CN113656822A - Multimedia conference key management method, device, equipment and storage medium - Google Patents

Multimedia conference key management method, device, equipment and storage medium Download PDF

Info

Publication number
CN113656822A
CN113656822A CN202111023471.0A CN202111023471A CN113656822A CN 113656822 A CN113656822 A CN 113656822A CN 202111023471 A CN202111023471 A CN 202111023471A CN 113656822 A CN113656822 A CN 113656822A
Authority
CN
China
Prior art keywords
key
terminal
encryption key
conference
version
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111023471.0A
Other languages
Chinese (zh)
Inventor
任旭斌
张舒黎
周泽恒
段品言
周小东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Westone Information Industry Inc
Original Assignee
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Westone Information Industry Inc filed Critical Chengdu Westone Information Industry Inc
Priority to CN202111023471.0A priority Critical patent/CN113656822A/en
Publication of CN113656822A publication Critical patent/CN113656822A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present disclosure relates to a multimedia conference key management method, apparatus, device and storage medium, the method is applied to a conference management device, and includes: when a key updating triggering condition is met, a new key encryption key is obtained; sending a key updating message to each terminal entering the meeting so that each terminal returns an updating confirmation message after acquiring the identifier of the meeting management equipment and the version of the new key encryption key; carrying out hash value verification on the update confirmation messages returned by each terminal; and determining whether each terminal completes the key updating operation or not according to the verification result. By applying the technical scheme provided by the application, the key encryption key can be effectively managed, so that each terminal can update the key encryption key in time, the audio and video encryption key can be better protected, and the security of the multimedia conference is improved.

Description

Multimedia conference key management method, device, equipment and storage medium
Technical Field
The present application relates to the field of computer application technologies, and in particular, to a multimedia conference key management method, apparatus, device, and storage medium.
Background
With the rapid development of computer technology and network technology, the application range of multimedia conferences such as audio and video is more and more extensive. The multimedia conference is carried out depending on the network, and has the characteristics of high efficiency, low cost, quickness, convenience and the like. The user can join the multimedia conference through the corresponding terminal.
However, since the multimedia conference has a certain privacy, and the data of the multimedia conference also has privacy, if the data is lost, the risk of secret leakage and the like is likely to occur, and the security is low. In order to improve the security of the multimedia conference, the sending end can use the audio and video encryption key to encrypt the data of the multimedia conference and send the data to the receiving end, and the receiving end decrypts the data. And the sending end generates or updates the audio and video encryption key, encrypts the audio and video encryption key by using the key encryption key, and the ciphertext is contained in the audio and video data. The receiving end can obtain the audio and video encryption key through the key encryption key, so that the protected audio and video data can be decrypted.
The technical problem that technical personnel in the field need to solve at present is how to effectively manage the key encryption key by the conference management equipment, reduce the leakage risk of the audio and video encryption key caused by the leakage of the key encryption key, and reduce the security risk of the multimedia conference.
Disclosure of Invention
The application aims to provide a multimedia conference key management method, a device, equipment and a storage medium, so as to effectively manage a key encryption key and improve the security of a multimedia conference.
In order to solve the technical problem, the application provides the following technical scheme:
a multimedia conference key management method is applied to a conference management device, and comprises the following steps:
when a key updating triggering condition is met, a new key encryption key is obtained;
sending a key updating message to each terminal entering the meeting, wherein the key updating message carries a ciphertext obtained by encrypting the identification of the conference management equipment, the version of the new key encryption key and the new key encryption key by using a network key corresponding to each terminal, so that each terminal returns an updating confirmation message after obtaining the identification of the conference management equipment and the version of the new key encryption key, and the updating confirmation message carries a hash value obtained by performing hash operation on the identification of each terminal, the identification of the conference management equipment and the version of the new key encryption key by using the network key corresponding to each terminal;
carrying out hash value verification on the update confirmation messages returned by each terminal;
and determining whether each terminal completes the key updating operation or not according to the verification result.
In one embodiment of the present application, the method further includes:
and for each terminal entering the meeting, if the current terminal is determined not to finish the key updating operation, the key updating message is sent to the current terminal again.
In one embodiment of the present application, the method further includes:
and if the current terminal is determined not to finish the key updating operation for N times, the current terminal is prohibited from participating in the conference service, and N is a positive integer.
In a specific embodiment of the present application, the key update message and the update confirmation message both carry related information of a secure interaction mechanism version, so that the conference management device and each terminal interact based on the same secure interaction mechanism version.
In a specific embodiment of the present application, the key update message carries certificate related information, and after receiving an update confirmation message returned by each terminal, the method further includes:
and if the update confirmation message carries the certificate of the corresponding terminal, locally storing the corresponding certificate.
In a specific embodiment of the present application, the obtaining a new-key encryption key includes:
and applying for obtaining a new key encryption key from the key management device.
In one embodiment of the present application, the method further includes:
receiving a key inquiry request sent by any terminal entering a meeting, wherein the key inquiry request carries a ciphertext obtained by encrypting the identifier of the current terminal and the version of a key encryption key by using the network key of the current terminal;
decrypting the ciphertext in the key inquiry request by using the network key of the current terminal to obtain the identifier of the current terminal and the version of the key encryption key;
determining a key encryption key corresponding to the key encryption key version;
and returning a key response message to the current terminal, wherein the key response message carries a cipher text obtained by encrypting the identifier of the current terminal, the identifier of the conference management equipment, the version of the key encryption key and a corresponding key encryption key by using the network key of the current terminal, so that the current terminal analyzes the key response message to obtain the corresponding key encryption key.
A multimedia conference key management apparatus applied to a conference management device, the apparatus comprising:
the new key obtaining module is used for obtaining a new key encryption key when a key updating triggering condition is met;
a key update message sending module, configured to send a key update message to each terminal entering a meeting, where the key update message carries a ciphertext obtained by encrypting the identifier of the conference management device, the version of the new key encryption key, and the new key encryption key using a network key corresponding to each terminal, so that each terminal returns an update confirmation message after obtaining the identifier of the conference management device and the version of the new key encryption key, and the update confirmation message carries a hash value obtained by performing a hash operation on the identifier of each terminal, the identifier of the conference management device, and the version of the new key encryption key using the network key corresponding to each terminal;
the hash check module is used for carrying out hash value check on the update confirmation messages returned by the terminals;
and the updating operation determining module is used for determining whether each terminal completes the key updating operation according to the verification result.
A multimedia conference key management device comprising:
a memory for storing a computer program;
a processor for implementing the steps of the multimedia conference key management method according to any one of the above when executing the computer program.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the multimedia conference key management method of any of the above.
By applying the technical scheme provided by the embodiment of the application, when meeting management equipment reaches a key updating triggering condition, acquiring a new key encryption key, sending a key updating message to each terminal entering a meeting, wherein the key updating message carries a cipher text obtained by encrypting the identification of the meeting management equipment, the version of the new key encryption key and the new key encryption key by using a network key corresponding to each terminal so that each terminal acquires the identification of the meeting management equipment and the version of the new key encryption key, and returns an updating confirmation message, the updating confirmation message carries a hash value obtained by carrying out hash operation on the identification of each terminal, the identification of the meeting management equipment and the version of the new key encryption key by using the network key corresponding to each terminal, and the meeting management equipment carries out hash value verification on the updating confirmation message returned by each terminal, and determining whether each terminal completes the key updating operation or not according to the verification result. The key encryption key is effectively managed, so that each terminal can update the key encryption key in time, the audio and video encryption key can be better protected, and the security of the multimedia conference is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating an implementation of a multimedia conference key management method in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a multimedia conference key management apparatus according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a multimedia conference key management device in an embodiment of the present application.
Detailed Description
The core of the application is to provide a multimedia conference key management method, which can be applied to conference management equipment. The conference management device may manage terminals involved in the multimedia conference that are to be conferenced or have been conferenced.
The conference management apparatus may obtain the key encryption key in advance. Specifically, the conference management device may generate a key encryption key, and may also perform key management by the key management device, and after accessing the network, the conference management device applies for obtaining the key encryption key from the key management device, and of course, the conference management device may also obtain the key encryption key in other ways, which is not limited in this disclosure.
In addition, the conference management device can also obtain the network key of each terminal which is accessed to the network through inquiry of the key management device. The network access is a precondition that a terminal is added into a multimedia conference, in practical application, each terminal to be accessed to the network can be authenticated and controlled through network management equipment, the network management equipment and the terminal can obtain a network key of the terminal in the process of authenticating and controlling the terminal through the network management equipment, the network management equipment can send the network key of the terminal to key management equipment, and the key management equipment stores the network key of the terminal.
The conference management equipment updates and manages the key encryption key, so that each terminal entering the conference can update the key encryption key in time, the security of the audio and video encryption key is enhanced, and the security of the multimedia conference is improved.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, there is shown a flowchart of an implementation of a multimedia conference key management method provided in an embodiment of the present application, where the method may include the following steps:
s110: and when a key updating triggering condition is reached, obtaining a new key encryption key.
In the embodiment of the present application, a key update triggering condition may be preset. The key update triggering condition is considered to be reached when a set update period is reached, which may be one day or other. For another example, when an event such as a new terminal entering a meeting or a terminal returning from the meeting is detected, it may be considered that the key update triggering condition is reached.
When a key update trigger condition is reached, a new key encryption key may be obtained. Specifically, the conference management apparatus may generate a new-key encryption key by itself, or may apply for obtaining the new-key encryption key from the key management apparatus.
S120: and sending a key updating message to each terminal entering the conference, so that each terminal returns an updating confirmation message after acquiring the identifier of the conference management equipment and the version of the new key encryption key.
The key updating message carries a ciphertext obtained by encrypting the identification of the conference management equipment, the version of the new key encryption key and the new key encryption key by using the network key corresponding to each terminal; the update confirmation message carries hash values obtained by performing hash operation on respective identifiers, identifiers of the conference management equipment and versions of the new key encryption keys by using respective corresponding network keys.
The conference management apparatus may obtain in advance a network key corresponding to each terminal that has entered the conference. Specifically, the key management device may be queried for a network key corresponding to each terminal that obtained the conference.
When the key update triggering condition is met, after the new key encryption key is obtained, the conference management equipment can encrypt the identification of the conference management equipment, the version of the new key encryption key and the new key encryption key by using the network key corresponding to each terminal entering the conference to obtain a ciphertext, and the corresponding ciphertext is carried in the key update message sent to each terminal entering the conference.
For example, the conference management device sends a key update message to the terminal a, where the key update message carries a ciphertext obtained by encrypting the identifier of the conference management device, the version of the new key encryption key, and the new key encryption key using the network key of the terminal a. For another example, the conference management device sends a key update message to the terminal B, where the key update message carries a ciphertext obtained by encrypting the identifier of the conference management device, the version of the new key encryption key, and the new key encryption key using the network key of the terminal B.
After receiving the key update message sent by the conference management equipment, each terminal entering the conference can decrypt the ciphertext carried in the received key update message by using the respective corresponding network key to obtain the identifier of the conference management equipment and the version of the new key encryption key. After each terminal obtains the identifier of the conference management device and the version of the new key encryption key, hash operation can be performed on the identifier of each terminal, the identifier of the conference management device and the version of the new key encryption key by using the corresponding network key to obtain a hash value, and the hash value can be carried in an update confirmation message returned to the conference management device.
For example, the conference management device sends a key update message to the terminal a, the terminal a decrypts a ciphertext carried in the received key update message by using a network key of the terminal a to obtain an identifier of the conference management device and a version of a new key encryption key, hash operation is performed on the identifier of the terminal a, the identifier of the conference management device and the version of the new key encryption key by using the network key of the terminal a to obtain a hash value, and the hash value is carried in an update confirmation message returned to the conference management device. For another example, the conference management device sends a key update message to the terminal B, the terminal B decrypts a ciphertext carried in the received key update message by using the network key of the terminal B to obtain an identifier of the conference management device and a version of the new key encryption key, hash operation is performed on the identifier of the terminal B, the identifier of the conference management device and the version of the new key encryption key by using the network key of the terminal B to obtain a hash value, and the hash value is carried in an update confirmation message returned to the conference management device.
S130: and carrying out hash value verification on the update confirmation messages returned by each terminal.
After receiving the update confirmation message returned by each terminal, the conference management device may perform hash value verification on the corresponding update confirmation message. Specifically, the conference management device may perform a reverse hash operation on the hash value carried in the corresponding update confirmation message by using the network key corresponding to each terminal, determine whether the identifier of the corresponding terminal, the identifier of the conference management device, and the version of the new key encryption key can be obtained, and determine whether the obtained identifier of the conference management device and the version of the new key encryption key are correct. Or, the conference management device may perform hash operation on the pre-obtained identifier of the corresponding terminal, the identifier of the conference management device, and the version of the new key encryption key by using the network key corresponding to each terminal, and determine whether the obtained hash value is consistent with the hash value carried in the corresponding update confirmation message.
S140: and determining whether each terminal completes the key updating operation or not according to the verification result.
After the conference management device performs hash value verification on the update confirmation message returned by each terminal, a corresponding verification result can be obtained, and whether each terminal completes the key update operation or not can be determined according to the verification result. For each terminal, if the verification result is that the verification is successful, it may be determined that the terminal completes the key updating operation, and if the verification result is that the verification fails, it may be determined that the terminal does not complete the key updating operation.
It can be understood that, if the terminal entering the conference is in a normal working state, when receiving the key update message sent by the conference management device, the terminal may normally return an update confirmation message, and the result of successful verification will be obtained by verifying the hash value carried in the update confirmation message returned by the terminal.
For each terminal entering the conference, if the current terminal is determined to complete the key updating operation, the conference entering state of the current terminal can be continuously maintained, and the current terminal can use the new key encryption key to perform operations such as encryption and decryption on the audio and video encryption key. If the current terminal is determined not to complete the key updating operation, the current terminal can be prohibited from participating in the conference service. Or, the key update message may be sent to the current terminal again, so as to reduce the situation of verification failure caused by network transmission and the like. If the current terminal is determined not to finish the key updating operation for N times, the current terminal can be prohibited from participating in the conference service, wherein N is a positive integer, such as 1 or a positive integer greater than 1. So as to ensure that all terminals entering the conference are in a normal working state. And if the current terminal wants to enter the conference, the operations such as conference entering authentication and the like need to be carried out again.
By applying the method provided by the embodiment of the application, when the conference management equipment reaches the key updating triggering condition, obtaining a new key encryption key, sending a key updating message to each terminal entering the meeting, wherein the key updating message carries a cipher text obtained by encrypting the identification of the conference management equipment, the version of the new key encryption key and the new key encryption key by using the network key corresponding to each terminal, and the conference management equipment performs hash value verification on the update confirmation message returned by each terminal, and determines whether each terminal completes the key updating operation according to a verification result. The key encryption key is effectively managed, so that each terminal can update the key encryption key in time, the audio and video encryption key can be better protected, and the security of the multimedia conference is improved.
In an embodiment of the application, the key update message and the update confirmation message both carry related information of a secure interaction mechanism version, so that the conference management device and each terminal interact based on the same secure interaction mechanism version.
In the embodiment of the present disclosure, the key update message sent by the conference management device to each terminal and the update confirmation message returned by each terminal to the conference management device may carry related information of the secure interaction mechanism version, such as support information, response information, and the like. Based on the relevant information of the security interaction mechanism version carried in the conference management system, the security interaction mechanism version to be used currently can be determined, so that each terminal and the conference management equipment can interact based on the same security interaction version, and the problems of misjudgment and the like of key management caused by different security interaction versions are avoided.
In an embodiment of the present application, the key update message carries certificate related information, and after receiving an update confirmation message returned by each terminal, the method may further include the following steps:
and if the update confirmation message carries the certificate of the corresponding terminal, locally storing the corresponding certificate.
In this embodiment of the present application, the key update message sent by the conference management device to each terminal may carry certificate related information. After each terminal receives the key updating message, the certificate related information carried in the key updating message can be obtained. If the related information of the certificate includes the marking information of the certificate to be transferred, the corresponding certificate can be carried in the returned update confirmation message. Or, if the terminal certificate serial number included in the certificate related information is different from the actual certificate serial number of the terminal certificate, it indicates that the certificate of the terminal may have an update, and the returned update confirmation message may carry the certificate of the terminal. So that the conference management device determines the validity of the corresponding terminal based on the certificate of the terminal carried in the update confirmation message.
If the update confirmation message carries the certificate of the corresponding terminal, the conference management device may store the corresponding certificate locally. And the certificate can be directly used when needed subsequently, otherwise, the certificate data volume is large, and the online transmission always consumes more network resources.
In one embodiment of the present application, the method may further comprise the steps of:
the method comprises the following steps: receiving a key inquiry request sent by any terminal entering a meeting, wherein the key inquiry request carries a ciphertext obtained by encrypting the identifier of the current terminal and the version of a key encryption key by using the network key of the current terminal;
step two: decrypting the ciphertext in the key inquiry request by using the network key of the current terminal to obtain the identifier of the current terminal and the key encryption key version;
step three: determining a key encryption key corresponding to the key encryption key version;
step four: and returning a key response message to the current terminal, wherein the key response message carries a cipher text obtained by encrypting the identifier of the current terminal, the identifier of the conference management equipment, the version of the key encryption key and the corresponding key encryption key by using the network key of the current terminal, so that the current terminal analyzes the key response message to obtain the corresponding key encryption key.
For convenience of description, the above steps are combined for illustration.
After the terminal is added into the multimedia conference, the terminal always has the transmission requirement of audio and video, the terminal for sending the audio and video can be called as a sending terminal, and the terminal for receiving the audio and video can be called as a receiving terminal. After determining an audio/video code stream to be sent, a sending end can use a pre-generated audio/video encryption key to encrypt an audio/video frame in the audio/video code stream to obtain an audio/video ciphertext frame, and under the condition that the audio/video encryption key or the key encryption key is updated, security information is spliced in the audio/video ciphertext frame, wherein the security information comprises a ciphertext and a key encryption key version which are obtained by using the pre-obtained key encryption key to encrypt the audio/video encryption key, and audio/video data are constructed based on the audio/video ciphertext frame and are sent to a receiving end. After the receiving end obtains the audio and video data, under the condition that the security information exists in the audio and video data, a key encryption key to be started is obtained according to the key encryption key version in the security information, a ciphertext in the security information is decrypted by using the key encryption key to obtain the audio and video encryption key, an audio and video ciphertext frame in the audio and video data is decrypted by using the audio and video encryption key to obtain and output an audio and video code stream.
Specifically, the receiving end may determine whether the key encryption key to be enabled exists locally according to the key encryption key version in the security information.
If the version of the locally stored key encryption key is consistent with the version of the key encryption key in the security information, the fact that the key encryption key to be started exists locally is indicated, and the key encryption key can be used for decrypting the ciphertext in the security information to obtain the audio and video encryption key.
If the key encryption key to be enabled does not exist locally, the key encryption key can be obtained through inquiry of the conference management equipment.
In the embodiment of the disclosure, the receiving end may encrypt the identifier of the receiving end and the version of the key encryption key by using the network key of the receiving end to obtain a corresponding ciphertext under the condition that it is determined that the key encryption key to be enabled does not exist locally, and the ciphertext is carried in the key query request sent to the conference management device. The key encryption key version here is a key encryption key version contained in the security information. The receiving end may be any terminal that enters a meeting and may be referred to as a current terminal.
After the conference management equipment receives the key inquiry request, because the conference management equipment has the network key of the current terminal, the network key of the current terminal can be used for decrypting the ciphertext carried in the key inquiry request to obtain the identifier of the current terminal and the version of the key encryption key. The conference management device can determine a corresponding key encryption key according to the key encryption key version, encrypt the identifier of the current terminal, the identifier of the conference management device, the key encryption key version and the key encryption key by using the network key of the current terminal to obtain a corresponding ciphertext, and the ciphertext can be carried in a key response message returned to the current terminal.
After receiving the key response message returned by the conference management device, the current terminal can analyze the key response message to obtain a key encryption key. Specifically, the network key of the current terminal may be used to decrypt the ciphertext carried in the key response message, so as to obtain the identifier of the current terminal, the identifier of the conference management device, the key encryption key version, and the key encryption key.
The information such as the identification of the current terminal, the version of the key encryption key and the like carried in the key inquiry request and the key response message can be compared to carry out the message validity authentication.
After the key encryption key to be started is obtained, the cipher text in the security information can be decrypted by using the key encryption key to obtain the audio and video encryption key, and further, the protected audio and video data can be decrypted by using the audio and video encryption key.
Corresponding to the above method embodiment, the present application further provides a multimedia conference key management device, which is applied to a conference management device, and the below-described multimedia conference key management device and the above-described multimedia conference key management method may be referred to in correspondence.
Referring to fig. 2, the apparatus may include the following modules:
a new key obtaining module 210, configured to obtain a new key encryption key when a key update trigger condition is met;
a key update message sending module 220, configured to send a key update message to each terminal entering the meeting, where the key update message carries a ciphertext obtained by encrypting the identifier of the conference management device, the version of the new key encryption key, and the new key encryption key using the network key corresponding to each terminal, so that each terminal returns an update confirmation message after obtaining the identifier of the conference management device and the version of the new key encryption key, and the update confirmation message carries a hash value obtained by performing hash operation on the identifier of each terminal, the identifier of the conference management device, and the version of the new key encryption key using the network key corresponding to each terminal;
a hash check module 230, configured to perform hash value check on the update confirmation message returned by each terminal;
and an update operation determining module 240, configured to determine whether each terminal completes a key update operation according to the check result.
By applying the device provided by the embodiment of the application, when the conference management equipment reaches the key updating triggering condition, obtaining a new key encryption key, sending a key updating message to each terminal entering the meeting, wherein the key updating message carries a cipher text obtained by encrypting the identification of the conference management equipment, the version of the new key encryption key and the new key encryption key by using the network key corresponding to each terminal, and the conference management equipment performs hash value verification on the update confirmation message returned by each terminal, and determines whether each terminal completes the key updating operation according to a verification result. The key encryption key is effectively managed, so that each terminal can update the key encryption key in time, the audio and video encryption key can be better protected, and the security of the multimedia conference is improved.
In a specific embodiment of the present application, the method further includes a retransmission control module, configured to:
and for each terminal entering the meeting, if the current terminal is determined not to finish the key updating operation, the key updating message is sent to the current terminal again.
In a specific embodiment of the present application, the system further includes a service prohibition module, configured to:
and under the condition that the current terminal is determined to not finish the key updating operation for N times continuously, the current terminal is forbidden to participate in the conference service, wherein N is a positive integer.
In a specific embodiment of the present application, the key update message and the update confirmation message both carry related information of a secure interaction mechanism version, so that the conference management device and each terminal interact based on the same secure interaction mechanism version.
In a specific embodiment of the present application, the key update message carries information related to a certificate, and the apparatus further includes a certificate storage module, configured to:
after receiving the update confirmation messages returned by the terminals, if the update confirmation messages carry the certificates of the corresponding terminals, the corresponding certificates are locally stored.
In one embodiment of the present application, the new key obtaining module 210 is configured to:
and applying for obtaining a new key encryption key from the key management device.
In a specific embodiment of the present application, the system further includes a key query feedback module, configured to:
receiving a key inquiry request sent by any terminal entering a meeting, wherein the key inquiry request carries a ciphertext obtained by encrypting the identifier of the current terminal and the version of a key encryption key by using the network key of the current terminal;
decrypting the ciphertext in the key inquiry request by using the network key of the current terminal to obtain the identifier of the current terminal and the key encryption key version;
determining a key encryption key corresponding to the key encryption key version;
and returning a key response message to the current terminal, wherein the key response message carries a cipher text obtained by encrypting the identifier of the current terminal, the identifier of the conference management equipment, the version of the key encryption key and the corresponding key encryption key by using the network key of the current terminal, so that the current terminal analyzes the key response message to obtain the corresponding key encryption key.
Corresponding to the above method embodiment, this disclosed embodiment also provides a multimedia conference key management device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the multimedia conference key management method when executing the computer program.
Referring to fig. 3, a block diagram of a multimedia conference key management device 300 is shown in accordance with an exemplary embodiment. For example, the multimedia conference key management apparatus 300 may be provided as a server. Referring to fig. 3, the multimedia conference key management device 300 includes a processor 310, which may be one or more in number, and a memory 320 for storing a computer program executable by the processor 310. The computer program stored in memory 320 may include one or more modules that each correspond to a set of instructions. Further, the processor 310 may be configured to execute the computer program to perform the multimedia conference key management method described above.
In addition, the multimedia conference key management device 300 may further include a power component 330 and a communication component 340, the power component 330 may be configured to perform power management of the multimedia conference key management device 300, and the communication component 340 may be configured to enable communication, e.g., wired or wireless communication, of the multimedia conference key management device 300. In addition, the multimedia conference key management device 300 may further include an input/output (I/O) interface 350. The multimedia conference key management device 300 may operate based on an operating system stored in memory 320, such as Windows Server, Mac OS XTM, UnixTM, Linux, etc.
Corresponding to the above method embodiments, the present disclosure also provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the multimedia conference key management method described above. For example, the computer readable storage medium may be the above-mentioned memory 320 comprising program instructions that are executable by the processor 310 of the multimedia conference key management device 300 to perform the above-mentioned multimedia conference key management method.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure. For example, the information carried in the message may be changed to the separately transmitted information.
It should be noted that, without being contradicted, the specific technical features described in the foregoing specific embodiments may be combined in any suitable manner, for example, the network access authentication request message simultaneously carries information such as an identifier of the first terminal, a random number, and the like. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims (10)

1. A multimedia conference key management method is applied to a conference management device, and comprises the following steps:
when a key updating triggering condition is met, a new key encryption key is obtained;
sending a key updating message to each terminal entering the meeting, wherein the key updating message carries a ciphertext obtained by encrypting the identification of the conference management equipment, the version of the new key encryption key and the new key encryption key by using a network key corresponding to each terminal, so that each terminal returns an updating confirmation message after obtaining the identification of the conference management equipment and the version of the new key encryption key, and the updating confirmation message carries a hash value obtained by performing hash operation on the identification of each terminal, the identification of the conference management equipment and the version of the new key encryption key by using the network key corresponding to each terminal;
carrying out hash value verification on the update confirmation messages returned by each terminal;
and determining whether each terminal completes the key updating operation or not according to the verification result.
2. The method of claim 1, further comprising:
and for each terminal entering the meeting, if the current terminal is determined not to finish the key updating operation, the key updating message is sent to the current terminal again.
3. The method of claim 2, further comprising:
and if the current terminal is determined not to finish the key updating operation for N times, the current terminal is prohibited from participating in the conference service, and N is a positive integer.
4. The method according to claim 1, wherein the key update message and the update confirmation message both carry information related to a secure interaction mechanism version, so that the conference management device and each terminal interact based on the same secure interaction mechanism version.
5. The method according to claim 1, wherein the key update message carries certificate related information, and after receiving an update confirmation message returned by each terminal, the method further comprises:
and if the update confirmation message carries the certificate of the corresponding terminal, locally storing the corresponding certificate.
6. The method of claim 1, wherein obtaining a new key encryption key comprises:
and applying for obtaining a new key encryption key from the key management device.
7. The method of any one of claims 1 to 6, further comprising:
receiving a key inquiry request sent by any terminal entering a meeting, wherein the key inquiry request carries a ciphertext obtained by encrypting the identifier of the current terminal and the version of a key encryption key by using the network key of the current terminal;
decrypting the ciphertext in the key inquiry request by using the network key of the current terminal to obtain the identifier of the current terminal and the version of the key encryption key;
determining a key encryption key corresponding to the key encryption key version;
and returning a key response message to the current terminal, wherein the key response message carries a cipher text obtained by encrypting the identifier of the current terminal, the identifier of the conference management equipment, the version of the key encryption key and a corresponding key encryption key by using the network key of the current terminal, so that the current terminal analyzes the key response message to obtain the corresponding key encryption key.
8. A multimedia conference key management apparatus applied to a conference management device, the apparatus comprising:
the new key obtaining module is used for obtaining a new key encryption key when a key updating triggering condition is met;
a key update message sending module, configured to send a key update message to each terminal entering a meeting, where the key update message carries a ciphertext obtained by encrypting the identifier of the conference management device, the version of the new key encryption key, and the new key encryption key using a network key corresponding to each terminal, so that each terminal returns an update confirmation message after obtaining the identifier of the conference management device and the version of the new key encryption key, and the update confirmation message carries a hash value obtained by performing a hash operation on the identifier of each terminal, the identifier of the conference management device, and the version of the new key encryption key using the network key corresponding to each terminal;
the hash check module is used for carrying out hash value check on the update confirmation messages returned by the terminals;
and the updating operation determining module is used for determining whether each terminal completes the key updating operation according to the verification result.
9. A multimedia conference key management device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the multimedia conference key management method according to any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the multimedia conference key management method according to any one of claims 1 to 7.
CN202111023471.0A 2021-08-31 2021-08-31 Multimedia conference key management method, device, equipment and storage medium Pending CN113656822A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111023471.0A CN113656822A (en) 2021-08-31 2021-08-31 Multimedia conference key management method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111023471.0A CN113656822A (en) 2021-08-31 2021-08-31 Multimedia conference key management method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113656822A true CN113656822A (en) 2021-11-16

Family

ID=78482702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111023471.0A Pending CN113656822A (en) 2021-08-31 2021-08-31 Multimedia conference key management method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113656822A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997677A (en) * 2009-08-18 2011-03-30 中兴通讯股份有限公司 Management method and device for conference media stream key in IP multimedia subsystem
CN106453269A (en) * 2016-09-21 2017-02-22 东软集团股份有限公司 Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system
CN112235608A (en) * 2020-12-11 2021-01-15 视联动力信息技术股份有限公司 Data encryption transmission method, device and medium based on video network
CN113170291A (en) * 2021-03-09 2021-07-23 华为技术有限公司 Method and apparatus for secure communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997677A (en) * 2009-08-18 2011-03-30 中兴通讯股份有限公司 Management method and device for conference media stream key in IP multimedia subsystem
CN106453269A (en) * 2016-09-21 2017-02-22 东软集团股份有限公司 Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system
CN112235608A (en) * 2020-12-11 2021-01-15 视联动力信息技术股份有限公司 Data encryption transmission method, device and medium based on video network
CN113170291A (en) * 2021-03-09 2021-07-23 华为技术有限公司 Method and apparatus for secure communication

Similar Documents

Publication Publication Date Title
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
KR100827650B1 (en) Methods for authenticating potential members invited to join a group
CN114788226B (en) Unmanaged tool for building decentralized computer applications
CN110311787B (en) Authorization management method, system, device and computer readable storage medium
CN104412273A (en) Method and system for activation
CN110932850B (en) Communication encryption method and system
KR20180101870A (en) Method and system for data sharing using attribute-based encryption in cloud computing
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN113422679A (en) Key generation method, device and system, encryption method, electronic device and computer-readable storage medium
CN111654503A (en) Remote control method, device, equipment and storage medium
CN113472722A (en) Data transmission method, storage medium, electronic device and automatic ticket selling and checking system
US20240064143A1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN113727059B (en) Network access authentication method, device and equipment for multimedia conference terminal and storage medium
CN114158046B (en) Method and device for realizing one-key login service
US11658955B1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
US11743035B2 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
CN116055141A (en) Data security transmission method, system, device and storage medium
CN116204914A (en) Trusted privacy computing method, device, equipment and storage medium
CN112235320B (en) Cipher-based video networking multicast communication method and device
CN113660285A (en) Multimedia conference on-line terminal control method, device, equipment and storage medium
CN115459918A (en) Identity authentication method and device
CN111541642B (en) Bluetooth encryption communication method and device based on dynamic secret key
CN107682380A (en) A kind of method and device of cross-certification
CN114417309A (en) Bidirectional identity authentication method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211116

RJ01 Rejection of invention patent application after publication