.
Hereinafter, above-mentioned two situations are interactively described in detail respectively.
Fig. 4 shows that the first conference terminal master exhales the interaction diagrams of the second conference terminal, under the method for calling, across association
The encrypted bit stream machinery of consultation of view includes:
S401 receives the reception connection request signaling that the first conference terminal is sent.Wherein, it is carried in the connection request signaling
Encrypted bit stream information and encrypted first code stream key.The S101 of embodiment illustrated in fig. 1 is referred to, it is no longer superfluous herein
It states.
S402 sends second protocol connection request signaling to the second conference terminal.Refer to embodiment illustrated in fig. 1
S102, details are not described herein.
S403 receives second protocol first signaling of second conference terminal based on second protocol connection request signaling feedback.
The S103 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S404, preserves principal and subordinate and determines, first the first signaling of agreement is sent to the first conference terminal.Refer to Fig. 1 institutes
Show the S104 of embodiment, details are not described herein.
S405 receives first the second signaling of agreement that the first conference terminal is sent.Refer to embodiment illustrated in fig. 1
S105, details are not described herein.
Fig. 5 shows that the first conference terminal master exhales the interaction diagrams of the second conference terminal, another under the method for calling
A kind of encrypted bit stream machinery of consultation across agreement, including:
S501 sends registration request to server.The S201 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S502 receives the version number using main cipher table and main cipher table after public key encryption that server is sent.In detail
The S202 of thin embodiment shown in Figure 2, details are not described herein.
S503 is decrypted using the main cipher table after private key pair encryption corresponding with public key, obtains main cipher table.In detail
The S203 of embodiment shown in Figure 2, details are not described herein.
S504 receives the connection request signaling that the first conference terminal is sent.Refer to embodiment illustrated in fig. 2
S204, details are not described herein.
S505, judges whether the version number of the main cipher table of the first conference terminal matches with the version number of itself main cipher table.
The S205 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
When the version number of the main cipher table of the first conference terminal and the version number of itself main cipher table mismatch, execute
S506;When the version numbers match of the version number of the main cipher table of the first conference terminal and itself main cipher table, S507.
S506 re-starts registration, with more new version number according to the height of version number to server.Refer to Fig. 2
The S206 of illustrated embodiment, details are not described herein.
S507 sends second protocol connection request signaling to the second conference terminal.Refer to embodiment illustrated in fig. 2
S207, details are not described herein.
S508 receives second protocol first signaling of second conference terminal based on second protocol connection request signaling feedback.
The S208 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S509, preserves principal and subordinate and determines, first the first signaling of agreement is sent to the first conference terminal.Refer to Fig. 2 institutes
Show the S209 of embodiment, details are not described herein.
S510 receives first the second signaling of agreement that the first conference terminal is sent.Refer to embodiment illustrated in fig. 2
S210, details are not described herein.
Fig. 6 shows that the second conference terminal master exhales the interaction diagrams of the first conference terminal, under the method for calling, across association
The encrypted bit stream machinery of consultation of view, including:
S601 receives the second protocol connection request signaling that the second conference terminal is sent.It refers to and implements shown in Fig. 3
The S301 of example, details are not described herein.
S602 sends the first protocol connection request signaling to the first conference terminal.Refer to embodiment illustrated in fig. 3
S302, details are not described herein.
S603 receives first agreement second signaling of first conference terminal based on the first protocol connection request signaling feedback.
The S303 of embodiment illustrated in fig. 3 is referred to, details are not described herein.
S604 sends the first signaling of second protocol to the second conference terminal.Refer to embodiment illustrated in fig. 3
S304, details are not described herein.
S605 receives second protocol second signaling of second conference terminal based on the first signaling feedback of second protocol.In detail
The S305 of embodiment shown in Figure 3, details are not described herein.
S606, preserves principal and subordinate and determines, second protocol third signaling is sent to the first conference terminal.Refer to Fig. 3 institutes
Show the S306 of embodiment, details are not described herein.
It is provided by the invention across the encrypted bit stream machinery of consultation of agreement on the basis of, below based on the first agreement be SIP
Agreement, second protocol are that H.323 agreement is described in detail.This programme mainly solves call encryption SIP and H.323 encrypts intercommunication
Problem.
There is characteristic using the H.323 call encryption of H.235 agreement:Negotiation algorithm and master key are exchanged by DH when calling;
Code stream key is determined by master (master) after principal and subordinate's decision;You [ is obtained in open walk;Encryption Algorithm, Zhu Miyao ]It is encrypted
Code stream key.And if the call encryption of SIP will with H.323 to logical, must be compatible with the above characteristic H.323.
Wherein, audio-video code stream rule is as follows:In H.323 using encryption rule H.235, master determines code stream
Key.And SIP does not have master-slave negotiation process, so to be compatible with H.323 using a rule.Audio and video key is in meeting in SIP
Carried in words description agreement (SDP), the interaction of SDP at least twice, then rule is exactly using the side for needing to change key
Key.
Change key is needed to be embodied in three aspects:
1) SIP point to point call, answer (response) Fang Xiang of SDP use the code stream key oneself generated:
For two sip terminals are point-to-point, if the side answer of SDP haves no need to change code stream key, that just makes
The code stream key just generated with the offer (calling) of SDP.So side answer of SDP generates the side offer when replying SDP
Code stream key remain untouched band in the past;
If the side answer of SDP wants to change code stream key, takes the key of oneself and reply SDP, the offer of SDP
Side just uses the key of the side answer.
Specifically, Fig. 7 and Fig. 8 is point-to-point sip terminal encrypt call process, in call encryption, wherein due to difference
Audio and video channel can use different communication keys, then we are placed on the different code stream secret keys after master key encryption
It is carried in each m rows.If being EAn in signaling head, for the code stream key of each m rows in SDP, with all in EAn
The Encryption Algorithm held is encrypted using the corresponding master keys of mki, generates several corresponding code stream key EK.If signaling head
In be EAx, then just only need to be encrypted with the Encryption Algorithm of EAx, using the corresponding master keys of mki, generate one it is corresponding
Code stream key EK.
Fig. 7 is the main process for exhaling carrying SDP in sip terminal call encryption flow, as shown in fig. 7, sip terminal MT1 exists
One in SDP, main cipher table version number ver, the Encryption Algorithm EAn of all supports, the main cipher table of selection is taken when INVITE
The code stream key EKn of Encryption Algorithm EAn and master key encryption is used in each m rows of master key corresponding mki and SDP,
It is sent to sip terminal MT2;If MT2 agrees to this call encryption, one such Encryption Algorithm EAx is selected, and according to code
Stream secrete key determines that rule replys MT1.
Close using the main corresponding masters of mki exhaled using the code stream key that oneself is generated when if MT2 wants finally to communicate
Encryption Algorithm EAx after key, selection encrypts the code stream key of oneself and generates EKx, is replied in 200OK;
The code stream key generated using MT1 if MT2, is directly remained untouched when 200OK is replied and takes selection
The corresponding EKx of Encryption Algorithm EAx are replied.Can be used after subsequent voice calls success the Encryption Algorithm EAx that consults and
The RTP audio/video communications that code stream secret key is encrypted.
Fig. 8 is that master exhales the process for not carrying SDP in sip terminal call encryption flow, as shown in figure 8, sip terminal MT1 exists
Main cipher table version number ver, the corresponding mki of a master key in the main cipher table of selection and all supports are taken when INVITE
Encryption Algorithm EAx be sent to sip terminal MT2;If MT2 agrees to this call encryption, it is found that master exhales INVITE not have band
SDP, then take SDP, selection Encryption Algorithm EAx and SDP each m rows in use Encryption Algorithm EAx and master key encryption
Code stream key EKx reply MT1.After MT1 receives the 200OK replies of MT2, then this Encryption Algorithm EAx is confirmed, and according to code stream
Key determines that rule replys MT2.
Close using the main corresponding masters of mki exhaled using the code stream key that oneself is generated when if MT1 wants finally to communicate
Key, Encryption Algorithm EAx encrypt the code stream key of oneself and generate EKx, are replied in ACK;
The code stream key generated using MT2 if MT1 is directly remained untouched when ACK is replied and takes EKx replies i.e.
It can.
The RTP sounds that the Encryption Algorithm consulted and code stream secret key can be used to be encrypted after subsequent voice calls success regard
Frequency communicates.
2) using the call encryption H.323 of H.235 cryptographic protocol, principal and subordinate can be passed through and determine that key must be by master
It determines:
For a sip terminal and one H.323 terminal by H.323-SIP- gateway call for, H.323 terminal is
With H.235 agreement, key is determined by master.
If that sip terminal becomes master, then key is determined by sip terminal, H.323 terminal does not just change key
It is necessary, gateway reply sip terminal SDP when carry or sip terminal key;
If H.323 terminal is master, just has and change the necessary of key, when gateway replys sip terminal SDP
What is carried is the key that H.323 terminal generates.
3) for a multipoint conference, code stream key need to be set by MCU (multipoint control unit):
For in meeting, key is determined by MCU, for the calling with H.323 terminal, MCU is exactly usually master,
So MCU, which just has, changes the necessary of key;For the calling with sip terminal, sip terminal is just replied (or generation) with MCU
Key it is all right.
Signaling time-sequence control when entire conceptual design is mainly concerned with SIP and H.323 encrypts to leading to, and encryption performance
The conversion of form, these functions are required for gateway to complete.And calling is divided into sip terminal master and exhales H.323 terminal, and H.323 eventually
End master exhales two kinds of situations of sip terminal.And in two ways, it is point-to-point to correspond SIP to logical process for sip terminal and gateway
The two ways of call encryption:
I.e. sip terminal master exhales the case where H.323 terminal-pair answers the point-to-point call encryption masters of SIP to exhale INVITE band SDP;
H.323 terminal master exhales sip terminal to correspond to the point-to-point call encryption masters of SIP and exhales the case where INVITE is without SDP.
So the gateway based on RFC4123 also needs to complete following additional functionality:
1) main cipher table is obtained when gateway is registered to SIP registrar server;
2) as sip terminal, when calling, need to judge the version number of main cipher table, and be inquired by label corresponding
Master key;
3) Encryption Algorithm form the Encryption Algorithm EAn or EAx of SIP and H.235 is needed to be converted mutually;
4) it as sip terminal, needs to decrypt code stream key according to Encryption Algorithm negotiation rules, master key rule;
5) result that H.323 side principal and subordinate determines need to be preserved;
6) it needs to complete the sides SIP and the H.323 negotiation of side code stream key using rule according to audio-video code stream key.
Such as Fig. 9 gateway registration processes, in call encryption, gateway to be carried out with H.323 terminal H.323+H.235 flow plus
Close calling and sip terminal carry out SIP call encryptions, and gateway also will be when registering, in addition to basis to SIP registrar server
The rule (register name is alias/E164 H.323, and registered address is the address of gateway) of RFC4132, will also take gateway
Public key, so that main cipher table can be parsed.And gateway then still walks normal H.323 flow when being registered to GK (gatekeeper), because
For master key table need not be obtained.Figure 10 shows that sip server updates main cipher table process to gateway.
Figure 11 and Figure 12 is SIP and H.323 terminal-pair leads to sequence diagram, wherein H.245 process includes:The interaction of TCS capability sets,
MSD principals and subordinates determine, OLC (audio, video) opens audio and video channel etc..H.323-SIP- the thing that gateway is done:In addition to carrying out
H.323, the normal Signalling conversion of SIP, signaling time-sequence control, while needing conversion encryption related, detailed way is as follows:
1) algorithm is converted:Standard H.235 with the conversion of the Encryption Algorithm EAn and EAx with string representation of SIP
Such as EAn=
"AES-128",
"AES-256",
"3DES"
Being converted into H.235 form is:
OID=
"itu-t recommendation h(8)235 0 3 24",
"itu-t recommendation h(8)235 0 3 45",
"itu-t recommendation h(8)235 0 1 5"
2) principal and subordinate's signals are preserved, which side code stream key is used to determine.H.323 terminal is after principal and subordinate determines
It negotiates:
H.323 terminal is master, then sip terminal is exactly slave.Key determines that gateway is in conduct by H.323 terminal
H.323 terminal band comes after OLC code stream key is taken when being replied with the side answer of the SDP of the sides SIP to sip terminal;
Similar, if sip terminal becomes master, key is determined that H.323 terminal will be waited by sip terminal
Master generated code stream secrete keys, gateway take the code stream key of sip terminals generation when with H.323 terminal open walk, reply SIP
The code stream key of generation carried when terminal SDP or sip terminal.
After Encryption Algorithm, the success of code stream key agreement, RTP that H.323 terminal and sip terminal can directly be encrypted
Communication takes the ground of two lateral terminals when needing gateway in open walk if directly encrypting RTP communications without gateway certainly
Location, otherwise gateway will carry out transfer.
Correspondingly, 3 are please referred to Fig.1, the embodiment of the present invention provides a kind of encrypted bit stream consulting device across agreement, the device
Including:
First receiving module 1301, the first protocol connection request signaling for receiving the transmission of the first conference terminal are described
Encrypted bit stream information and encrypted first code stream key are carried in first protocol connection request signaling.
First sending module 1302, for the second conference terminal send second protocol connection request signaling, described second
The encrypted bit stream information and the encrypted first code stream key are carried in protocol connection request signaling.
Second receiving module 1303 is based on the second protocol connection request signaling for receiving second conference terminal
The first signaling of second protocol of feedback, the first signaling of the second protocol carry principal and subordinate and determine and first message body, and described the
One message body includes the encrypted bit stream information negotiated and encrypted encrypted bit stream information.
Second sending module 1304, determines for preserving the principal and subordinate, and the first agreement is sent to first conference terminal
First signaling, first signaling of the first agreement carry the first message body.
Third receiving module 1305, first the second signaling of agreement sent for receiving first conference terminal are described
First the second signaling of agreement is used to indicate the end that encrypted bit stream is negotiated.
Correspondingly, 4 are please referred to Fig.1, the embodiment of the present invention also provides a kind of encrypted bit stream consulting device across agreement, the dress
Set including:
4th receiving module 1401, the second protocol connection request signaling for receiving the transmission of the second conference terminal are described
Encrypted bit stream information is carried in second protocol connection request signaling.
Third sending module 1402, for the first conference terminal send the first protocol connection request signaling, described first
The encrypted bit stream information is carried in protocol connection request signaling.
5th receiving module 1403 is based on the first protocol connection request signaling for receiving first conference terminal
First the second signaling of agreement of feedback, second signaling of the first agreement carry second message body, and the second message body includes
The encrypted bit stream information negotiated and encrypted first code stream key.
4th sending module 1404, for second conference terminal send the first signaling of second protocol, described second
The encrypted bit stream information negotiated described in the carrying of the first signaling of agreement and the encrypted first code stream key.
6th receiving module 1405 is based on the first signaling feedback of the second protocol for receiving second conference terminal
The second signaling of second protocol, the second signaling of the second protocol carries the encrypted code stream key that negotiates and principal and subordinate determines
It is fixed.
5th sending module 1406, determines for preserving the principal and subordinate, and second protocol is sent to first conference terminal
Third signaling, the second protocol third signaling are used to indicate the end that encrypted bit stream is negotiated.
The embodiment of the present invention additionally provides a kind of conference facility, and as shown in figure 15, which may include processor
1501 and memory 1502, wherein processor 1501 can be connected by bus or other modes with memory 1502, Figure 15
In for being connected by bus.
Processor 1501 can be central processing unit (Central Processing Unit, CPU).Processor 1501 is also
Can be other general processors, digital signal processor (Digital Signal Processor, DSP), special integrated electricity
Road (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
The combination of the chips such as discrete hardware components or above-mentioned all kinds of chips.
Memory 1502 be used as a kind of non-transient computer readable storage medium, can be used for storing non-transient software program,
Non-transient computer executable program and module, such as adding for the encrypted bit stream consulting device across agreement in the embodiment of the present invention
Corresponding program instruction/the module of close machinery of consultation is (for example, the first receiving module 1301, the first sending module shown in Figure 13
1302, the second receiving module 1303, the second sending module 1304 and third receiving module 1305).Processor 1501 passes through operation
Non-transient software program, instruction and the module being stored in memory 1502, to execute the various function application of processor
And data processing, that is, realize the encrypted bit stream machinery of consultation across agreement in above method embodiment.
Memory 1502 may include storing program area and storage data field, wherein storing program area can store operation system
System, the required application program of at least one function;Storage data field can store the data etc. that processor 1501 is created.This
Outside, memory 1502 may include high-speed random access memory, can also include non-transient memory, for example, at least a magnetic
Disk storage device, flush memory device or other non-transient solid-state memories.In some embodiments, 1502 optional packet of memory
The memory remotely located relative to processor 1501 is included, these remote memories can pass through network connection to processor
1501.The example of above-mentioned network includes but not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.
One or more of modules are stored in the memory 1502, when being executed by the processor 1501,
Execute the encrypted bit stream machinery of consultation across agreement in embodiment as shown in figures 1 to 6.
Above-mentioned conference facility detail can correspond to refering to fig. 1 to corresponding associated description in embodiment shown in fig. 6
Understood with effect, details are not described herein again.
It is that can lead to it will be understood by those skilled in the art that realizing all or part of flow in above-described embodiment method
It crosses computer program and is completed to instruct relevant hardware, the program can be stored in a computer read/write memory medium
In, the program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic disc,
CD, read-only memory (Read-Only Memory, ROM), random access memory (Random Access
Memory, RAM), flash memory (Flash Memory), hard disk (Hard Disk Drive, abbreviation:) or solid state disk HDD
(Solid-State Drive, SSD) etc.;The storage medium can also include the combination of the memory of mentioned kind.
Although being described in conjunction with the accompanying the embodiment of the present invention, those skilled in the art can not depart from the present invention
Spirit and scope in the case of various modifications and variations can be made, such modifications and variations are each fallen within by appended claims institute
Within the scope of restriction.
Claims (10)
1. a kind of encrypted bit stream machinery of consultation across agreement, which is characterized in that including:
The first protocol connection request signaling of the first conference terminal transmission is received, is carried in the first protocol connection request signaling
Encrypted bit stream information and encrypted first code stream key;
Send second protocol connection request signaling to the second conference terminal, carry in the second protocol connection request signaling described in
Encrypted bit stream information and the encrypted first code stream key;
Receive second protocol first signaling of second conference terminal based on the second protocol connection request signaling feedback, institute
It includes that the code stream negotiated adds to state the first signaling of second protocol and carry principal and subordinate's decision and first message body, the first message body
Confidential information and the encrypted code stream key negotiated;
It preserves the principal and subordinate to determine, first the first signaling of agreement, first agreement first is sent to first conference terminal
Signaling carries the first message body;
First the second signaling of agreement that first conference terminal is sent is received, second signaling of the first agreement is for indicating code
The end that stream encryption is negotiated.
2. encrypted bit stream machinery of consultation according to claim 1, which is characterized in that the first conference terminal of the reception is sent
The first protocol connection request signaling the step of before, further include:
Registration request is sent to server, public key is carried in the registration request;
The version number using main cipher table and the main cipher table after the public key encryption that server is sent is received,
In, the master key in the main cipher table is corresponded with label;
The encrypted main cipher table is decrypted using private key corresponding with the public key, obtains the main cipher table.
3. encrypted bit stream machinery of consultation according to claim 2, which is characterized in that the encrypted bit stream information includes described
The version number of the main cipher table of first conference terminal;
Before described the step of sending second protocol connection request signaling to the second conference terminal, further include:
Judge whether the version number of the main cipher table of the first conference terminal matches with the version number of itself main cipher table;
When the version number of itself main cipher table and the version number of the main cipher table of the first conference terminal mismatch, according to version
Number height re-start registration to the server, to update the version number.
4. encrypted bit stream machinery of consultation according to claim 3, which is characterized in that the encrypted bit stream information further includes:
Several Encryption Algorithm and the first label, first label in the main cipher table for uniquely determining the master key.
5. encrypted bit stream machinery of consultation according to claim 1, which is characterized in that the encrypted code stream negotiated
Key, including:
When first conference terminal is main, the encrypted code stream key is determined by the encrypted first code stream key
It is fixed;Or,
When first conference terminal be from when, the encrypted code stream key by the encrypted bit stream information negotiated and
The second code stream secrete key that second conference terminal generates determines.
6. a kind of encrypted bit stream machinery of consultation across agreement, which is characterized in that including:
The second protocol connection request signaling of the second conference terminal transmission is received, is carried in the second protocol connection request signaling
Encrypted bit stream information;
Send the first protocol connection request signaling to the first conference terminal, carry in the first protocol connection request signaling described in
Encrypted bit stream information;
Receive first agreement second signaling of first conference terminal based on the first protocol connection request signaling feedback, institute
It states first the second signaling of agreement and carries second message body, the second message body includes the encrypted bit stream information negotiated and adds
The first code stream key after close;
The first signaling of second protocol is sent to second conference terminal, is negotiated described in the carrying of the first signaling of the second protocol
Encrypted bit stream information and the encrypted first code stream key;
Receive second protocol second signaling of second conference terminal based on the first signaling feedback of the second protocol, described
Two the second signalings of agreement carry the encrypted code stream key negotiated and principal and subordinate determines;
It preserves the principal and subordinate to determine, second protocol third signaling, the second protocol third is sent to first conference terminal
Signaling is used to indicate the end that encrypted bit stream is negotiated.
7. a kind of encrypted bit stream consulting device across agreement, which is characterized in that including:
First receiving module, the first protocol connection request signaling for receiving the transmission of the first conference terminal, first agreement
Encrypted bit stream information and several encrypted first code stream keys are carried in connection request signaling;
First sending module, for sending second protocol connection request signaling, the second protocol connection to the second conference terminal
The encrypted bit stream information and the encrypted first code stream key are carried in demand signalling;
Second receiving module, for receiving second conference terminal based on the second protocol connection request signaling feedback
Two the first signalings of agreement, the first signaling of the second protocol carry principal and subordinate's decision and first message body, the first message body
Including the encrypted bit stream information negotiated and encrypted encrypted bit stream information;
Second sending module, determines for preserving the principal and subordinate, and first the first signaling of agreement is sent to first conference terminal,
First agreement, first signaling carries the first message body;
Third receiving module, first the second signaling of agreement sent for receiving first conference terminal, first agreement
Second signaling is used to indicate the end that encrypted bit stream is negotiated.
8. a kind of encrypted bit stream consulting device across agreement, which is characterized in that including:
4th receiving module, the second protocol connection request signaling for receiving the transmission of the second conference terminal, the second protocol
Encrypted bit stream information is carried in connection request signaling;
Third sending module, for sending the first protocol connection request signaling, the first agreement connection to the first conference terminal
The encrypted bit stream information is carried in demand signalling;
5th receiving module, for receiving first conference terminal based on the first protocol connection request signaling feedback
One the second signaling of agreement, second signaling of the first agreement carry second message body, and the second message body includes negotiating
Encrypted bit stream information and encrypted first code stream key;
4th sending module, for sending the first signaling of second protocol, the second protocol first to second conference terminal
The encrypted bit stream information negotiated described in signaling carrying and the encrypted first code stream key;
6th receiving module, for receiving second association of second conference terminal based on the first signaling feedback of the second protocol
The second signaling is discussed, the second signaling of the second protocol carries the encrypted code stream key negotiated and principal and subordinate determines;
5th sending module, determines for preserving the principal and subordinate, and second protocol third signaling is sent to first conference terminal,
The second protocol third signaling is used to indicate the end that encrypted bit stream is negotiated.
9. a kind of conference facility, which is characterized in that including:
Memory and processor communicate connection, are stored in the memory between the memory and the processor
Computer instruction, the processor by executing the computer instruction, to perform claim require 1-6 any one of them across
The encrypted bit stream machinery of consultation of agreement.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to
It enables, the computer instruction is used to make the encrypted bit stream that the computer perform claim requires 1-6 any one of them across agreement
Machinery of consultation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810374991.8A CN108696512B (en) | 2018-04-24 | 2018-04-24 | Cross-protocol code stream encryption negotiation method and device and conference equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810374991.8A CN108696512B (en) | 2018-04-24 | 2018-04-24 | Cross-protocol code stream encryption negotiation method and device and conference equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108696512A true CN108696512A (en) | 2018-10-23 |
CN108696512B CN108696512B (en) | 2021-02-02 |
Family
ID=63845735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810374991.8A Active CN108696512B (en) | 2018-04-24 | 2018-04-24 | Cross-protocol code stream encryption negotiation method and device and conference equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108696512B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110475095A (en) * | 2019-08-21 | 2019-11-19 | 苏州科达科技股份有限公司 | A kind of conference control method, device, equipment and readable storage medium storing program for executing |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1956443A (en) * | 2005-10-24 | 2007-05-02 | 华为技术有限公司 | Encipher method of NGN service |
CN104753937A (en) * | 2015-03-24 | 2015-07-01 | 江苏物联网研究发展中心 | SIP (System In Package)-based security certificate registering method |
US9485361B1 (en) * | 2012-02-22 | 2016-11-01 | West Corporation | Internet SIP registration/proxy service for audio conferencing |
CN107251512A (en) * | 2015-01-21 | 2017-10-13 | 瑞典爱立信有限公司 | Enhancing with the IMS sessions of secure media is set up |
CN107612931A (en) * | 2017-10-20 | 2018-01-19 | 苏州科达科技股份有限公司 | Multipoint session method and multipoint session system |
CN107846567A (en) * | 2017-11-02 | 2018-03-27 | 苏州科达科技股份有限公司 | A kind of SRTP capability negotiations method and conference terminal |
US20180103357A1 (en) * | 2005-08-05 | 2018-04-12 | Interdigital Technology Corporation | Method and system for reporting a short message capability via an ip multimedia subsystem |
-
2018
- 2018-04-24 CN CN201810374991.8A patent/CN108696512B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180103357A1 (en) * | 2005-08-05 | 2018-04-12 | Interdigital Technology Corporation | Method and system for reporting a short message capability via an ip multimedia subsystem |
CN1956443A (en) * | 2005-10-24 | 2007-05-02 | 华为技术有限公司 | Encipher method of NGN service |
US9485361B1 (en) * | 2012-02-22 | 2016-11-01 | West Corporation | Internet SIP registration/proxy service for audio conferencing |
CN107251512A (en) * | 2015-01-21 | 2017-10-13 | 瑞典爱立信有限公司 | Enhancing with the IMS sessions of secure media is set up |
CN104753937A (en) * | 2015-03-24 | 2015-07-01 | 江苏物联网研究发展中心 | SIP (System In Package)-based security certificate registering method |
CN107612931A (en) * | 2017-10-20 | 2018-01-19 | 苏州科达科技股份有限公司 | Multipoint session method and multipoint session system |
CN107846567A (en) * | 2017-11-02 | 2018-03-27 | 苏州科达科技股份有限公司 | A kind of SRTP capability negotiations method and conference terminal |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110475095A (en) * | 2019-08-21 | 2019-11-19 | 苏州科达科技股份有限公司 | A kind of conference control method, device, equipment and readable storage medium storing program for executing |
Also Published As
Publication number | Publication date |
---|---|
CN108696512B (en) | 2021-02-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20090080655A1 (en) | Network system, data transmission device, session monitor system and packet monitor transmission device | |
JP4401849B2 (en) | System and method for establishing a secondary channel | |
US7958233B2 (en) | Method for lawfully intercepting communication IP packets exchanged between terminals | |
KR101367038B1 (en) | Efficient key management system and method | |
CN101635823B (en) | Method and system of terminal for encrypting videoconference data | |
US7464267B2 (en) | System and method for secure transmission of RTP packets | |
CN105025475B (en) | Mobile secrecy terminal realizing method towards android system | |
CN100466805C (en) | Method for end-to-end enciphoring voice telecommunication | |
US9363034B2 (en) | Method to encrypt information that is transferred between two communication units | |
US20090070586A1 (en) | Method, Device and Computer Program Product for the Encoded Transmission of Media Data Between the Media Server and the Subscriber Terminal | |
CN108833943A (en) | The encrypted negotiation method, apparatus and conference terminal of code stream | |
CN102204303A (en) | Systems and methods for utilizing ims data security mechanisms in a circuit switched network | |
CN104618387A (en) | Method applying SIP signaling to quantum secure communication system, integrated access quantum gateway and system | |
JP2006217446A (en) | Remote conference system | |
Petraschek et al. | Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP. | |
US9819651B2 (en) | Secure voice and text communication | |
Wing et al. | Requirements and analysis of media security management protocols | |
US7684385B2 (en) | Inter-enterprise telephony using a central brokerage device | |
CN108696512A (en) | Across encrypted bit stream machinery of consultation, device and the conference facility of agreement | |
CN114866234B (en) | Voice communication method, device, equipment and storage based on quantum key encryption and decryption | |
JP2007013254A (en) | Speech recording method and system in ip telephon call | |
KR101121230B1 (en) | Sip base voip service protection system and the method | |
KR20120087550A (en) | Encrypted Communication Method and Encrypted Communication System Using the Same | |
KR100458954B1 (en) | Method for transmitting a encryption data | |
US20050228997A1 (en) | Methods and devices for providing secure communication sessions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |