CN114650275A - Method and device for detecting media data - Google Patents

Method and device for detecting media data Download PDF

Info

Publication number
CN114650275A
CN114650275A CN202011620230.XA CN202011620230A CN114650275A CN 114650275 A CN114650275 A CN 114650275A CN 202011620230 A CN202011620230 A CN 202011620230A CN 114650275 A CN114650275 A CN 114650275A
Authority
CN
China
Prior art keywords
terminal
information
media data
media
media server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011620230.XA
Other languages
Chinese (zh)
Inventor
廖涛
耿峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Cloud Computing Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Cloud Computing Technologies Co Ltd filed Critical Huawei Cloud Computing Technologies Co Ltd
Priority to PCT/CN2021/139416 priority Critical patent/WO2022135308A1/en
Publication of CN114650275A publication Critical patent/CN114650275A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/10Multimedia information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/647Control signaling between network components and server or clients; Network processes for video distribution between server and clients, e.g. controlling the quality of the video stream, by dropping packets, protecting content from unauthorised alteration within the network, monitoring of network load, bridging between two different networks, e.g. between IP and wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/647Control signaling between network components and server or clients; Network processes for video distribution between server and clients, e.g. controlling the quality of the video stream, by dropping packets, protecting content from unauthorised alteration within the network, monitoring of network load, bridging between two different networks, e.g. between IP and wireless
    • H04N21/64715Protecting content from unauthorized alteration within the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8358Generation of protective data, e.g. certificates involving watermark

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method and a device for detecting media data, which relate to the field of conference communication, and the method comprises the following steps: the detection device receives the media data sent by the first terminal, and then judges whether the action of sending the media data by the first terminal is legal or not according to the first characteristic information carried in the media data. The method can not only determine the user identity of the leaked media data, but also intercept the illegally sent media data in real time, thereby reducing the risk of information leakage.

Description

Method and device for detecting media data
Technical Field
The present application relates to the field of conference communication, and in particular, to a method and an apparatus for detecting media data.
Background
With the advancement of technology, video/voice conferencing has become a new trend in modern offices. However, the content of part of the network conference belongs to sensitive information, and therefore, information security management and control of the conference is a very critical link.
In order to reduce the possibility of information leakage, terminal devices accessing a conference and corresponding participants are generally authenticated, but such a method cannot guarantee that authorized participants illegally leak conference contents. For example, the participant can restart a new conference on the computer and share the interface of the current confidential conference for other users to watch. In such a case, the disclosure of confidential information by participants will have unpredictable consequences. Therefore, an information security management scheme is needed to monitor the illegal disclosure of confidential information by users.
Disclosure of Invention
The application provides a method and a device for detecting media data, which are used for detecting characteristic information in the media data through detection equipment so as to identify whether behaviors of illegally sending the media data exist or not and reduce risks of information leakage.
In a first aspect, the present application provides a method for detecting media data, where a detection device receives first media data sent by a first terminal, where the first media data includes first feature information, and then the detection device determines, according to the first feature information, whether a behavior of sending the first media data by the first terminal is legal or not. The first characteristic information may be a watermark identification or any other information that can be added or obtained by encoding and decoding the media data. The media data may be audio data or video data.
In the method, the detection equipment verifies whether the behavior of the first terminal for sending the first media data is legal or not through the first characteristic information included in the media data, the method can detect the behavior of information leakage in real time, and can intercept the illegally sent media data in real time when the behavior of illegal sending is found, so that the risk of information leakage is reduced.
In a possible implementation manner, the first media data sent by the first terminal is sent to the first terminal by the second terminal through the first media server.
In the implementation manner, when the first terminal sends the media data to the second terminal, the media data is processed and forwarded by the first media server, and the first media server provides conference media resources for the first terminal and the second terminal, so that the stability of communication between the first terminal and the second terminal is improved.
In another possible implementation, the first feature information is added by the first media server.
In the foregoing implementation manner, the first media server may receive the first feature information distributed by the conference scheduling server, or the first media server may generate the first feature information by itself. Then, the first media server adds the first characteristic information to the first media data, so that the subsequent detection device can judge whether the first media data sent by the first terminal is legal or not according to the first characteristic information.
In another possible implementation, the first characteristic information is added by the second terminal.
In the foregoing implementation manner, the second terminal may receive the first feature information distributed by the conference scheduling server, or the second terminal may receive the first feature information distributed by the conference scheduling server and forwarded by the first media server, or the second terminal may generate the first feature information by itself. Then the second terminal adds the first characteristic information to the first media data, so that the subsequent detection device can judge whether the behavior of the first terminal for sending the first media data is legal or not according to the first characteristic information.
In another possible implementation, the first characteristic information further includes a confidentiality rating indicating a range in which the first media source data can be disclosed. For example, the confidentiality rating may be internally disclosed.
In another possible implementation, the first characteristic information includes legitimate sender information and/or legitimate recipient information.
In the foregoing implementation manner, the valid sender/receiver information may refer to user information of a valid sender/receiver, such as a user account, a user mobile phone number, and the like. Alternatively, the legitimate sender/receiver information may also refer to terminal information used by the legitimate sender/receiver, such as a terminal device identification. Alternatively, the legitimate sender information may refer to a source address or a source port of the sending data, and the legitimate receiver information may refer to a destination address or a destination port of the sending data. In this implementation manner, the detection efficiency is improved and the probability of false detection is reduced by adding the legitimate sender/receiver information to the first feature information.
In another possible implementation manner, the legal recipient information includes first terminal information, and the legal sender information includes second terminal information or first media server information.
In the foregoing implementation manner, the first terminal is a legal receiver when receiving the media data from the second terminal, and therefore, the legal receiver information may include the first terminal information, where the first terminal information may include an ip (internet protocol) address or a mac (media Access control) address of the first terminal, and may further include user information corresponding to the first terminal. The second terminal information may also be an IP address or a MAC address of the second terminal, and may also include user information corresponding to the second terminal. The first media server information may also be an IP address or a MAC address of the first media server.
In another possible implementation manner, the legitimate sender information includes information of a first media server, and when the detection device determines that the first terminal sends the first media data illegally according to the first feature information, the detection device sends first warning information to the first media server according to the first feature information.
In the above implementation manner, the detection device may obtain the first media server information from the legitimate sender information, and when it is determined that the behavior of the first terminal sending the first media data is abnormal, an alarm is given to the first media server, so as to improve the security of data communication.
In another possible implementation manner, the first feature information includes legal sender information and legal receiver information, where the legal sender information includes first media server information, and when the detection device determines that the first media data sent by the first terminal is illegal according to the first feature information, the detection device sends second warning information to the first media server according to the first feature information, where the second warning information is used to indicate that the first terminal is an abnormal terminal.
In the above implementation manner, the detection device may directly determine the illegal terminal of the first terminal according to the first feature information, and notify the first media server that the first terminal is abnormal. That is, it can be determined which terminal has information leakage risk in the current data communication according to the first characteristic information, and further, the relevant information of the leakage person can be determined.
In another possible implementation manner, the first feature information includes legal sender information and legal receiver information, the legal sender information includes first media server information, and when the detection device determines that the first media data sent by the first terminal is illegal according to the first feature information, the detection device instructs the first media server to stop sending the second media data to the first terminal according to the first feature information.
In the above implementation manner, the detection device may directly determine that the first terminal has an abnormality according to the first feature information, and notify the first media server to stop sending the media data to the first terminal. The method can ensure that the abnormal terminal does not acquire new media data any more, and reduce the risk of information leakage from the source.
In another possible implementation manner, the detection device does not directly send the alarm information to the first media server, but sends the alarm information to the conference scheduling server first, and then the conference scheduling server notifies the first media server that the risk of information leakage exists currently.
In another possible implementation manner, the detection device receives first media data sent by the first terminal to the third terminal, and the third terminal and the first terminal communicate through the detection device.
In the implementation mode, the first media data is transmitted to the third terminal by the first terminal through the detection device, so that the first media data can be detected by the detection device, real-time interception can be performed when illegal transmission behaviors are found, and loss caused by information leakage is reduced.
In another possible implementation, the detection device may be a first media server, or the detection device may be a second media server different from the first media server, or the detection device may be a media proxy gateway. Alternatively still, the detection device may be a border firewall.
In another possible implementation manner, the first media data is generated by the first terminal according to third media data received by the fourth terminal, and the third media data includes the first feature information.
In the implementation manner, the fourth terminal is a legal conference receiving terminal, the received third media data includes the first feature information, and then when the first terminal reveals the information received by the fourth terminal through various ways, the detection device can identify the illegal sending behavior according to the first feature information included in the first media data, and then intercept the behavior in real time, so as to reduce the risk of information disclosure.
In another possible implementation, the first media data includes a digital signature that is used to determine that the first media data has not been tampered with. The security of a transmission channel in the whole communication system can be ensured by adding the digital signature in the transmitted data
In the method described above, the feature information is added to the media data so that the detection device can detect the validity of data transmission according to the feature information, and when an illegal transmission behavior occurs, the data can be cut off in real time, so that the loss caused by information leakage is reduced to the minimum. On the other hand, the identity of the leakage person can be determined according to the characteristic information, and the source of information leakage can be tracked on the basis of real-time truncation of illegally sent data.
In a second aspect, the present application provides an apparatus for detecting media data, where the apparatus includes modules configured to perform the media data communication detection method in the first aspect or any one of the possible implementations of the first aspect.
In a third aspect, the present application provides an apparatus for detecting media data, where the apparatus includes a processor, a memory, a communication interface, and a bus, where the processor, the memory, and the communication interface are connected by the bus and complete communication therebetween, where the memory is used to store computer execution instructions, and when the apparatus runs, the processor executes the computer execution instructions in the memory to perform the method in the first aspect or any possible implementation manner of the first aspect by using hardware resources in the apparatus.
In a fourth aspect, the present application provides a computer-readable storage medium storing program instructions that, when executed on a computer, cause the computer to perform the method provided in the foregoing first aspect or any possible implementation manner of the first aspect. The storage medium includes, but is not limited to, volatile memory such as random access memory, and non-volatile memory such as flash memory, Hard Disk Drive (HDD), and Solid State Drive (SSD).
In a fifth aspect, the present application provides a computer program product comprising program instructions for causing a computer to perform the method according to the first aspect and any one of the possible implementation manners of the first aspect when the program instructions are run on the computer.
The present application can further combine to provide more implementations on the basis of the implementations provided by the above aspects.
Drawings
Fig. 1 is a schematic diagram of an application system architecture provided in the present embodiment.
Fig. 2 is a schematic diagram of another application system architecture provided in the embodiment of the present application.
Fig. 3 is a schematic diagram of another application system architecture according to an embodiment of the present application.
Fig. 4 is an overall flowchart of a method for detecting media data according to an embodiment of the present disclosure.
Fig. 5 is a flowchart of a method for detecting media data according to an embodiment of the present disclosure.
Fig. 6 is a flowchart of another method for detecting media data according to an embodiment of the present disclosure.
Fig. 7 is a schematic diagram of an apparatus for detecting media data according to an embodiment of the present application.
Fig. 8 is a schematic diagram of an apparatus for detecting media data according to an embodiment of the present application.
Detailed Description
The application provides a method, a device and a system for detecting media data. The behavior of illegally leaking information is identified by detecting characteristic information in the media data.
To enhance the readability of the present application, the terms appearing in the present application will first be explained.
Characteristic information: in the embodiment provided by the application, the characteristic information is added to the media data by the media server or the terminal, and plays a role in identifying the media data. The characteristic information may be a watermark identification or any other information that can be added or retrieved by encoding and decoding the media data. The robustness of the characteristic information can enable the illegally sent media data to still comprise the characteristic information, and then the detection equipment can determine the legality of the data sending behavior according to the characteristic information. The characteristic information may include user information, source address/port of data transmission, destination address/port of data transmission, and confidentiality level, etc. Wherein the confidentiality rating represents a range in which the media data can be disclosed, for example, when the confidentiality rating is "2", it represents that the media data can be disclosed internally. In the following specific embodiment, for convenience of description, the "feature information" is replaced with the "watermark identification".
The media server: the media server mainly performs operations such as encoding and decoding processing, mixing or forwarding and the like on the audio and video code stream. For example, a Multimedia Control Unit (MCU). The media server can be deployed at the cloud or at the local computer room. In one possible implementation, the media server is configured to add a watermark to the received media data. In another possible implementation manner, the media server further includes a detection module, configured to detect whether the media data includes a watermark and a specific content of the watermark.
The conference scheduling server: has the function of resource scheduling. When the terminal sends a conference request to the conference scheduling server, the conference scheduling server allocates a media server to each conference according to the requirements of the terminal and the capacity of each media server. In a possible implementation manner, the conference scheduling server and a certain media server are the same server, that is, the media server has a conference scheduling function. The conference scheduling server stores information of each conference, such as addresses of participating terminals in each conference, user information of participants, and the like.
Digital Watermark (Digital Watermark): it is meant that specific information is embedded in a digital signal, which may be audio, picture, or video. The digital watermark has strong robustness, and if a section of video with the digital watermark is copied, the same digital watermark can be detected in the copy video. Digital watermarks can be classified into a visible watermark (visible watermark) and a hidden watermark, in which information contained in the visible watermark can be seen when a picture or a video is viewed. The hidden watermark is added to audio, picture or video in the form of digital data, but cannot be seen in normal conditions. One of the important applications of hidden watermarks is to protect copyright, whereby unauthorized copying and copying of digital media is expected to be avoided or prevented. In the embodiment of the present application, the digital watermark is one of the feature information.
Conference receiving/transmitting end: in each teleconference, there is one conference sending end and one conference receiving end. Illustratively, in a video conference, a conference sending end is a terminal owned by a conference speaker, and is assumed to be a terminal for picture sharing; the conference receiving end is a terminal owned by conference participants, and the participants watch the picture shared by the speaker through respective terminals. In the following embodiments, the "conference receiver" and the "conference sender" are replaced with the "receiver" and the "sender", respectively. It should be noted that, in the embodiments provided in the present application, both the receiving end and the sending end refer to the receiving end and the sending end of the initial conference (confidential conference).
The legitimate sender is a sender who has the authority to send confidential media data. Legitimate sender information: in the embodiments provided in the present application, the legal sender information may include information of a sender of the conference or information of a media server involved in the conference. When the legal sender information includes information of a conference sending end, device information, a network address (IP address or MAC address) or personal information of the user 1, such as an account name, a mobile phone number, a job number, etc., corresponding to the terminal 1 in the following embodiments one, two, three, and four; when the legal sender information includes information of the media server, the network address corresponding to the media server 1 in the first embodiment, or the address corresponding to the media server 21 in the second embodiment, and so on, are not described herein again.
The legal receiver: refers to a recipient that has the authority to receive confidential media data. Legal recipient information: in the embodiment provided by the application, the information of the legal receiver is the information of the conference receiving end. The device information, the network address (IP address or MAC address) or the personal information of the user 2, such as account name, mobile phone number, job number, etc., corresponding to the terminal 2 in the following embodiments one, two, three, and four.
Media session information: in embodiments provided herein, the media session information may include one or more of a source address, a source port, a destination address, a destination port, etc. of the media data transfer. The port may be a tcp (transmission Control protocol) port or a udp (user data program) port, and the address may be an IP address or a MAC address. In addition, the media Session information may further include a Session ID (Session Identification Session ID). In a conference, it is assumed that a conference sending end and a conference receiving end perform conference communication through the media server 1, and the conference media server records Session IDs corresponding to two media sessions, namely, the sending end and the media server 1, and the media server 1 and the receiving end, respectively.
Safe networking: a network environment that can govern user behavior. The network environment comprises a plurality of terminals or network elements, and the media data transmission of the terminals and the network elements in networking are all in a monitoring range. In an embodiment provided by the present application, a secure networking includes a plurality of terminals and at least one media server. In a possible implementation manner, a boundary firewall or a general firewall is further configured at the boundary of the secure networking for intercepting illegally forwarded media data. In another possible implementation, a media proxy gateway is also deployed within or on the boundary of the security group. When the media proxy gateway is deployed at the boundary of the security networking, the media proxy gateway has the same function as a boundary firewall and is used for monitoring media data flowing out of the security networking; when deployed within a security group network, a media proxy gateway is used to monitor media data transmitted within the security group network.
With the rapid development of the era, video/voice conferences become an important part of the current office scene. However, the content involved in part of the conference is confidential information, and the illegal disclosure will have unpredictable results. In general, in order to ensure the information security of the conference, the conference system adds a visible watermark related to the personal information of the conference receiver to the media data, which may play a role of deterrence, and may subsequently trace the identity of the divulger according to the visible watermark. However, this approach has limited effectiveness because it does not prevent the real-time disclosure of information for aftertracking.
The application provides a method for detecting media data, which verifies the validity of media data transmission by arranging a detection module in the media data transmission process. The method for detecting the media data can intercept illegally transmitted media data in real time, and reduces the risk of information leakage.
An architecture diagram of an application system provided by the embodiment of the present application is introduced with reference to fig. 1. The system architecture is mainly divided into two network environments, one is in a security networking, and the other is out of the security networking. The media data transmitted in the security group network and the media data flowing out of the security group network boundary are both in the control range. In the system architecture shown in fig. 1, the sending end and the receiving end are in the same security group network. For example, the sender and the receiver are in a security network of the same company.
The system architecture shown in fig. 1 includes a media server 1, a media server 2, a conference scheduling server, a conference sending end, a conference receiving end, a boundary firewall, a media proxy gateway, and an external media server. The sending end and the receiving end carry out conference communication, and the conference scheduling server distributes a media server 1 for the conference, and is used for processing and forwarding the media data in the conference. That is, the media server 1 is a media server used for a conference. The media server 2 is a random media server in the security group network, and does not participate in the conference communication between the sending end and the receiving end. The boundary firewall is positioned at the boundary of the security networking and can monitor the media data flowing from the inside of the networking to the outside of the networking. The external media server is outside the secure networking.
Based on the architecture shown in fig. 1, a sending end sends media data to a receiving end via a media server 1, and the receiving end performs illegal forwarding through various ways after receiving the media data, the behavior is monitored by the media servers 1 and 2 in a network or a firewall on a boundary, and the transmission of the media data is cut off in real time.
An architecture diagram of another application system provided by the embodiment of the present application is introduced with reference to fig. 2. The system architecture is mainly divided into three network environments, one is in a security networking 1, one is in a security networking 2, and the other is outside the security networking. That is, in the system architecture shown in fig. 2, the sending end and the receiving end are in two different security networks. For example, the sender is within company a's secure network 1 and the receiver is within company B's secure network 2.
The system architecture shown in fig. 2 includes a media server 11, a media server 21, a media server 22, a conference scheduling server, a border firewall 1, a border firewall 2, a conference receiving end, a conference sending end, a media proxy gateway, and an external media server. Still, the sending end and the receiving end perform conference communication, and the media servers allocated by the conference scheduling server for the conference are the media server 11 and the media server 21, so as to implement processing and forwarding of media data in the conference. The media server 22 is a random one of the media servers in the secure network 2 where the receiving end is located. The boundary firewalls 1 and 2 are respectively positioned on the boundary of the security networking 1 and 2 and are used for monitoring the media data flowing from the inside of the networking to the outside of the networking. The external media server is located outside the secure networking.
Based on the architecture shown in fig. 2, the sending end sends media data to the receiving end via the media server 11 and the media server 21, and passes through the boundary firewall 1 and the boundary firewall 2 in sequence on the way. The receiving end performs illegal forwarding after receiving the media data, the behavior is detected by the media server 21, the media server 22, the media proxy gateway or the border firewall 2 in the security networking 2, and the transmission of the media data is cut off in real time.
An architecture diagram of another application system provided by the embodiment of the present application is introduced with reference to fig. 3. The system architecture is mainly divided into two network environments, one is in a security networking, and the other is out of the security networking. In the architecture shown in fig. 3, the conference receiving end is located inside the security group network, and the conference sending end is located outside the security group network. For example, the sending end corresponds to a user working at home, while the receiving end is in the company's security network.
The system architecture shown in fig. 3 includes a conference scheduling server, a media server 3, a media server 4, a media server 5, an external media server, a boundary firewall, a conference sending end, and a conference receiving end. Still, the sending end and the receiving end perform conference communication, and the media servers allocated by the conference scheduling server for the conference are the media server 3 and the media server 4, so as to process and forward the media data in the conference. The media server 5 is a random media server in the secure network where the receiving end is located. The boundary firewall is positioned at the boundary of the security networking and is used for monitoring media data flowing from inside to outside of the networking.
Based on the architecture shown in fig. 3, the sending end sends media data to the receiving end via the media server 3 and the media server 4, and the boundary firewall is traversed on the way. After receiving the media data, the receiving end performs illegal forwarding in the networking, and the media server 4, the media server 5 or the media proxy gateway can detect the illegal action and implement a real-time truncation mechanism; the receiving end makes illegal transmission to the external media server, and the boundary firewall will detect the illegal action and implement real-time cut-off mechanism.
It should be noted that the number of media servers involved in the conference shown in the three system architectures provided in the embodiments of the present application is only for example. For example, in the system architecture shown in fig. 2, the conference sender may send media data to the media server 21 directly through the border firewall 1 without going through the media server 11. For another example, in the system architecture shown in fig. 3, the conference sender may send media data to the media server 4 directly through the border firewall without going through the media server 3.
In addition, the embodiment of the application does not limit the position of the conference scheduling server, that is, the conference scheduling server may be located in a security network of a receiving end, may also be located in a security network of a transmitting end, and may also be located outside the security network. In one possible implementation, the conference scheduling server and a media server are the same server.
The media server, the media proxy gateway and the border firewall in the three system architectures have the capability of identifying the watermark (the capability of the external media server is not specifically limited). For example, a watermark detection module may be included in the media server, which may typically be incorporated with a decoding module in the media server, for decoding the media stream data and extracting relevant features therefrom to identify watermark information in the media data. For another example, the media proxy gateway or the border firewall may install a watermark detection component, which may be understood as a software program, and the media proxy gateway or the border firewall may detect and identify the watermark in the media data by using the watermark detection component. Therefore, the media server, the media proxy gateway, and the border firewall can be used as the detection device in the embodiment of the present application.
It should be noted that the secure networking is only used to limit that the conference receiving end needs to pass through network elements such as a media server with detection capability, a media proxy gateway or a boundary firewall when information is leaked outside, and any scheme capable of achieving the same effect as the secure networking is within the protection scope of the present invention.
In the embodiments provided in the present application, the media data is added with a watermark, and then a network element (such as a media server, a border firewall, or a media proxy gateway, etc.) with watermark identification capability is used to determine the validity of the media data transmission. The method can monitor the behavior of illegally forwarding the confidential information, can cut off the leakage of the information in real time, and can determine the leakage person according to the information contained in the watermark.
The overall flow of the method for detecting media data provided by the embodiment of the present application is described below with reference to fig. 4. Suppose that terminal a and terminal B communicate through a media server, terminal a serves as a conference initiator, and terminal B serves as a conference receiver.
Step S41: the detection equipment receives media data sent by a terminal A, and the media data comprises characteristic information.
After receiving the media data legally sent by the terminal B through the media server, the terminal sends the received media data to other people through various ways, and the media data passes through the detection equipment in the process of sending the media data to other people. As described above, when the media data is leaked to a terminal in the web page, the detection device may be a media proxy gateway or a media server; when the media data is leaked to a terminal outside the networking, the detection device may be a boundary firewall.
In addition, the feature information in the media data may be added by the terminal a or the media server.
Step S42: the detection device determines whether the media data sent by the terminal B is legal.
The detection device can determine whether the behavior of terminal B to transmit the media data is legal or not according to the characteristic information contained in the media data. When it is determined that the behavior of the terminal B to transmit the media data is legal, step S45 is performed; when it is determined that the act of terminal B transmitting the media data is illegal, steps S43-44 are performed.
Step S43: the detection device intercepts the first media data.
When the behavior that the terminal B sends the media data is determined to be illegal, the detection device intercepts the media data at the first time, and stops forwarding the media data downwards or does not allow the media data to pass through.
Step S44: the detection equipment sends an alarm prompt to a conference scheduling server or a media server.
Step S45: when the detection device is a media server or a media proxy gateway, the media data is continuously forwarded downwards; when the detection device is a boundary firewall, the media data is allowed to pass through the boundary of the networking.
In the method, the detection equipment identifies whether the behavior of the terminal for sending the media data is legal or not by detecting the characteristic information in the media data, so that the data security of media communication is ensured, and the risk of information leakage is reduced.
In the embodiments provided in the present application, there are two main ways to add watermark identification (feature information): the following respectively describes specific implementation methods when the two methods are adopted.
The first embodiment is as follows: the terminal 1 and the terminal 2 perform conference communication, the terminal 1 serves as a conference sending end, the terminal 2 serves as a conference receiving end, a user corresponding to the terminal 1 is a user 1, and a user corresponding to the terminal 2 is a user 2. The terminal 1 is in the same security group network as the terminal 2 (refer to fig. 1), and the watermark identification is added by the media server. A specific method for detecting media data is described below with reference to fig. 5.
Step S51: the terminal 1 sends a conference request to the conference scheduling server, where the conference request carries addresses of the terminal 1 and the terminal 2, and the addresses may be MAC addresses or IP addresses. Optionally, the conference request further includes conference service content, for example, a voice conference or a video conference; or, the conference request further includes various information related to the conference, such as the conference time length. Optionally, the conference request further includes terminal 1 related information and terminal 2 related information, for example, device identifiers of the terminals 1 and 2, or user information corresponding to the terminals 1 and 2, such as conference account information, private information (e.g., a mobile phone number, a user name), and the like, which may indicate user identities.
Step S52: the conference scheduling server receives the conference request and allocates media resources for the conference. The conference scheduling server determines that the media server 1 provides service for the conference according to the conference request, that is, the media server 1 processes and forwards media data in the conference. In one implementation, the conference scheduling server records the addresses of the media server 1, the terminal 1, and the terminal 2 in a binding manner in a list, and assigns a conference identifier.
After determining the media server providing the service, the conference scheduling server sends the address of the media server 1 and the conference identity to the terminal 1 and the terminal 2, respectively. Meanwhile, the conference scheduling server also sends the conference identifier and the addresses of the terminal 2 and the terminal 1 to the media server 1. To this end, the terminal 1, the terminal 2, and the media server 1 establish a conference communication connection. The purpose of steps S51-S52 is mainly to allocate a media server for the conference and establish a connection channel between the sender and the receiver, and any other method capable of achieving the purpose may replace steps S51-S52.
Step S53: the conference scheduling server generates a terminal 2 watermark identification and sends it to the media server involved in the conference.
The conference scheduling server generates a terminal 2 watermark identification. In one implementation, the conference scheduling server generates a terminal 2 watermark identification based on terminal 2 related information (e.g., user information). In another implementation, the conference scheduling server generates a terminal 2 watermark identification based on the media session information. Wherein, the source address of the media session information indication data transmission is the address of the media server 1 or the address of the terminal 1; alternatively, the media session information indicates that the destination address of the data transmission is the address of the terminal 2. In another implementation, the conference scheduling server generates the receiving-end watermark identification based on the media session information and the terminal 2 related information (e.g., user information).
And the conference scheduling server sends the generated watermark identification of the terminal 2 to a media server related to the conference. In the embodiment provided by the application, the conference scheduling server sends the generated watermark identification of the terminal 2 to the media server 1.
Step S53': this step is an alternative to step S43, in which, unlike step S43, a watermark identification is generated by the media server involved in the conference. In the embodiments provided in the present application, it is the media server 1 that generated the watermark identification. And the watermark identification contains the same content as described in step S43.
Step S54: the terminal 1 transmits media data to the media server 1. Illustratively, the terminal 1 performs desktop sharing, the terminal 2 serves as a participant to watch a shared picture of the terminal 1, and the media server 1 serves as an intermediate processing and forwarding unit.
Step S55: after the media server 1 receives the media data sent by the terminal 1, the watermark identification of the terminal 2 is added to the media data.
Adding water to the media stream is imprinted in several ways: for example, the watermark is embedded by utilizing the interframe frequency transformation, and the method has good robustness, stability and imperceptibility; for another example, a method such as a dual-tree complex wavelet transform (DT CWT) is used to embed a geometrically invariant watermark, which can resist common watermark attacks. The embodiment of the present application does not specifically limit the way of embedding the watermark.
Step S56: the media server 1 sends the media data carrying the watermark identification of the terminal 2 to the terminal 2.
When the user 2 forwards the media data to other users in the networking, executing the steps S57-S59; when the user 2 forwards the media data to other users outside the network, steps S510 to S512 are performed.
Step S57: the user 2 reveals the received media data carrying the watermark identification of the terminal 2 to other users in the networking.
The user 2 may reveal the media data to other users in a number of ways. For example, the user 2 opens a new conference on the terminal 2, and shares the media data sent by the terminal 1 as a shared picture to the participants of the new conference for viewing, and because the robustness of the digital watermark is high, the watermark identifier added by the media server 1 is still detected in the media data of the new conference. In this leakage mode, the terminal that leaks information is the same terminal as the conference receiving terminal, that is, the terminal 2 uses the same terminal to leak the conference information after receiving the media data, as shown in fig. 5. In another possible implementation, the user 2 may also use other terminals besides the terminal 2 to reveal the conference information, which must be in the security group network. For example, the user 2 opens a new conference by using his/her mobile phone, and still shares the screen of the original conference to other people through the new conference. In such a case, the media data transmitted by the handset still has a digital watermark, which is subsequently identified and intercepted by the detection device.
Step S58: the media server 2 detects that the media data carries the watermark identification, confirms that the media data is abnormal in transmission and sends an alarm prompt to the conference scheduling server.
When the user 2 reveals the media data to other users in the intranet, the media data is forwarded through the media server. If the user 2 forwards the media data to other users in the intranet via the media server 2 when the media data is leaked, and the media server 2 detects that the watermark identification exists in the illegally transmitted media data when receiving the illegally transmitted media data, it is said that the media data is illegally transmitted. That is to say, in the embodiment of the present application, as long as the media server receives the media data containing the watermark identifier, it indicates that the transmission of the media data is illegal. When the media server 2 determines that the received media data is not legitimate, the media data will not be forwarded to any terminal.
In another possible implementation manner, in order to improve the accuracy of detecting the media data, the media server 2 may further determine whether the information included in the watermark identifier is correct after determining that the received media data includes the watermark identifier. In such an implementation, the terminal 2 watermark identification needs to include media session information. As described in step S43, the media session information in the watermark identifier of terminal 2 indicates that the source address of the media data is the address of the media server 1 or the address of terminal 1. Or the media session information indicates that the destination address of the media data is the address of terminal 2. When the media server 2 resolves the watermark identifier in the media data, and finds that the source address indicated by the watermark identifier (the address of the media server 1 or the address of the terminal 1) is different from the source address (the address of the terminal 2) currently sending the media data, the media server 2 may determine that there is an abnormality in the transmission of the media data. Of course, the media server may also determine the destination address (address of the terminal 2) in the watermark and the destination address (address of the media server 2) at which the media data is currently received, or may determine the destination address in combination with the source address.
When it is determined that the media data transmission behavior is abnormal, the media server 2 (detection device) may send an alarm prompt to the conference scheduling server. When the address of the media server 1 is included in the watermark identification, the media server 2 may send an alarm prompt directly to the media server 1. Further, when the watermark identifier further includes the related information of the terminal 2, the media server 2 may directly determine that the terminal 2 is an abnormal terminal, and then directly send an alarm prompt to the media server 1 to instruct the media server to stop sending the media data to the terminal 2.
It should be noted that in the embodiment provided in the present application, the conference only involves one media server (i.e. media server 1), but in a practical case, there may be two media servers in one conference. For example, the terminal 1 sequentially transmits media data to the terminal 2 via the media server a and the media server B, and the terminal 1, the terminal 2, the media server a, and the media server B are in the same security group network. In such a case, the media server (media server B) near the receiving end can mark the media data with the watermark identification related to the receiving end information. The terminal 2 forwards the media data sent by the terminal 1 to other users, and as long as the media server in the security group network detects that the received media data contains the watermark identifier, it can indicate that the transmission of the media data is abnormal, or further determine according to the watermark content. In summary, the number of media servers involved in a conference is not particularly limited.
Step S59: the conference scheduling server sends a notification to the media server 1 instructing it to stop sending media data from terminal 1 to terminal 2.
When the watermark identifier further includes the relevant information of the terminal 2, the alarm prompt sent by the media server 2 to the conference scheduling server may carry the relevant information of the terminal 2 to indicate that the terminal is an abnormal terminal. And the conference scheduling server may confirm that the terminal 2 belongs to an abnormal terminal according to the alarm prompt, and immediately send indication information to the media server 1 to indicate that the conference scheduling server stops forwarding the media data from the terminal 1 to the terminal 2.
Step S510: the user 2 reveals the received media data carrying the watermark identification of the terminal 2 to other users outside the network.
As described in step S57, user 2 has multiple possible leakage paths: for example, the user 2 opens a new conference on the terminal 2, and shares the transmitted media data of the terminal 1 as a shared screen to the participants of the new conference for viewing (as shown in fig. 4). Due to the high robustness of digital watermarking, watermark identification is still detected in the media data of a new conference. In another possible implementation, the user 2 may employ other terminals than the terminal 2 to reveal information to users within the network. For example, a new conference is started by using a mobile phone of the user, and the conference screen with the terminal 1 is shared with the participants of the new conference. The media data sent by the mobile phone still comprises the watermark identification of the terminal 2, and the watermark identification can be subsequently identified by the detection equipment and intercepted in real time.
Step S511: when the terminal 2 sends the media data to the outside, the boundary firewall detects that the media data contains the watermark identification, and determines that the transmission of the media data is abnormal.
When the media server 1 sends the media data to the terminal 2, the watermark identifier of the terminal 2 is marked, and when the terminal 2 is illegally forwarded outwards again, the boundary firewall can detect the watermark identifier contained in the media data due to the robustness of the digital watermark. The boundary firewall can detect the watermark identification in the media data to indicate that the transmission of the media data is abnormal. When the boundary firewall determines that the media data transmission is abnormal, the boundary firewall blocks the media data from passing through and sends an alarm prompt to the conference scheduling server.
In another possible implementation manner, in order to improve the accuracy of detection, after the watermark identifier is detected, whether an abnormality exists in the transmission of the media data may be finally determined according to the content of the watermark identifier. In such an implementation, the conference scheduling server must use media session information, such as source or destination address, etc., when generating the terminal 2 watermark identification. When the border firewall receives the media data sent by the terminal 2, the media session information included in the watermark identification is identified, the session information indicates that the source address is the address of the media server 1 or the address of the terminal 1, and the destination address is the address of the terminal 2, but the source address of the media data received by the current firewall is the address of the terminal 2, and the destination address is other terminals, it can be said that the media data transmission is illegal. Alternatively, it may be determined whether there is an abnormality in the transmission of the media data only from the destination address or the source address.
In step S58, when it is determined that there is an abnormal transmission, the border firewall sends an alarm prompt to the conference scheduling server. When the watermark identifier further includes the address of the media server 1 and the information related to the terminal 2, the border firewall may directly send an alarm prompt to the media server 1 to instruct it to stop sending the media data to the terminal 2.
Step S512: the conference scheduling server sends a notification to the media server 1 instructing it to stop sending media data from terminal 1 to terminal 2.
When the alarm prompt carries information indicating that the terminal 2 is an abnormal terminal, the conference scheduling server immediately sends the indication information to the media server 1 after receiving the alarm prompt from the media server 2 to indicate that the conference scheduling server stops forwarding the media data from the terminal 1 to the terminal 2.
In the above steps S51-S512, the watermark identification (terminal 2 watermark identification) mainly includes the terminal 2 related information and the media session information, and in another possible implementation manner, the watermark identification may also include the confidentiality level. Illustratively, the watermark identifier carries information indicating that the confidentiality level is "internal public", then the media server 2 does not intercept the media data when the media data is secondarily forwarded or secondarily shared in the intranet (step S57-step S59); but when the media data is forwarded outwards (step S510-step S512), the border firewall intercepts the media data.
In the method, before the media server (media server 1) involved in the conference forwards the media data from the conference sending end to the conference receiving end, the media server adds the watermark identification in the media data. Then, when the conference receiving end performs secondary sharing or secondary forwarding, the media server in the network and the firewall on the network boundary detect that the media data carries the watermark identification, and then the abnormal condition of the transmission of the media data can be confirmed. When the watermark identification is detected or the content contained in the watermark identification is determined not to be matched with the real situation, the media server in the network or the firewall on the boundary sends an alarm prompt to the conference scheduling server, and then the media server related to the conference is instructed to stop sending the media data to the conference receiving end. In the method, no matter the user leaks information in the networking or leaks information to the networking, the information can be intercepted in real time, and the malignant consequence caused by information leakage can not be generated; furthermore, because the media data is added with the watermark identification containing the user information, when the media server in the group network or a firewall on the boundary intercepts the media data containing the watermark identification, the content of the watermark identification is analyzed to determine the leakage person.
The key of detecting information leakage is watermark identification, and in order to ensure that the watermark identification itself is not tampered, in one possible implementation, a digital signature is required to ensure the security of a media data transmission channel. The digital signature is often carried in the header of the media data message. A digital signature may be used in each media session to ensure the security of the transmission channel. For example, when terminal 1 performs desktop sharing to terminal 2, there are a total of two media sessions, one from terminal 1 to the media server and the other from the media server 1 to terminal 2. In addition, the media session when the terminal 2 leaks out can also use the digital signature to ensure the security of channel transmission. The principle of using a digital signature per media session is similar.
Taking the example of using the digital signature from the terminal 1 to the media server 1 to ensure the security of the transmission channel, a method for using the digital signature will be specifically described. The conference scheduling server distributes a key to all media servers within the network and to the firewalls on the borders, and the conference scheduling server uses this key to encrypt the media session information and/or the user information of the terminal 1 to generate a digital signature. It should be noted that the conference scheduling server, the media server in the networking and the border firewall may negotiate the algorithm of the digital signature in advance. The algorithms for digital signatures are various: including RSA (Rivest, Shamir, Adleman), DSA (digital Signature Algorithm), and the like. The conference scheduling server issues the generated digital signature to the terminal 1, and the terminal 1 carries the digital signature in the message header of the media data when transmitting the media data to the media server (step S44). When receiving the media data sent by the terminal 1, the media server 1 acquires the digital signature carried in the media data. The media server 1 then calculates a digital signature based on the key distributed by the conference scheduling server and the previously negotiated algorithm. The media server 1 compares the calculated digital signature with the digital signature carried in the media data, and if the calculated digital signature is consistent with the digital signature carried in the media data, it indicates that the transmission channel is safe, that is, the transmission data is not tampered.
Further, a method for ensuring the security of a transmission channel by using a digital signature is introduced by taking an example that the terminal 2 leaks information to other users in the network through the media server 2. Likewise, the conference scheduling server distributes a key to all media servers within the group network and to the firewalls on the borders, and the conference scheduling server uses this key to encrypt the media session information and/or the user information of the terminal 2 to generate a digital signature. The conference scheduling server issues the digital signature to the terminal 2, and the terminal 2 carries the digital signature when the media data is secondarily shared or forwarded outwards. When receiving the media data sent by the terminal 2, the media server 2 calculates a digital signature according to an algorithm negotiated with the conference scheduling server and a key, compares the calculated digital signature with a digital signature carried in the received media data, and determines whether the transmission channel is safe. When the digital signature does not exist or is invalid, the media server 2 will not forward the media data to any terminal, and will also send an alarm prompt to the conference scheduling server to feed back the terminal 2 as an abnormal terminal.
In the first embodiment, a media server involved in a conference adds a watermark identifier in media data, and when the media data is secondarily forwarded or shared, a detection device detects the watermark identifier included in the secondarily forwarded or secondarily shared media data, so that real-time interception is performed, and loss caused by information leakage is reduced. Also, the detection device may track the leak based on information contained in the watermark identification.
Example two: the terminal 1 and the terminal 2 perform conference communication, the terminal 1 serves as a conference sending end, the terminal 2 serves as a conference receiving end, a user corresponding to the terminal 1 is a user 1, and a user corresponding to the terminal 2 is a user 2. The terminal 1 and the terminal 2 are in the same security group network (refer to fig. 1), and when each terminal in the conference sends out the media data, a watermark related to the self information or the media session information is added to the media data. A specific method for detecting media data is described below with reference to fig. 6.
Steps S61-S62: the same actions as those performed in steps S51-S52 are not repeated herein.
Step S63: the conference scheduling server generates a terminal 1 watermark identification and sends the terminal 1 watermark identification to the media server related to the conference, and then the media server related to the conference forwards the terminal 1 watermark identification to the terminal 1.
In another possible implementation manner, the conference scheduling server directly sends the generated terminal 1 watermark identifier to the terminal 1 without forwarding through the MCU.
Similar to the description in the first embodiment, the terminal 1 watermark identification may be generated based on the terminal 1 related information (e.g. user information), or may be generated based on the media session information, or may be generated based on the terminal 1 related information and the media session information. The media session information is used for indicating that a source address of data transmission is an address of the media server 1 or an address of the terminal 1; or the media session information is used to indicate that the destination address of the data transmission is the address of the terminal 2.
Step S63': this step is an alternative to step S63, in which, unlike step S63, the terminal 1 watermark identification is generated by the media server involved in the conference. In the embodiment provided by the present application, the terminal 1 watermark identification is generated by the media server 1, and then the media server 1 sends the generated terminal 1 watermark identification to the terminal 1.
Step S64: the terminal 1 sends the media data added with the watermark identification of the terminal 1 to the media server 1.
In this step, before sending the media data to the media server 1, the terminal 1 adds the received watermark identifier to the media data and then sends the media data to the media server 1. There are various ways for the terminal 1 to add a watermark to the media data, and reference may be made to step S55.
Step S65: after receiving the media data sent by the terminal 1, the media server 1 determines that the media data is legal according to the watermark identification of the terminal 1 contained in the media data.
After receiving the media data of the terminal 1, the media server 1 determines that only one watermark identifier is included therein, and determines that the transmission of the media data is normal according to the media session information and the actual transmission condition included in the watermark identifier.
It should be noted that the step is an optional step, and the media server 1 has determined that the terminal 1 is the sending end of the conference and the terminal 2 is the receiving end of the conference according to steps S61 to S62, and when receiving the media stream sent by the sending end of the conference, the media stream can be directly forwarded to the receiving end of the conference without parsing the media data, so as to reduce the occupation of the computing resources of the media server.
Step S66: the media server 1 transmits media data from the terminal 1 to the terminal 2.
When the user 2 forwards the media data to other users in the networking, executing the steps S57-S59; when the user 2 forwards the media data to other users outside the network, steps S610-S612 are executed.
Step S67: the user 2 reveals the received media data carrying the watermark identification of the terminal 1 to other users in the networking. User 2 has multiple ways of disclosure to other users within the network:
mode 1: and the user 2 starts a new conference on the terminal 2 through the same conference system, and shares the conference picture with the terminal 1 to the participants of the new conference. Wherein the same conference system can be understood as the same conference service provider.
Mode 2: user 2 opens a new conference on terminal 2 via another conference system.
Mode 3: the user 2 opens a new conference at the terminal 3 via the same conference system. For example, when the terminal 2 is a computer of the user 2, the terminal 3 may be a mobile phone of the user 2.
Mode 4: the user 2 opens a new conference at the terminal 3 via another conference system.
The method for opening a new conference is only an example, and any other actions that reveal data to other users through media streaming are within the scope of the present application. In addition, the terminal 3 must also be in a secure web-based network, e.g., the terminal 3 is connected to a company's Wi-Fi.
In the case of the method 1, it is assumed that the media server used in the new conference is the media server 2, and when the terminal 2 initiates the new conference, the conference scheduling server or the media server 2 distributes the watermark identifier of the terminal 2 to the terminal 2. The watermark identification of the content included by the terminal 2 refers to step S63. In this case, since the same conference system is used, the terminal 2 will also mark the media data of the new conference with the terminal 2 watermark when sending the media data to the outside. That is, the media data sent out by the terminal 2 includes two watermark identifications (terminal 1 watermark identification, terminal 2 watermark identification).
In the case of the mode 2, it is assumed that the media server used in the new conference is the media server 2, and since the same conference system is not used, the terminal 2 does not mark its own watermark when sending the media data to the outside, that is, the media data sent to the outside by the terminal 2 only includes the terminal 1 watermark.
In the case of the method 3, it is assumed that the media server used in the new conference is the media server 2, and since the same conference system is used, when the terminal 3 establishes the new conference, the conference scheduling server or the media server 2 sends the terminal 3 watermark identifier to the terminal 3. The watermark identification of the content included by the terminal 3 refers to step S63. That is, in this manner, two watermark identifications (terminal 1 watermark identification, terminal 3 watermark identification) are included in the media data leaked to the outside by the user 2.
In the case of the method 4, it is assumed that the media server used in the new conference is the media server 2, and since different systems are used, the terminal 3 does not mark its own watermark when sending the media data to the outside, that is, the media data sent to the outside by the terminal 3 only includes the terminal 1 watermark.
Step S68: the media server 2 detects and identifies the watermark identification in the media data, and confirms that the media data is abnormally transmitted.
When receiving the illegally transmitted media data, the media server 2 detects and identifies the watermark contained therein, and determines whether the media data transmission is legal or not according to the content of the watermark. In the case of the mode 1 and the mode 3, the media server 2 detects that the media data includes two watermark identifications, which can directly indicate that the transmission of the media data is illegal. When the media server 2 detects only one watermark identifier, it needs to determine whether the media data transmission is legal or not according to the media session information contained in the watermark identifier. For example, in the case of the method 2, the media server 2 detects that the destination address is the address of the terminal 2, which is indicated by the media session information in the watermark identifier of the terminal 1 included in the media data, and in an actual situation, the destination address of the media data should be the address of the media server 2, that is, it can be determined that the transmission of the media data is an illegal transmission. The rest of the cases will not be described herein.
In step S58, when it is detected that there is an abnormality in the media data transmission, the media server 2 sends an alarm prompt to the conference scheduling server or the media server 1.
Step S69: and after receiving the alarm prompt, the conference scheduling server instructs the media server 1 to stop sending the media data to the terminal 2.
The detection device can determine that the terminal 2 is an abnormal terminal according to the information contained in the watermark identifier, and the detection device can carry the relevant information of the terminal 2 in the alarm prompt sent to the conference scheduling server. And the conference scheduling server informs the media server 1 to stop sending new media data to the terminal 2 according to the alarm prompt.
Step S610: the user 2 reveals the received media data carrying the watermark identification of the terminal 1 to other users outside the network.
As with step S67, user 2 may have multiple leak paths. No matter what way the user 2 leaks the received media data, based on the robustness of the digital watermark, the illegal leaking behavior of the user can be detected by the detection device (the media server 2) and intercepted in real time.
Step S611: when the terminal 2 sends the media data to the outside, the boundary firewall detects and identifies the watermark identification contained in the media data, and determines that the media data transmission is illegal transmission.
In the embodiment provided by the present application, the detection device (boundary firewall) can directly determine that the media data transmission is illegal when detecting that the media data contains two watermark identifications. The boundary firewall detects that the media data only contains one watermark identifier, and needs to judge whether the media transmission is legal or not based on the media session information and the real situation in the watermark identifier.
When the media data transmission is determined to be illegal, the boundary firewall can send an alarm prompt to the conference scheduling server. When the boundary firewall can determine that the terminal 2 is an abnormal terminal based on the content of the watermark identifier, the alarm prompt may carry the related information of the terminal 2.
Step S612: the conference scheduling server controls the media server 1 to stop sending the media data to the terminal 2 based on the alarm prompt.
When the conference scheduling server can determine that the terminal 2 is an abnormal terminal based on the alarm prompt, the conference scheduling server notifies the media server 1 to terminate sending new media data to the terminal 2.
Similar to the embodiment, a confidentiality rating may also be included in the watermark identification. Different detection devices may adopt different strategies depending on different confidentiality levels. For example, when the watermark identifier carries information indicating that the confidentiality level of the media data is internally disclosed, the media server 2 in the network group will not intercept the media data when receiving the media data; and the firewall at the networking boundary intercepts the media data, and finally ensures that the disclosure range of the media data is internally disclosed.
In the above embodiment, the terminal may mark the media data with the watermark when sending the media data, and when the subsequent media data is leaked, the detection device may determine whether the transmission of the media data is legal according to the content of the watermark, thereby ensuring the security of data communication.
Example three: the terminal 1 and the terminal 2 perform conference communication, the terminal 1 serves as a conference sending end, the terminal 2 serves as a conference receiving end, a user corresponding to the terminal 1 is a user 1, and a user corresponding to the terminal 2 is a user 2. The terminal 1 and the terminal 2 are in two different security networks (refer to fig. 2), and the watermark identification can be added by a media server (media server 21) near the receiving end or by a media server (media server 11) near the transmitting end. In order to simplify the flow, in this embodiment, the default firewall only detects media streams flowing outside the network. A specific method of detecting information leakage will be described below.
Steps S71-S72: referring to step S51-step S52, the steps are mainly used for allocating a media server for the conference by the conference scheduling server. In the present embodiment, the media servers 11 and 21 are media servers assigned to the conference by the conference scheduling server.
Step S73: the media server 21 receives the terminal 2 watermark identification generated by the conference scheduling server, or the media server 21 directly generates the terminal 2 watermark identification.
Similar to step S53, the terminal 2 watermark identification may include terminal 2 related information (e.g., user information), or the terminal 2 watermark identification may include media session information, or the terminal 2 watermark identification may include terminal 2 related information as well as media session information. Wherein the media session information is used to indicate that the destination address of the media data is the address of the terminal 2. Or, when the watermark identifier is added to the media server 11, the media session information is used to indicate that the source address of the media data is the address of the terminal 1 or the address of the media server 11; when the watermark identification is added for the media server 21, the media session information is used to indicate that the source address of the media data is the address of the terminal 1, the address of the media server 11 or the address of the media server 21.
Step S74: the terminal 1 transmits media data to the media server 21 through the media server 11, the firewall 1, and the firewall 2 in this order.
Step S75: after receiving the media data from the media server 11, the media server 21 adds watermark identification of the terminal 2 to the media data. The way of adding the watermark identifier may refer to step S55.
Step S76: the media server 21 sends the media data carrying the watermark identification of the terminal 2 to the terminal 2.
When the user 2 forwards the media data to other users in the networking, executing the steps S77-S79; when the user 2 forwards the media data to other users outside the network, step S710-step S712 are executed.
Step S77: the user 2 reveals the received media data carrying the watermark identification of the terminal 2 to other users in the networking.
Step S78: the media server 22 receives the media data leaked by the user 2 to other users, and determines that the media data transmission is illegal according to the watermark identification in the media data. Among them, the media server 22 is a media server through which the user 2 passes when transmitting media data to other users in the intranet. Similar to the embodiment, there are various ways to determine that the secondary media transmission is illegal, and the secondary media transmission can be directly determined to be illegal when the watermark identification is detected; or, in order to improve the accuracy of detection, whether the transmission of the media data is legal or not can be determined based on the media session information in the watermark identification and the real transmission situation.
Step S79: the media server 22 sends an alert prompt to the conference scheduling server. When the address of the media server 21 is included in the watermark identification of the terminal 2, the media server 22 may also send an alarm prompt directly to the media server 21. Further, the watermark identifier further includes information related to the terminal 2, and the media server 22 may determine that the terminal 2 is an abnormal terminal. The alert prompt may further carry information about the terminal 2 to notify the media service 22 to stop sending new media data to the terminal 2.
Step S710: the user 2 reveals the received media data carrying the watermark identification of the terminal 2 to other users outside the network. Reference is made to step S510 for various leakage paths.
Step S711: the boundary firewall 2 detects that the received media data includes the watermark identification, and determines that there is an abnormality in the transmission of the media data.
When the user 2 sends media data to the outside of the group through various routes, the boundary firewall 2 detects the watermark identification therein, and then determines that the sending behavior is illegal. Further, in order to improve the detection accuracy, whether the transmission behavior is illegal or not is determined based on the content contained in the watermark identifier. Please refer to step S511 for a specific determination process.
Step S712: the boundary firewall 2 sends an alarm prompt to the conference scheduling server. When the media server 21 is also included in the watermark identification, the border firewall 2 may send an alarm prompt directly to the media server 21. Further, when the watermark identifier includes the information related to the terminal 2, the border firewall may directly determine that the terminal 2 is an abnormal terminal, and may further notify the media server 21 to stop sending new media data to the terminal 2.
The difference between the third embodiment and the first embodiment is only that whether the terminal 1 and the terminal 2 are in the same security group network, and because the terminals are in different security group networks, the forwarding paths when the terminal 1 sends the media data to the terminal 2 are different. But the idea of detecting media data is the same. In order to monitor the illegal leakage behavior of the terminal 2, the terminal 2 needs to be in a security group network, or in other words, the terminal 2 needs to be in a monitored network environment.
For the system architecture 2 (fig. 2), the third embodiment only takes the media server adding the watermark identifier as an example, and please refer to the system architecture 2 and the second embodiment when the watermark identifier is added by the terminal device.
Example four: the terminal 1 and the terminal 2 perform conference communication, the terminal 1 serves as a conference sending end, the terminal 2 serves as a conference receiving end, a user corresponding to the terminal 1 is a user 1, and a user corresponding to the terminal 2 is a user 2. The terminal 1 is outside the security network, the terminal 2 is inside the security network (refer to fig. 3), and the watermark identification can be added by the media server (media server 4) near the receiving end or by the media server (media server 3) near the sending end. In this embodiment, the default firewall only detects media data that flows outside the network.
In such a case, the watermark identification may include terminal 2-related information, or the watermark identification may include media session information, or the watermark identification may include terminal 2-related information and media session information. Wherein the media session information is used to indicate that the destination address of the media data is the address of the terminal 2. When the watermark identification is added by the media server 3, the media session information is also used to indicate that the source address of the media data is the address of the terminal 1 or the address of the media server 3; when the watermark identification is added by the media server 4, the media session information is also used to indicate that the source address of the media data is the address of the terminal 1, the address of the media server 3 or the address of the media server 4. In such a case, the terminal 1 can be enabled to smoothly transmit the media data to the terminal 2, and then the terminal 2 can be intercepted by the detection device when the media data is leaked to the outside.
The difference between the fourth embodiment and the third embodiment or the first embodiment is mainly the system architecture, but the idea of detecting whether the media data transmission is legal is consistent.
For the system architecture 3 (fig. 3), the fourth embodiment only takes the media server adding the watermark identifier as an example, and please refer to the system architecture 3 and the second embodiment when the watermark identifier is added by the terminal device.
All the above embodiments take the example that the terminal 2 adds the watermark before receiving the legally transmitted media data, and in another possible implementation manner, the watermark identification is added by the terminal 2 when the terminal 2 forwards the media data outwards. Illustratively, the conferencing system may provide a push-to-forward or push-to-share functionality for users. In this case, when the terminal 2 receives the media data (which does not include the watermark identifier) sent by the terminal 1 and then forwards the media data to the outside through the one-touch forwarding function, the watermark identifier of the terminal 2 is added, and the watermark identifier may include user information of the terminal 2 or a network address of the terminal 2, or a confidentiality level. When receiving the media data sent by the terminal 2, the detection device judges whether the transmission of the media data is legal or not based on the content of the watermark identification.
In another embodiment of the present invention, the detection device may detect whether the media data sent by the terminal 2 contains the permission information to determine whether the behavior of sending the media data by the terminal 2 is legal. For example, the rights information may be forwarding rights, etc. When the media data does not contain the authority information, the behavior of the terminal 2 for sending the media data is considered to be illegal.
The method of detecting media data is described above in connection with fig. 1-6, and the apparatus and device for performing the method are described below in connection with fig. 7-8.
The embodiment of the present application provides an apparatus 700 for detecting media data, the apparatus includes a communication module 710 and a processing module 711, where the communication module 710 is configured to receive first media data sent by a first terminal, where the first media data includes first feature information; the processing module 711 is configured to determine whether the first media data sent by the first terminal is legal according to the first feature information.
Optionally, the first media data sent by the first terminal is sent to the first terminal by the second terminal through the first media server. In this case, the first terminal is a conference receiving terminal corresponding to the terminal 2 in the first, second, third, and fourth embodiments, and the second terminal is a conference transmitting terminal corresponding to the terminal 1 in the first, second, third, and fourth embodiments.
Optionally, the first feature information is added by the first media server.
Optionally, the first feature information is added by the second terminal.
Optionally, the first characteristic information includes information of a legitimate sender or information of a legitimate receiver.
Optionally, the first characteristic information includes the legal sender information, where the legal sender information includes the first media server information, and the communication module 710 is further configured to: and when the first terminal is determined to send the first media data illegally according to the first characteristic information, sending first warning information to the first media server according to the first characteristic information.
Optionally, the first characteristic information includes the legitimate sender information and the legitimate receiver information, the legitimate sender information includes the first media server information, and the communication module 710 is further configured to: and when the first terminal is determined to send the first media data illegally according to the first characteristic information, sending second warning information to the first media server according to the first characteristic information, wherein the second warning information is used for indicating that the first terminal is an abnormal terminal.
Optionally, the first characteristic information includes the legal sender information and the legal receiver information, the legal sender information includes the first media server information, and the communication module 710 is further configured to: and when the first terminal is determined to send the first media data illegally according to the first characteristic information, indicating the first media server to stop sending second media data to the first terminal according to the first characteristic information.
Optionally, the communication module 710 is further configured to: and receiving first media data sent by a first terminal to a third terminal, wherein the third terminal and the first terminal are communicated through the device.
Optionally, the apparatus 700 for detecting media data may be the first media server, or the apparatus is a second media server, where the second media server is different from the first media server, or the apparatus is a firewall, or the apparatus is a media proxy gateway.
Optionally, the first media data is generated by the first terminal according to third media data received by a fourth terminal, where the third media data includes the first feature information. In this case, the fourth terminal is a conference receiving end, the first terminal leaks the data received by the fourth terminal through various ways, the detection device can detect the behavior based on the characteristic information included in the data, and when it is determined that the behavior is illegal, the transmission of the data can be intercepted in real time.
Optionally, the first media data includes a digital signature, and the digital signature is used to determine that the first media data has not been tampered.
Fig. 8 is a device 80 for media data detection according to an embodiment of the present application, and as shown in the figure, the device 80 includes a processor 81, a memory 82, and a communication interface 83. The processor 81, the memory 82, and the communication interface 83 are connected by wired or wireless transmission. The memory 82 is used to store instructions and the processor 81 is used to execute the instructions. The memory 82 stores program instructions and the processor 81 may call the program instructions stored in the memory 82 to perform the following operations:
receiving first media data sent by a first terminal, wherein the first media data comprises first characteristic information; and determining whether the first media data sent by the first terminal is legal or not according to the first characteristic information.
Optionally, the processor 81 executes the program instructions to perform:
and when the first terminal is determined to send the first media data illegally according to the first characteristic information, sending first warning information to the first media server according to the first characteristic information.
Optionally, the processor 81 executes the program instructions to perform:
and when the first terminal is determined to send the first media data illegally according to the first characteristic information, sending second warning information to the first media server according to the first characteristic information, wherein the second warning information is used for indicating that the first terminal is an abnormal terminal.
Optionally, the processor 81 executes the program instructions to perform:
and when the first terminal is determined to send the first media data illegally according to the first characteristic information, indicating the first media server to stop sending second media data to the first terminal according to the first characteristic information.
It should be understood that in the embodiments of the present application, the processor 81 may be a CPU or other general-purpose processor that can execute stored program instructions. The memory 82 may include a read-only memory and a random access memory, and provides instructions and data to the processor 81. The memory 82 may also include non-volatile random access memory. For example, the memory 82 may also store device type information. The memory 82 may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM). By way of example and not limitation, many forms of RAM are available, such as Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct bus RAM (DR RAM). The bus 94 may include a power bus, a control bus, a status signal bus, and the like, in addition to a data bus. But for clarity of illustration the various buses are labeled as bus 84 in the figures.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more program instructions. When the program instructions are loaded or executed on a computer, the procedures or functions according to the embodiments of the present application are wholly or partially generated. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a Solid State Drive (SSD).
The foregoing is only illustrative of the present application. Those skilled in the art can conceive of changes or substitutions based on the specific embodiments provided in the present application, and all such changes or substitutions are intended to be included within the scope of the present application.

Claims (28)

1. A method of detecting media data, the method comprising:
the method comprises the steps that detection equipment receives first media data sent by a first terminal, wherein the first media data comprise first characteristic information;
and the detection equipment determines whether the first media data sent by the first terminal is legal or not according to the first characteristic information.
2. The method of claim 1, wherein the first media data sent by the first terminal is sent by the second terminal to the first terminal through a first media server.
3. The method of claim 2, wherein the first feature information is added by the first media server.
4. The method of claim 2, wherein the first characteristic information is added by the second terminal.
5. The method according to any of claims 1-4, wherein the first characteristic information comprises legitimate sender information and/or legitimate receiver information.
6. The method of claim 5, wherein the legitimate recipient information comprises first terminal information, and wherein the legitimate sender information comprises second terminal information or first media server information.
7. The method of claim 6, wherein the first characteristic information comprises the legitimate sender information, wherein the legitimate sender information comprises the first media server information, and wherein the method further comprises:
and when the detection equipment determines that the first terminal sends the first media data illegally according to the first characteristic information, the detection equipment sends first warning information to the first media server according to the first characteristic information.
8. The method of claim 6, wherein the first characteristic information comprises the legitimate sender information and the legitimate recipient information, wherein the legitimate sender information comprises the first media server information, and wherein the method further comprises:
when the detection device determines that the first media data sent by the first terminal is illegal according to the first characteristic information, the detection device sends second warning information to the first media server according to the first characteristic information, wherein the second warning information is used for indicating that the first terminal is an abnormal terminal.
9. The method of claim 6, wherein the first characteristic information comprises the legitimate sender information and the legitimate recipient information, wherein the legitimate sender information comprises the first media server information, and wherein the method further comprises:
and when the detection equipment determines that the first media data sent by the first terminal is illegal according to the first characteristic information, the detection equipment instructs the first media server to stop sending second media data to the first terminal according to the first characteristic information.
10. The method according to any one of claims 1 to 9, wherein the receiving, by the detection device, the first media data sent by the first terminal specifically includes:
the detection equipment receives first media data sent by a first terminal to a third terminal, and the third terminal and the first terminal are communicated through the detection equipment.
11. The method according to any of claims 1-10, wherein the detection device is the first media server, or wherein the detection device is a second media server, and wherein the second media server is different from the first media server, or wherein the detection device is a firewall, or wherein the detection device is a media proxy gateway.
12. The method of claim 1, wherein the first media data is generated by the first terminal according to third media data received by a fourth terminal, and wherein the third media data comprises the first characteristic information.
13. The method of any of claims 1-12, wherein the first media data includes a digital signature, and wherein the digital signature is used to determine that the first media data has not been tampered with.
14. An apparatus for detecting media data, the apparatus comprising a communication module and a processing module:
the communication module is used for receiving first media data sent by a first terminal, wherein the first media data comprises first characteristic information;
and the processing module is used for determining whether the first media data sent by the first terminal is legal or not according to the first characteristic information.
15. The apparatus of claim 14, wherein the first media data sent by the first terminal is sent by the second terminal to the first terminal through a first media server.
16. The apparatus of claim 15, wherein the first feature information is added by the first media server.
17. The apparatus of claim 15, wherein the first feature information is added by the second terminal.
18. The apparatus according to any one of claims 14-17, wherein the first characteristic information comprises legitimate sender information and/or legitimate receiver information.
19. The apparatus of claim 18, wherein the legitimate receiver information comprises first terminal information, and wherein the legitimate sender information comprises second terminal information or first media server information.
20. The apparatus of claim 19, wherein the first characteristic information comprises the legitimate sender information, wherein the legitimate sender information comprises the first media server information, and wherein the communication module is further configured to:
and when the first terminal is determined to send the first media data illegally according to the first characteristic information, sending first warning information to the first media server according to the first characteristic information.
21. The apparatus of claim 19, wherein the first characteristic information comprises the legitimate sender information and the legitimate recipient information, wherein the legitimate sender information comprises the first media server information, and wherein the communication module is further configured to:
and when the first terminal is determined to send the first media data illegally according to the first characteristic information, sending second warning information to the first media server according to the first characteristic information, wherein the second warning information is used for indicating that the first terminal is an abnormal terminal.
22. The apparatus of claim 19, wherein the first characteristic information comprises the legitimate sender information and the legitimate recipient information, wherein the legitimate sender information comprises the first media server information, and wherein the communication module is further configured to:
and when the first terminal is determined to send the first media data illegally according to the first characteristic information, the first media server is instructed to stop sending second media data to the first terminal according to the first characteristic information.
23. The apparatus of any of claims 14-22, wherein the communication module is further configured to:
and receiving first media data sent by a first terminal to a third terminal, wherein the third terminal and the first terminal are communicated through the device.
24. The apparatus according to any of claims 14-23, wherein the apparatus is the first media server, or wherein the apparatus is a second media server, wherein the second media server is different from the first media server, or wherein the apparatus is a firewall, or wherein the apparatus is a media proxy gateway.
25. The apparatus of claim 14, wherein the first media data is generated by the first terminal according to third media data received by a fourth terminal, and wherein the third media data comprises the first characteristic information.
26. The apparatus of any of claims 14-25, wherein the first media data includes a digital signature, the digital signature being used to determine that the first media data has not been tampered with.
27. An apparatus to detect media data, the apparatus comprising a processor and a memory, the memory storing computer instructions, the processor executing the computer instructions in the memory to implement the method of any of claims 1-13.
28. A computer-readable storage medium having stored therein program instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1-13.
CN202011620230.XA 2020-12-21 2020-12-30 Method and device for detecting media data Pending CN114650275A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/139416 WO2022135308A1 (en) 2020-12-21 2021-12-18 Method and apparatus for detecting media data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2020115140880 2020-12-21
CN202011514088 2020-12-21

Publications (1)

Publication Number Publication Date
CN114650275A true CN114650275A (en) 2022-06-21

Family

ID=81991807

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011620230.XA Pending CN114650275A (en) 2020-12-21 2020-12-30 Method and device for detecting media data

Country Status (2)

Country Link
CN (1) CN114650275A (en)
WO (1) WO2022135308A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116488943B (en) * 2023-06-19 2023-08-25 杭州海康威视数字技术股份有限公司 Multimedia data leakage tracing detection method, device and equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242516A (en) * 2006-12-30 2008-08-13 法国电信公司 Coding for protecting multimedia preview and method for protecting and recovering multimedia data in multimedia broadcast, corresponding code, protection and receiving device
CN107483422B (en) * 2017-08-03 2020-10-27 深信服科技股份有限公司 Data leakage tracing method and device and computer readable storage medium
CN108289254A (en) * 2018-01-30 2018-07-17 北京小米移动软件有限公司 Web conference information processing method and device

Also Published As

Publication number Publication date
WO2022135308A1 (en) 2022-06-30

Similar Documents

Publication Publication Date Title
Oh et al. Security requirements analysis for the IoT
Keromytis A comprehensive survey of voice over IP security research
Zhou et al. Multimedia traffic security architecture for the internet of things
US20200304853A1 (en) Internet anti-attack method and authentication server
US8191131B2 (en) Obscuring authentication data of remote user
US8826014B2 (en) Authentication of remote host via closed ports
Tian et al. A survey of key technologies for constructing network covert channel
US7680062B2 (en) Apparatus and method for controlling abnormal traffic
US11546300B2 (en) Firewall system with application identifier based rules
US11792186B2 (en) Secure peer-to-peer based communication sessions via network operating system in secure data network
JP2005204087A (en) Information communication system, transmitting unit, transmitting method, and computer program
WO2022135308A1 (en) Method and apparatus for detecting media data
EP3148185B1 (en) Accessing method, system and storage medium for video conference
JP2009053969A (en) Service providing system, filtering device, filtering method and message confirmation method
WO2024032289A1 (en) Video playback method and system, video security platform, and communication device
KR102020986B1 (en) Trust network system based block-chain
KR101991340B1 (en) Apparatus and method for managing security
Ovadia et al. {Cross-Router} Covert Channels
CN114666419A (en) Data transmission method, device, terminal equipment and storage medium
JP2009258965A (en) Authentication system, authentication apparatus, communication setting apparatus, and authentication method
CN106713295B (en) Medical image transmission method and device
WO2009143750A1 (en) Methods, devices and systems for terminal data management and terminal security evaluation based on tnc
US20230199001A1 (en) Secure streaming media based on updating hypercontent in a secure peer-to-peer data network
CN111770048B (en) Method for preventing SIP equipment from being attacked, calling equipment and called equipment
US20220345790A1 (en) In-band metadata for authenticity and role-based access in enterprise video streaming services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination