CN117714171A - Intra-domain communication method, device, equipment and medium for video networking - Google Patents
Intra-domain communication method, device, equipment and medium for video networking Download PDFInfo
- Publication number
- CN117714171A CN117714171A CN202311745840.6A CN202311745840A CN117714171A CN 117714171 A CN117714171 A CN 117714171A CN 202311745840 A CN202311745840 A CN 202311745840A CN 117714171 A CN117714171 A CN 117714171A
- Authority
- CN
- China
- Prior art keywords
- management service
- service system
- conference
- intra
- comprehensive management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 126
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000006855 networking Effects 0.000 title claims abstract description 30
- 238000010276 construction Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000012795 verification Methods 0.000 description 6
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Abstract
The application provides an intra-domain communication method, device, equipment and medium for video networking, which relate to the technical field of video networking, and are used for issuing and checking certificates of an upper comprehensive management service system, a lower comprehensive management service system and all terminals under the upper comprehensive management service system and generating an intra-domain communication key; encrypting data containing meeting invitation information by using an intra-domain communication key, and transmitting the encrypted data to a comprehensive management service system serving as a branch meeting place by using the comprehensive management service system serving as a main meeting place; and the integrated management service system as the main conference site applies a conference service key, and during the conference, the conference service key is used for completing the data encryption communication between the participant terminal and the integrated management service system as the main conference site. The security system based on the digital certificate performs identity authentication on the comprehensive management service system and the terminal, and improves the security and convenience of data transmission of the autonomous domain conference control through the generated intra-domain communication key and the conference service key.
Description
Technical Field
The present application relates to the field of video networking technologies, and in particular, to a method, an apparatus, a device, and a medium for intra-domain communication of video networking.
Background
The visual network adopts a networking mode of tree cascading among autonomous domains based on autonomous domains to realize hierarchical management, so that in theory, network element nodes such as a comprehensive management service platform, a password infrastructure, a service server and the like have functional scene requirements of upper and lower cascading. The cascade and management scheme is required to abstract unified cascade management logic as far as possible, so that data exchange and forwarding among the upper node, the lower node, the peer intercommunication node and the own node are realized. With more and more applications of secret-related video conferences, the security and convenience of conference control cannot meet the current demands in a single-autonomous multi-heald (integrated management service system) scene.
Disclosure of Invention
In view of the above, an object of the present application is to provide a method, an apparatus, a device, and a medium for intra-domain communication for video networking, which can improve security and convenience of intra-autonomous domain conference data transmission.
In a first aspect, an embodiment of the present application provides an intra-domain communication method for a video network, where each autonomous domain in the video network deploys an upper-level integrated management service system and at least one lower-level integrated management service system, for conference construction and management, where the method includes the following steps:
Issuing and checking certificates for the upper comprehensive management service system, the lower comprehensive management service system and all terminals governed by the upper comprehensive management service system and the lower comprehensive management service system, and issuing an intra-domain communication key for the upper comprehensive management service system, the lower comprehensive management service system or the terminals which are successfully verified;
determining a comprehensive management service system serving as a main conference place and a comprehensive management service system serving as a sub conference place, encrypting data containing meeting invitation information by using the intra-domain communication key, and transmitting the encrypted meeting invitation information to the comprehensive management service system serving as the sub conference place from the comprehensive management service system serving as the main conference place;
applying a conference service key by the comprehensive management service system serving as a main conference site, and sending conference starting information and conference service key information to the participant terminal;
during the conference, the conference service key is used for completing the data encryption communication between the participant terminal and the integrated management service system as the main conference site.
In some embodiments, when the upper integrated management service system starts a conference as a main conference site, encrypting data containing conference invitation information by using the intra-domain communication key, and sending the encrypted conference invitation information to the integrated management service system as a sub-conference site by the integrated management service system as the main conference site, wherein the method comprises the following steps:
Selecting a participant terminal from all terminals governed by the upper comprehensive management service system and/or the lower comprehensive management service system;
encrypting data containing meeting invitation information by using the intra-domain communication key, and transmitting the encrypted meeting invitation information from the upper comprehensive management service system to all lower comprehensive management service systems corresponding to the participant terminal; wherein, all lower-level comprehensive management service systems corresponding to the participant terminals are comprehensive management service systems of the meeting place;
and generating a conference record for log auditing in the lower-level integrated management service system corresponding to the participant terminal.
In some embodiments, when the lower integrated management service system starts a conference as a main conference site, encrypting data containing conference invitation information by using the intra-domain communication key, and sending the encrypted conference invitation information to the integrated management service system as a sub-conference site by the integrated management service system as the main conference site, wherein the method comprises the following steps:
determining a lower comprehensive management service system serving as a meeting place;
encrypting data containing meeting invitation information by using the intra-domain communication key, and sending the encrypted meeting invitation information to a lower-level integrated management service system serving as a branch meeting place by the lower-level integrated management service system serving as a main meeting place;
Generating a conference record for log auditing in a lower-level comprehensive management service system serving as a branch conference room;
and determining a participant terminal serving as a lower-level integrated management service system of the branch conference room, encrypting data containing participant terminal list information by using the intra-domain communication key, and transmitting the encrypted participant terminal list information to the lower-level integrated management service system serving as the main conference room.
In some embodiments, the integrated management service system as a main conference site applies for a conference service key, and sends conference start information and conference service key information to the participant terminal, including the following steps:
applying a conference service key by the comprehensive management service system serving as a main conference place through the upper comprehensive management service system;
encrypting data containing conference opening information and conference service key information by using a communication key between the integrated management service system and the terminal; wherein the communication key is generated during network access authentication between the integrated management service system and the terminal;
and sending the encrypted conference starting information and conference service key information to a participant terminal.
In some embodiments, each autonomous domain further includes an in-domain certificate authority, and the integrated management service system serving as a main conference site applies for a conference service key to the in-domain certificate authority through the upper integrated management service system.
In some embodiments, the method further comprises the steps of:
encrypting data containing conference stop information by using the intra-domain communication key, and transmitting the encrypted conference stop information to a comprehensive management service system serving as a branch conference place by using the comprehensive management service system serving as a main conference place;
and after the conference is stopped, encrypting the data containing the log information by using the intra-domain communication key, and transmitting the encrypted log information to the upper-level integrated management service system by the integrated management service system serving as a branch conference.
In some embodiments, the signature verification is performed on the terminal governed by the lower-level integrated management service system in the following manner, including the following steps:
the terminal sends an identity authentication request to the corresponding lower integrated management service system;
the subordinate integrated management service system sends a request for identifying the validity of the terminal certificate to the superior integrated management service system, and the validity of the terminal user password is identified internally;
And carrying out identity authentication on the terminal according to a first authentication result sent by the upper comprehensive management service system to the lower comprehensive management service system and a second authentication result obtained by the lower comprehensive management service system.
In a second aspect, an embodiment of the present application provides an intra-domain communication device for a video network, where each autonomous domain in the video network deploys an upper-level integrated management service system and at least one lower-level integrated management service system, for conference construction and management and control, where the device includes:
the intra-domain communication key generation module is used for issuing and checking certificates for the upper comprehensive management service system, the lower comprehensive management service system and all terminals governed by the upper comprehensive management service system and the lower comprehensive management service system, and issuing an intra-domain communication key for the upper comprehensive management service system, the lower comprehensive management service system or the terminals which are successfully verified;
the conference invitation module is used for determining a comprehensive management service system serving as a main conference place and a comprehensive management service system serving as a sub conference place, encrypting data containing conference invitation information by utilizing the intra-domain communication key, and transmitting the encrypted conference invitation information to the comprehensive management service system serving as the sub conference place from the comprehensive management service system serving as the main conference place;
The conference service key generation module is used for applying a conference service key by the comprehensive management service system serving as a main conference place and sending conference starting information and conference service key information to the participant terminal;
and the communication module is used for completing data encryption communication between the participant terminal and the integrated management service system serving as a main conference place by utilizing the conference service key during the conference.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor, a memory, and a bus, where the memory stores machine-readable instructions executable by the processor, where the processor and the memory communicate through the bus when the electronic device is running, and where the machine-readable instructions, when executed by the processor, perform the steps of the intra-domain communication method for video networking set forth in any one of the first aspects.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium having a computer program stored thereon, which when executed by a processor performs the steps of the intra-domain communication method for view networking of any of the first aspects described above.
The method, the device, the equipment and the medium for intra-domain communication for the video networking are characterized in that certificates are issued and checked for all terminals governed by the upper comprehensive management service system, the lower comprehensive management service system and the upper comprehensive management service system, and an intra-domain communication key is issued for the upper comprehensive management service system, the lower comprehensive management service system or the terminals after verification is completed; determining a comprehensive management service system serving as a main conference place and a comprehensive management service system serving as a sub conference place, encrypting data containing meeting invitation information by using the intra-domain communication key, and transmitting the encrypted meeting invitation information to the comprehensive management service system serving as the sub conference place from the comprehensive management service system serving as the main conference place; applying a conference service key by the comprehensive management service system serving as a main conference site, and sending conference starting information and conference service key information to the participant terminal; during the conference, the conference service key is used for completing the data encryption communication between the participant terminal and the integrated management service system as the main conference site. Therefore, the security system based on the digital certificate performs identity authentication on the comprehensive management service system and the terminal to generate an intra-domain communication key, and the security and convenience of data transmission of the autonomous intra-domain conference are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 illustrates a flow chart of a method of intra-domain communication for video networking according to an embodiment of the present application;
fig. 2 is a schematic diagram of performing certificate issuing and signature verification on an upper-level integrated management service system, a lower-level integrated management service system, and all terminals under the control of the upper-level integrated management service system and the lower-level integrated management service system according to an embodiment of the present application;
fig. 3 is a schematic diagram of a conference control system using an upper-level integrated management service system as a main conference site according to an embodiment of the present application;
fig. 4 shows a schematic diagram of a conference control of a lower integrated management service system as a main conference site according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an intra-domain communication device for video networking according to an embodiment of the present application;
fig. 6 shows a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the accompanying drawings in the present application are only for the purpose of illustration and description, and are not intended to limit the protection scope of the present application. In addition, it should be understood that the schematic drawings are not drawn to scale. A flowchart, as used in this application, illustrates operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be implemented out of order and that steps without logical context may be performed in reverse order or concurrently. Moreover, one or more other operations may be added to the flow diagrams and one or more operations may be removed from the flow diagrams as directed by those skilled in the art.
In addition, the described embodiments are only some, but not all, of the embodiments of the present application. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that the term "comprising" will be used in the embodiments of the present application to indicate the presence of the features stated hereinafter, but not to exclude the addition of other features.
In view of the technical problems eliminated in the background art, the application provides an intra-domain communication method, device, equipment and medium for video networking, which can improve the safety and convenience of data transmission of an autonomous intra-domain conference.
Referring to fig. 1 of the specification, an intra-domain communication method for an internet of view is provided in an embodiment of the present application, where each autonomous domain in the internet of view deploys an upper integrated management service system and at least one lower integrated management service system, for conference construction and management, and the method includes the following steps:
s1, issuing certificates and checking labels of the upper comprehensive management service system, the lower comprehensive management service system and all terminals governed by the upper comprehensive management service system and the lower comprehensive management service system, and issuing an intra-domain communication key to the upper comprehensive management service system, the lower comprehensive management service system or the terminals which are successfully verified;
s2, determining a comprehensive management service system serving as a main conference place and a comprehensive management service system serving as a sub conference place, encrypting data containing meeting invitation information by using the intra-domain communication key, and sending the encrypted meeting invitation information to the comprehensive management service system serving as the sub conference place from the comprehensive management service system serving as the main conference place;
S3, applying a conference service key by the comprehensive management service system serving as a main conference place, and sending conference starting information and conference service key information to the participant terminal;
and S4, during the conference, completing data encryption communication between the participant terminal and the integrated management service system serving as a main conference site by using the conference service key.
In the embodiment of the present application, the intra-domain communication method for video networking may operate in a terminal device or a server; the terminal device may be local application software, and when the intra-domain communication method for the internet of vision runs on the server, the intra-domain communication method for the internet of vision may be implemented and executed based on a cloud interaction system, where the cloud interaction system at least includes the server and the client device (i.e., application software). Specifically, taking a server as an example, when the intra-domain communication method for the video networking is operated on the server, the integrated management service system and the terminal can be subjected to identity authentication based on a security system of a digital certificate so as to generate an intra-domain communication key, thereby improving the security and convenience of data transmission of an autonomous intra-domain conference.
Referring to fig. 2 of the specification, in step S1, certificates are issued and checked by the upper comprehensive management service system, the lower comprehensive management service system, and all terminals under the jurisdiction of the upper comprehensive management service system and the lower comprehensive management service system, that is, under the scenario of a single autonomous multiple comprehensive management service system, the lower comprehensive management service system needs to acquire rights from the upper comprehensive management service system before running. In the embodiment of the application, a provincial level integrated management service system is used as the upper level integrated management service system, the municipal level integrated management service system is used as a lower level integrated management service system, each autonomous domain is further provided with an intra-domain certificate issuing mechanism, and in the embodiment of the application, a provincial level CA is used as the intra-domain certificate issuing mechanism.
Specifically, the provincial integrated management service system and the municipal integrated management service system firstly complete initial deployment of the respective systems, wherein the provincial integrated management service system has the equipment registration and management capabilities, the municipal integrated management service system only has the equipment management capabilities, and the signature certificates in the municipal integrated management service system are issued by the provincial CA in a unified way. When the rights are distributed, the provincial level integrated management service system platform creates an initial three-member account of the municipal level integrated management service system platform, and distributes the management rights of the related core servers; the city level comprehensive management service system platform uses the account number distributed by the provincial level comprehensive management service system platform to identify the provincial level comprehensive management service system platform; when the identity of the terminal is identified, after the terminal equipment under jurisdiction of the municipal integrated management service system platform sends an identity identification request to the municipal integrated management service system platform, the municipal integrated management service system platform applies for the validity of the certificate for identifying the terminal to the provincial integrated management service system platform, and meanwhile, the validity detection of the terminal user and the password is identified in the municipal integrated management service system platform; and finally, the market-level integrated management service system platform returns the two-factor authentication result of the certificate and the password to the terminal.
The specific principle and steps of issuing and verifying the digital certificate should be technical means well known to those skilled in the art, and will not be described herein. The method and the device are only used for limiting the authority relationship among the integrated management service systems in the scene of single autonomous multiple integrated management service systems, and issuing an intra-domain communication key ZGK to the upper integrated management service system, the lower integrated management service system or the terminal after verification is completed.
In step S2, the upper integrated management service system may be used as a main conference site, or the lower integrated management service system may be used as a main conference site, where the conference control flow of the upper integrated management service system as the main conference site may refer to fig. 3 of the specification, the schematic diagram, and the conference control flow of the lower integrated management service system as the main conference site may refer to fig. 4 of the specification.
When the upper comprehensive management service system is used as a main conference place, firstly, selecting a participant terminal from all terminals governed by the upper comprehensive management service system and/or the lower comprehensive management service system; encrypting data containing meeting invitation information by using the intra-domain communication key ZGK, and sending the encrypted meeting invitation information to all lower-level integrated management service systems corresponding to the participant terminal by the upper-level integrated management service system; wherein, all lower-level comprehensive management service systems corresponding to the participant terminals are comprehensive management service systems of the meeting place;
For example, in an embodiment, when the selected participant terminal includes the under-jurisdictioned terminal of the municipal integrated management service system C1 and the under-jurisdictioned terminal of the municipal integrated management service system C2, the provincial integrated management service system C0 performs local conference reservation on one hand, encrypts the data including the conference invitation information by using the intra-domain communication key ZGK, and sends the encrypted conference invitation information to the municipal integrated management service system C1 and the municipal integrated management service system C2 by the provincial integrated management service system C0, respectively, and after receiving and decrypting the conference invitation information, the municipal integrated management service system C1 and the municipal integrated management service system C2 perform corresponding local conference reservation.
When the lower comprehensive management service system is used as a main conference place, firstly determining the lower comprehensive management service system used as a branch conference place, then encrypting data containing meeting invitation information by using the intra-domain communication key, and transmitting the encrypted meeting invitation information to the lower comprehensive management service system used as the branch conference place by the lower comprehensive management service system used as the main conference place; generating a conference record for log auditing in a lower-level comprehensive management service system serving as a branch conference room; and determining a participant terminal serving as a lower-level integrated management service system of the branch conference site, encrypting data containing participant terminal list information by using the intra-domain communication key, and transmitting the encrypted participant terminal list information to the lower-level integrated management service system serving as the main conference site.
For example, in an embodiment, when the city integrated management service system C1 is used as a main conference place, the determined branch conference place is the city integrated management service system C2, the city integrated management service system C1 performs local conference reservation on one hand, encrypts data including conference invitation information by using the intra-domain communication key ZGK, and transmits the encrypted conference invitation information to the city integrated management service system C2 by the city integrated management service system C1, respectively, the city integrated management service system C2 generates a conference terminal list after receiving and decrypting the conference invitation information, encrypts data including the conference terminal list information by using the intra-domain communication key ZGK, and transmits the encrypted conference terminal list information to the city integrated management service system C1 as the main conference place, and performs local conference reservation.
In step S3, namely after the connection is established between the integrated management service system serving as the main conference site and the integrated management service system serving as the sub conference site, in order to ensure encrypted communication of data in the conference, the integrated management service system serving as the main conference site applies for a conference service key through the upper integrated management service system, and conference start information and conference service key information are sent to the participant terminal.
For example, when the provincial integrated management service system C0 is used as a main conference place to start a conference, the provincial integrated management service system C0 applies a conference service key VKEK to the provincial CA first, and encrypts data including conference start information and conference service key VKEK information by using a communication key NKa between the integrated management service system and a terminal after receiving the conference service key VKEK generated and returned by the provincial CA; wherein NKa is a communication key generated between the integrated management service system and the terminal or during network access authentication of the two-stage integrated management service system; then the encrypted conference starting information and conference service key VKEK information are respectively sent to a conference terminal under the jurisdiction of a municipal integrated management service system C1 and a municipal integrated management service system C2;
when the city level integrated management service system C1 is used as a main conference place to start a conference, the city level integrated management service system C1 firstly applies a conference service key VKEK to a provincial CA through the provincial level integrated management service system C0, and after receiving the conference service key VKEK generated and returned by the provincial level CA, encrypts data containing conference starting information and conference service key VKEK information by utilizing a communication key NKa between the integrated management service system and a terminal; and then the encrypted conference starting information and conference service key VKEK information are respectively sent to the conference terminals under the jurisdictional of the municipal integrated management service system C1 and the municipal integrated management service system C2.
In step S4, the operation signaling and the audio-video stream during the conference are encrypted using the conference service key VKEK set between the integrated management service system as the main conference site and the participant terminal. For example, the participant terminal encrypts data including its terminal status and recording conference information by the conference service key VKEK and transmits to the integrated management service system as a main conference site; or the integrated management service system as a main conference place encrypts the data comprising the switching talker through the conference service key VKEK and sends the encrypted data to the corresponding participant terminal. Therefore, the safety and convenience of the data transmission of the autonomous domain meeting are realized.
In addition, when the conference is stopped, the integrated management service system as the main conference site encrypts data including conference stop information by using the intra-domain communication key ZGK, and transmits the encrypted conference stop information to the integrated management service system as the sub conference site; and after the conference is stopped, encrypting the data containing the log information by using the intra-domain communication key ZGK, and transmitting the encrypted log information to the upper comprehensive management service system by the comprehensive management service system serving as a conference room to realize system data synchronization.
For example, when the provincial level integrated management service system C0 stops a conference as a main conference place, encrypting data containing conference stop information by the provincial level integrated management service system C0 using the intra-domain communication key ZGK, and transmitting the conference stop information after encryption to the municipal level integrated management service system C1 and the municipal level integrated management service system C2; after the conference is stopped, the municipal integrated management service system C1 and the municipal integrated management service system C2 encrypt data including log information using the intra-domain communication key ZGK, and transmit the encrypted log information to the provincial integrated management service system C0.
When the city level integrated management service system C1 is used as a main conference place to stop a conference, the city level integrated management service system C1 encrypts data containing conference stop information by using an intra-domain communication key ZGK, and sends the encrypted conference stop information to the city level integrated management service system C2; after the conference is stopped, the municipal integrated management service system C1 and the municipal integrated management service system C2 encrypt data including log information using the intra-domain communication key ZGK, and transmit the encrypted log information to the provincial integrated management service system C0.
Therefore, according to the intra-domain communication method for the video networking, the integrated management service system and the terminal are subjected to identity authentication by the security system based on the digital certificate, the connection between the integrated management service system and the terminal is quickly established through the intra-domain communication key, and when a meeting is started, the integrated management service system and the terminal are subjected to data encryption transmission through the applied session service key, so that the security and convenience of the intra-autonomous domain conference control data transmission are integrally improved.
Based on the same inventive concept, the embodiment of the present application further provides an intra-domain communication device for video networking, and since the principle of solving the problem by the device in the embodiment of the present application is similar to that of the intra-domain communication method for video networking described in the embodiment of the present application, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.
As shown in fig. 5 of the specification, the present application further provides an intra-domain communication device for an internet of view, where each autonomous domain in the internet of view deploys an upper integrated management service system and at least one lower integrated management service system, for conference construction and management and control, where the device includes:
An intra-domain communication key generation module 501, configured to issue and verify certificates to the upper integrated management service system, the lower integrated management service system, and all terminals under the control of the upper integrated management service system and the lower integrated management service system, and issue an intra-domain communication key to the upper integrated management service system, the lower integrated management service system, or the terminals that are successfully verified;
the meeting invitation module 502 is configured to determine a comprehensive management service system serving as a main meeting place and a comprehensive management service system serving as a sub-meeting place, encrypt data containing meeting invitation information by using the intra-domain communication key, and send the encrypted meeting invitation information to the comprehensive management service system serving as the sub-meeting place from the comprehensive management service system serving as the main meeting place;
a conference service key generating module 503, configured to apply a conference service key by a comprehensive management service system as a main conference site, and send conference start information and conference service key information to a participant terminal;
and the communication module 504 is used for completing data encryption communication between the participant terminal and the integrated management service system serving as a main conference place by using the conference service key during the conference.
In some embodiments, when the upper integrated management service system is used as a main conference place to open a conference, the conference invitation module 502 encrypts data including conference invitation information by using the intra-domain communication key, and sends the encrypted conference invitation information to the integrated management service system used as a sub-conference place by the integrated management service system used as the main conference place, including: selecting a participant terminal from all terminals governed by the upper comprehensive management service system and/or the lower comprehensive management service system; encrypting data containing meeting invitation information by using the intra-domain communication key, and transmitting the encrypted meeting invitation information from the upper comprehensive management service system to all lower comprehensive management service systems corresponding to the participant terminal; wherein, all lower-level comprehensive management service systems corresponding to the participant terminals are comprehensive management service systems of the meeting place; and generating a conference record for log auditing in the lower-level integrated management service system corresponding to the participant terminal.
In some embodiments, when the lower integrated management service system is used as a main conference place to open a conference, the conference invitation module 502 encrypts data including conference invitation information by using the intra-domain communication key, and sends the encrypted conference invitation information to the integrated management service system used as a sub-conference place by the integrated management service system used as the main conference place, including: determining a lower comprehensive management service system serving as a meeting place; encrypting data containing meeting invitation information by using the intra-domain communication key, and sending the encrypted meeting invitation information to a lower-level integrated management service system serving as a branch meeting place by the lower-level integrated management service system serving as a main meeting place; generating a conference record for log auditing in a lower-level comprehensive management service system serving as a branch conference room; and determining a participant terminal serving as a lower-level integrated management service system of the branch conference room, encrypting data containing participant terminal list information by using the intra-domain communication key, and transmitting the encrypted participant terminal list information to the lower-level integrated management service system serving as the main conference room.
In some embodiments, the conference service key generating module 503 applies a conference service key by the integrated management service system as a main conference place, and sends conference start information and conference service key information to the participant terminal, including: applying a conference service key by the comprehensive management service system serving as a main conference place through the upper comprehensive management service system; encrypting data containing conference opening information and conference service key information by using a communication key between the integrated management service system and the terminal; wherein the communication key is generated during network access authentication between the integrated management service system and the terminal; and sending the encrypted conference starting information and conference service key information to a participant terminal.
In some embodiments, each autonomous domain further includes an in-domain certificate authority, and the conference service key generation module 503 applies a conference service key to the in-domain certificate authority through the upper integrated management service system by the integrated management service system as a main conference site.
In some embodiments, the apparatus further comprises:
the sending module is used for encrypting the data containing the conference stop information by utilizing the intra-domain communication key and sending the encrypted conference stop information to the integrated management service system serving as a branch conference place from the integrated management service system serving as a main conference place; and after the conference is stopped, encrypting the data containing the log information by using the intra-domain communication key, and transmitting the encrypted log information to the upper-level integrated management service system by the integrated management service system serving as a branch conference.
In some embodiments, the intra-domain communication key generating module 501 performs signature verification on a terminal under the jurisdiction of the lower-level integrated management service system, including: the terminal sends an identity authentication request to the corresponding lower integrated management service system; the subordinate integrated management service system sends a request for identifying the validity of the terminal certificate to the superior integrated management service system, and the validity of the terminal user password is identified internally; and carrying out identity authentication on the terminal according to a first authentication result sent by the upper comprehensive management service system to the lower comprehensive management service system and a second authentication result obtained by the lower comprehensive management service system.
The intra-domain communication device for the video networking provided by the application performs certificate issuing and signature checking on the upper-level integrated management service system, the lower-level integrated management service system and all terminals governed by the upper-level integrated management service system and the lower-level integrated management service system through an intra-domain communication key generation module, and issues an intra-domain communication key on the upper-level integrated management service system, the lower-level integrated management service system or the terminals after verification is completed; the method comprises the steps that a comprehensive management service system serving as a main conference place and a comprehensive management service system serving as a sub conference place are determined through a conference invitation module, data containing conference invitation information are encrypted by utilizing the intra-domain communication key, and the encrypted conference invitation information is sent to the comprehensive management service system serving as the sub conference place from the comprehensive management service system serving as the main conference place; applying a conference service key by a comprehensive management service system serving as a main conference place through a conference service key generation module, and sending conference starting information and conference service key information to a conference terminal; and completing data encryption communication between the participant terminal and the integrated management service system serving as a main conference place by using the conference service key during the conference through a communication module. Therefore, the security system based on the digital certificate performs identity authentication on the comprehensive management service system and the terminal to generate an intra-domain communication key, and the security and the rapidity of data transmission of the autonomous intra-domain conference are improved.
Based on the same concept of the present invention, fig. 6 of the present disclosure shows a structure of an electronic device 600 according to an embodiment of the present application, where the electronic device 600 includes: at least one processor 601, at least one network interface 604 or other user interface 603, memory 605, at least one communication bus 602. The communication bus 602 is used to enable connected communications between these components. The electronic device 600 optionally includes a user interface 603 including a display (e.g., a touch screen, LCD, CRT, holographic imaging (Holographic) or projection (Projector), etc.), a keyboard or pointing device (e.g., a mouse, trackball, touch pad or touch screen, etc.).
Memory 605 may include read-only memory and random access memory and provide instructions and data to processor 601. A portion of the memory 605 may also include non-volatile random access memory (NVRAM).
In some implementations, the memory 605 stores the following elements, protectable modules or data structures, or a subset thereof, or an extended set thereof:
an operating system 6051 containing various system programs for implementing various basic services and handling hardware-based tasks;
The application program module 6052 includes various application programs such as a desktop (desktop), a Media Player (Media Player), a Browser (Browser), and the like for implementing various application services.
In the embodiment of the present application, the processor 601 is configured to execute steps in a intra-domain communication method, for example, for video networking, by calling a program or an instruction stored in the memory 605, so as to improve security and rapidity of data transmission of an autonomous intra-domain conference.
The present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs steps as in a intra-domain communication method for video networking.
In particular, the storage medium can be a general-purpose storage medium, such as a removable disk, a hard disk, or the like, on which a computer program is executed that is capable of performing the intra-domain communication method for video networking described above.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments provided in the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the foregoing examples are merely illustrative of specific embodiments of the present application, and are not intended to limit the scope of the present application, although the present application is described in detail with reference to the foregoing examples, it will be understood by those skilled in the art that: any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or make equivalent substitutions for some of the technical features within the technical scope of the disclosure of the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the corresponding technical solutions. Are intended to be encompassed within the scope of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of intra-domain communication for the internet of view, wherein each autonomous domain in the internet of view deploys an upper integrated management service system and at least one lower integrated management service system for the construction and management of conferences, the method comprising the steps of:
Issuing and checking certificates for the upper comprehensive management service system, the lower comprehensive management service system and all terminals governed by the upper comprehensive management service system and the lower comprehensive management service system, and issuing an intra-domain communication key for the upper comprehensive management service system, the lower comprehensive management service system or the terminals which are successfully verified;
determining a comprehensive management service system serving as a main conference place and a comprehensive management service system serving as a sub conference place, encrypting data containing meeting invitation information by using the intra-domain communication key, and transmitting the encrypted meeting invitation information to the comprehensive management service system serving as the sub conference place from the comprehensive management service system serving as the main conference place;
applying a conference service key by the comprehensive management service system serving as a main conference site, and sending conference starting information and conference service key information to the participant terminal;
during the conference, the conference service key is used for completing the data encryption communication between the participant terminal and the integrated management service system as the main conference site.
2. The intra-domain communication method for view networking according to claim 1, wherein when the superior integrated management service system opens a conference as a main conference site, data including conference invitation information is encrypted using the intra-domain communication key, and the encrypted conference invitation information is transmitted from the integrated management service system as the main conference site to the integrated management service system as a sub-conference site, comprising the steps of:
Selecting a participant terminal from all terminals governed by the upper comprehensive management service system and/or the lower comprehensive management service system;
encrypting data containing meeting invitation information by using the intra-domain communication key, and transmitting the encrypted meeting invitation information from the upper comprehensive management service system to all lower comprehensive management service systems corresponding to the participant terminal; wherein, all lower-level comprehensive management service systems corresponding to the participant terminals are comprehensive management service systems of the meeting place;
and generating a conference record for log auditing in the lower-level integrated management service system corresponding to the participant terminal.
3. The intra-domain communication method for view networking according to claim 1, wherein when the subordinate integrated management service system opens a conference as a main conference site, data including conference invitation information is encrypted using the intra-domain communication key, and the encrypted conference invitation information is transmitted from the integrated management service system as the main conference site to the integrated management service system as a sub-conference site, comprising the steps of:
determining a lower comprehensive management service system serving as a meeting place;
Encrypting data containing meeting invitation information by using the intra-domain communication key, and sending the encrypted meeting invitation information to a lower-level integrated management service system serving as a branch meeting place by the lower-level integrated management service system serving as a main meeting place;
generating a conference record for log auditing in a lower-level comprehensive management service system serving as a branch conference room;
and determining a participant terminal serving as a lower-level integrated management service system of the branch conference room, encrypting data containing participant terminal list information by using the intra-domain communication key, and transmitting the encrypted participant terminal list information to the lower-level integrated management service system serving as the main conference room.
4. A method for intra-domain communication for view networking according to any one of claims 1 to 3, wherein the integrated management service system as a main conference site applies for a conference service key and transmits conference start information and conference service key information to a participant terminal, comprising the steps of:
applying a conference service key by the comprehensive management service system serving as a main conference place through the upper comprehensive management service system;
encrypting data containing conference opening information and conference service key information by using a communication key between the integrated management service system and the terminal; wherein the communication key is generated during network access authentication between the integrated management service system and the terminal;
And sending the encrypted conference starting information and conference service key information to a participant terminal.
5. The method of claim 4, wherein each autonomous domain further comprises an in-domain certificate authority to which a conference service key is applied by the integrated management service system as a main conference site through the upper integrated management service system.
6. A method of intra-domain communication for video networking as set forth in claim 5, further comprising the steps of:
encrypting data containing conference stop information by using the intra-domain communication key, and transmitting the encrypted conference stop information to a comprehensive management service system serving as a branch conference place by using the comprehensive management service system serving as a main conference place;
and after the conference is stopped, encrypting the data containing the log information by using the intra-domain communication key, and transmitting the encrypted log information to the upper-level integrated management service system by the integrated management service system serving as a branch conference.
7. The intra-domain communication method for view networking according to claim 6, wherein the terminal under the jurisdiction of the subordinate integrated management service system is checked by the following method, comprising the following steps:
The terminal sends an identity authentication request to the corresponding lower integrated management service system;
the subordinate integrated management service system sends a request for identifying the validity of the terminal certificate to the superior integrated management service system, and the validity of the terminal user password is identified internally;
and carrying out identity authentication on the terminal according to a first authentication result sent by the upper comprehensive management service system to the lower comprehensive management service system and a second authentication result obtained by the lower comprehensive management service system.
8. An intra-domain communication device for use in the internet of view, wherein each autonomous domain in the internet of view deploys an upper level integrated management service system and at least one lower level integrated management service system for the construction and management of conferences, the device comprising:
the intra-domain communication key generation module is used for issuing and checking certificates for the upper comprehensive management service system, the lower comprehensive management service system and all terminals governed by the upper comprehensive management service system and the lower comprehensive management service system, and issuing an intra-domain communication key for the upper comprehensive management service system, the lower comprehensive management service system or the terminals which are successfully verified;
The conference invitation module is used for determining a comprehensive management service system serving as a main conference place and a comprehensive management service system serving as a sub conference place, encrypting data containing conference invitation information by utilizing the intra-domain communication key, and transmitting the encrypted conference invitation information to the comprehensive management service system serving as the sub conference place from the comprehensive management service system serving as the main conference place;
the conference service key generation module is used for applying a conference service key by the comprehensive management service system serving as a main conference place and sending conference starting information and conference service key information to the participant terminal;
and the communication module is used for completing data encryption communication between the participant terminal and the integrated management service system serving as a main conference place by utilizing the conference service key during the conference.
9. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating over the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the steps of the intra-domain communication method for video networking of any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, performs the steps of the intra-domain communication method for video networking as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311745840.6A CN117714171A (en) | 2023-12-18 | 2023-12-18 | Intra-domain communication method, device, equipment and medium for video networking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311745840.6A CN117714171A (en) | 2023-12-18 | 2023-12-18 | Intra-domain communication method, device, equipment and medium for video networking |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117714171A true CN117714171A (en) | 2024-03-15 |
Family
ID=90144057
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311745840.6A Pending CN117714171A (en) | 2023-12-18 | 2023-12-18 | Intra-domain communication method, device, equipment and medium for video networking |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117714171A (en) |
-
2023
- 2023-12-18 CN CN202311745840.6A patent/CN117714171A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102440626B1 (en) | Digital certificate management methods, devices, computer devices and storage media | |
| US11115418B2 (en) | Registration and authorization method device and system | |
| US20200068394A1 (en) | Authentication of phone caller identity | |
| US20090154707A1 (en) | Method and system for distributing group key in video conference system | |
| US10742426B2 (en) | Public key infrastructure and method of distribution | |
| CN101534192B (en) | System used for providing cross-domain token and method thereof | |
| EP2391083A1 (en) | Method for realizing authentication center and authentication system | |
| CN111131336B (en) | Resource access method, device, equipment and storage medium under multi-party authorization scene | |
| CN104883367A (en) | Method for auxiliary verification login, system, and application client | |
| CN113515756B (en) | High-credibility digital identity management method and system based on block chain | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| US20090216837A1 (en) | Secure reservationless conferencing | |
| CN111563734A (en) | Digital asset transfer method and device, electronic equipment and storage medium | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN113993127B (en) | Method and device for realizing one-key login service | |
| CN110933112A (en) | Network access authentication method, device and storage medium | |
| CN116743713B (en) | Remote online paperless conference method and device based on Internet of things | |
| CN113328854A (en) | Service processing method and system based on block chain | |
| Gollmann et al. | Authentication services in distributed systems | |
| CN114158046B (en) | Method and device for realizing one-key login service | |
| CN116204914A (en) | Trusted privacy computing method, device, equipment and storage medium | |
| CN117714171A (en) | Intra-domain communication method, device, equipment and medium for video networking | |
| CN115001714A (en) | Resource access method and device, electronic equipment and storage medium | |
| CN104113511A (en) | IMS network access method, system, and correlative device | |
| CN117792717A (en) | Inter-autonomous cascade method, device, equipment and medium for video networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |