WO2009094812A1 - Method and apparatus for implementing the security of point to point media stream - Google Patents

Method and apparatus for implementing the security of point to point media stream Download PDF

Info

Publication number
WO2009094812A1
WO2009094812A1 PCT/CN2008/000624 CN2008000624W WO2009094812A1 WO 2009094812 A1 WO2009094812 A1 WO 2009094812A1 CN 2008000624 W CN2008000624 W CN 2008000624W WO 2009094812 A1 WO2009094812 A1 WO 2009094812A1
Authority
WO
WIPO (PCT)
Prior art keywords
media stream
media
security
plane
security parameter
Prior art date
Application number
PCT/CN2008/000624
Other languages
French (fr)
Chinese (zh)
Inventor
Yinxing Wei
Zhimeng Teng
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2009094812A1 publication Critical patent/WO2009094812A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks

Definitions

  • the present invention relates to the field of communications, and in particular to a method and apparatus for implementing media stream security for end-to-end (ie, user-to-user, Point To Point, P2P).
  • end-to-end ie, user-to-user, Point To Point, P2P.
  • IPTV Internet Protocol Television
  • VoIP Voice over IP
  • Media stream security protects user-side data (such as video, voice, pictures, text, etc.) to prevent unauthorized users from accessing the data illegally.
  • Media stream security is a value-added service of the network; in addition, the security requirements of the media stream involving user privacy also require the network to provide corresponding security.
  • NTN Next Generation Network
  • media stream security is a basic requirement.
  • the NGN network should be able to guarantee the confidentiality and integrity of the transmitted media stream.
  • the media stream security here refers to cryptographic security, that is to say, using cryptographic protection technologies (such as integrity protection, encryption protection), the attacker cannot decipher the protected media stream data with limited resources.
  • the implementation method of media stream security is: negotiation and allocation of keys and security parameters required by network devices to participate in media stream security. This reduces the security of end-to-end media stream transmission.
  • An implementation method and apparatus for end-to-end media stream security can solve the problem that the prior art cannot provide security protection for end-to-end media streams.
  • an end-to-end scheme is provided.
  • the method for implementing the media stream security includes the following steps: the first end and the second end establish a session including a signaling plane; the first end and the second end negotiate security parameters on the signaling plane; and the security parameter is transmitted from the signaling plane To the media side; and using the security parameters to protect the end-to-end media stream on the media side between the first end and the second end.
  • the security parameters include: a key, a key length, and a security algorithm.
  • the channel for negotiating security parameters between the first end and the second end on the signaling plane includes: negotiating through a signaling channel, or negotiating through a special key management protocol.
  • the use of the security parameter to protect the end-to-end media stream on the media plane between the first end and the second end comprises: encrypting the media stream with a security parameter before sending the media stream on the media plane; and receiving the media on the media plane The stream is then decrypted using the security parameters.
  • the use of the security parameter to protect the end-to-end media stream on the media plane between the first end and the second end comprises: performing integrity protection on the media stream with security parameters before sending the media stream on the media plane; After the media side receives the media stream, it uses the security parameters to perform an integrity check on the media stream.
  • the session including the signaling plane includes: a session following the session initial protocol; a session following the session description protocol.
  • the first end and the second end use a secure real-time transport protocol and an associated key management protocol on the signaling plane to negotiate security parameters.
  • an apparatus for implementing end-to-end media stream security including: an establishing module, configured to establish a session including a signaling plane by the first end and the second end; and a negotiation module, The first end and the second end are used to negotiate a security parameter on the signaling plane; the delivery module transmits the security parameter from the signaling plane to the media plane; and the protection module is configured to protect the first end and the second by using the security parameter End-to-end media streaming between the ends on the media side.
  • the protection module specifically includes: an encryption unit, configured to encrypt the media stream with a security parameter before the media plane sends the media stream; and a decryption unit, configured to decrypt the media stream by using the security parameter after the media plane receives the media stream.
  • the protection module specifically includes: an integrity protection unit, configured to perform integrity protection on the media stream by using a security parameter before the media plane sends the media stream; and an integrity checking unit, configured to use after the media plane receives the media stream
  • the security parameters perform an integrity check on the media stream.
  • FIG. 1 is a flow chart showing an implementation method for end-to-end media stream security according to an embodiment of the present invention
  • FIG. 2 is a block diagram showing an end-to-end media stream security according to an embodiment of the present invention
  • FIG. 3 illustrates a media flow security parameter negotiation process based on a secure signaling path according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a media flow security parameter delivery based on a secure signaling path according to an embodiment of the present invention
  • 5 shows a media stream security parameter negotiation process based on a key management protocol according to an embodiment of the present invention
  • FIG. 6 shows a flow chart of media stream security parameter delivery based on a key management protocol according to an embodiment of the present invention
  • a diagram of an apparatus for implementing end-to-end media stream security in accordance with an embodiment of the present invention is shown.
  • Step S10 A first end and a second end establish a session including a signaling plane; Step S20, the first end and the second end negotiate security parameters on the signaling plane; Step S30, the security parameter is transmitted from the signaling plane to the media plane; and in step S40, the first end and the second end are protected by using the security parameter.
  • Step S10 A first end and a second end establish a session including a signaling plane; Step S20, the first end and the second end negotiate security parameters on the signaling plane; Step S30, the security parameter is transmitted from the signaling plane to the media plane; and in step S40, the first end and the second end are protected by using the security parameter.
  • End-to-end on the media side Media stream End-to-end on the media side Media stream.
  • the communication between the first end and the second end is a media flow from the user to the user.
  • the implementation method proposes that the communication between the first end and the second end directly negotiates the security parameters through the signaling plane, thereby implementing security protection for the end-to-end media stream.
  • the security parameters include: a key, a key length, and a security algorithm.
  • the first end and the second end negotiating the security parameters on the signaling plane include: negotiating through a signaling channel, or negotiating through a special key management protocol.
  • the signaling plane notifies the media plane to perform secure communication; and the security parameter is transmitted to the media plane;
  • Step S40 specifically includes: encrypting the media stream with the security parameter before sending the media stream on the media plane; and after receiving the media stream on the media plane Decrypt the media stream using security parameters.
  • the method further includes: the first end and the second end use the security parameter to perform integrity protection and checking on the end-to-end media stream between the first end and the second end.
  • the above protections are all cryptographic protection.
  • the security mechanism is more complete.
  • the communication plane is notified by the signaling plane to perform secure communication; 4 bar security parameters are transmitted to the media plane; Step S40 specifically includes: performing integrity protection on the media stream with security parameters before sending the media stream on the media plane; The media stream is integrity checked using security parameters after receiving the media stream.
  • the session including the signaling plane includes at least one of the following: a session following a session initial protocol; a session following a session description protocol.
  • the first end and the second end use a secure real-time transport protocol and an associated key management protocol on the signaling plane to negotiate security parameters.
  • the session protocols and security protocols that can be employed are given here, and the specific practices of the embodiments of the present invention can be performed by using these protocols.
  • the foregoing embodiment provides an implementation method for end-to-end media stream security in the NGN. The method has the following features: (1) The network does not need to participate in the distribution of key materials and security parameters, and the end user directly completes the foregoing process; (2) Meet the security needs of users' privacy.
  • Figure 2 shows the modules that implement media stream security and the connections between modules in an end-to-end scenario.
  • the user negotiates security parameters through the signaling plane, and the security parameters are transmitted from the signaling plane to the media plane, and the data is transmitted securely on the media plane.
  • the signaling protocol establishes a call session between two users, the key management protocol negotiates security parameters, the media stream protocol performs media encoding and decoding, and the secure media streaming protocol is used to encrypt/decrypt the media stream.
  • the key management protocol is notified by the signaling protocol and passed to the secure media streaming protocol by the key management protocol.
  • End-to-end secure communication can be achieved without the network participating in key distribution.
  • the following is the Session Initiation Protocol (SIP), the Session Description Protocol (SDP), the Secure Real-time Transport Protocol (SRTP), and the related key management protocol.
  • SIP Session Initiation Protocol
  • SDP Session Description Protocol
  • SRTP Secure Real-time Transport Protocol
  • This example illustrates the specific implementation of end-to-end media stream security.
  • Secure RTP (SRTP, Secure RTP) provides security services for RTP.
  • MKI Master Key Identifier
  • the MKI is defined, signaled, and used by the signaling management protocol.
  • a message authentication code (MAC) is used to carry authentication data.
  • FIG. 3 is a media flow security parameter negotiation process based on a secure signaling path.
  • the method relies on a secure signaling path (eg, SIPS) to protect the keys exchanged in the signaling can be seen as a "key management protocol" embedded in the secure signaling protocol.
  • SIPS Secure SIP Signaling Channel
  • FIG. 4 is a media flow security parameter delivery process based on a secure signaling path.
  • the method transmits the security parameter 330 negotiated on the SIPS secure signaling channel 320 to the media plane 310 on the signaling plane 300.
  • the SRTP protocol 340 resides in the security parameter.
  • FIG. 5 is a media stream security parameter negotiation process based on a key management protocol.
  • the process key management protocol (such as MIKEY) establishes a security association for a security protocol (such as SRTP), and the MIKEY message is transmitted along the SIP signaling path, and is in the SDP. incidentally.
  • a MIKEY message contains one or more keys and a set of parameters required by a security protocol, such as the encryption and authentication algorithms used.
  • KEYMGT is able to establish end-to-end security for media streams and is independent of signaling protection. This method requires the endpoint to have a pre-configured key or public safety infrastructure.
  • the two SIP User Agents 400 and 410 establish a session with SIP signaling 420 through the corresponding SIP Proxy Servers 430 and 440, respectively, and the MIKEY Key Management Protocol 450 prepares security parameters for the SRTP Media Stream 460.
  • FIG. 6 is a media stream security parameter delivery process based on a key management protocol.
  • the method transmits the security parameter 530 to the MIKEY key management protocol 540 via the SIP signaling protocol 520 on the signaling plane 500.
  • the result of the security parameter negotiation by the MIKEY The 550 is passed to the media plane 510, and the SRTP protocol 560 secures the media stream based on security parameters.
  • FIG. 7 is a block diagram of an apparatus for implementing end-to-end media stream security according to an embodiment of the present invention, including: an establishing module 10, configured to establish a session including a signaling plane by a first end and a second end; 20, the first end and the second end are used to negotiate a security parameter on the signaling plane; the delivery module 30 is configured to transmit the security parameter from the signaling plane to the media plane, and the protection module 40 is configured to use the security parameter to protect An end-to-end media stream on the media surface between the first end and the second end.
  • an establishing module 10 configured to establish a session including a signaling plane by a first end and a second end
  • 20, the first end and the second end are used to negotiate a security parameter on the signaling plane
  • the delivery module 30 is configured to transmit the security parameter from the signaling plane to the media plane
  • the protection module 40 is configured to use the security parameter to protect An end-to-end media stream on the media surface between the first end and the second end.
  • the protection module 40 specifically includes: an encryption unit, configured to encrypt the media stream with a security parameter before the media plane sends the media stream; and a decryption unit, configured to decrypt the media stream by using the security parameter after the media plane receives the media stream.
  • the protection module 40 specifically includes: an integrity protection unit, configured to perform integrity protection on the media stream by using a security parameter before the media plane sends the media stream; and an integrity checking unit, configured to: after receiving the media stream on the media plane Use the security parameters to perform an integrity check on the media stream.
  • the communication between the first end and the second end is a media flow from the user to the user.
  • the implementation device proposes that the communication between the first end and the second end directly negotiates the security parameters through the signaling plane, thereby providing security protection for the end-to-end media stream.
  • the present invention proposes an end-to-end media stream security implementation method and apparatus in NGN, which has the following features: (1) does not require network participation key material and security parameter allocation, directly by The end user completes the above process; (2) meets the security needs of the user's privacy.
  • the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method and apparatus for implementing the security of point to point media stream are provided. The method includes the following steps: the first terminal and the second terminal establish a session including the signaling layer; the first terminal and the second terminal negotiate about the security parameters in the signaling layer; the security parameters are transferred from the signaling layer to the media layer; and the point to point media stream in the media layer between the first terminal and the second terminal is protected using the security parameters. The invention can provide security protection for the point to point mediastream.

Description

用于端到端的媒体流安全的  For end-to-end media streaming security
实现方法和装置 技术领域 本发明涉及通信领域,具体而言,涉及一种用于端到端(即用户到用户, Point To Point, P2P ) 的媒体流安全的实现方法和装置。 背景技术 随着基于 IP的电视 ( IPTV, Internet Protocol Television ) 的兴起和基于 IP的语音 ( VoIP , Voice over IP )技术的广泛应用, 媒体流安全变得越来越 重要。 媒体流安全就是对用户面的数据 (如视频、 话音、 图片、 文本等) 进 行保护, 以防止未授权的用户非法地访问这些数据。 媒体流安全是一种网络 的增值业务; 此外媒体流中涉及用户隐私的安全需求也要求网络提供相应的 安全。 在下一«网络(NGN, Next Generation Network ) 中, 媒体流安全是一 项基本需求。 NGN网络应该能够保证传输的媒体流的机密性和完整性。 这里 的媒体流安全是指密码学意义上的安全,也就是说采用密码学的保护技术(如 完整性保护、加密保护), 攻击者无法在有限资源的情况下破译被保护的媒体 流数据„ 目前媒体流安全的实现方法是:由网络设备参与媒体流安全所需要的密 钥和安全参数的协商与分配。 这降低了端到端媒体流传输的安全性。 发明内容 本发明旨在提供一种用于端到端的媒体流安全的实现方法和装置,能够 解决现有技术不能为端到端的媒体流提供安全保护的问题。 在本发明的实施例中, 提供了一种用于端到端的媒体流安全的实现方 法, 包括以下步骤: 第一端与第二端建立包括信令面的会话; 第一端与第二 端在信令面上协商安全参数; 将安全参数从信令面传递到媒体面; 以及使用 安全参数保护第一端与第二端之间在媒体面上的端到端的媒体流。 优选的, 安全参数包括: 密钥、 密钥长度、 和安全算法。 优选的, 第一端与第二端在信令面上协商安全参数的通道具体包括: 通 过信令通道来协商, 或者通过专门的密钥管理协议来协商。 优选的,使用安全参数保护第一端与第二端之间在媒体面上的端到端的 媒体流具体包括: 在媒体面发送媒体流之前先用安全参数加密媒体流; 以及 在媒体面接收媒体流之后使用安全参数解密媒体流。 优选的,使用安全参数保护第一端与第二端之间在媒体面上的端到端的 媒体流具体包括: 在媒体面发送媒体流之前先用安全参数对媒体流进行完整 性保护; 以及在媒体面接收媒体流之后使用安全参数对媒体流进行完整性检 查。 优选的, 包括信令面的会话包括: 遵循会话初始协议的会话; 遵循会话 描述协议的会话。 优选的,第一端与第二端在信令面上采用安全实时传输协议和相关的密 钥管理协议来协商安全参数。 在本发明的实施例中,还提供了一种用于端到端的媒体流安全的实现装 置, 包括: 建立模块, 用于第一端与第二端建立包括信令面的会话; 协商模 块, 用于第一端与第二端在信令面上协商安全参数; 传递模块, 将安全参数 从信令面传递到媒体面; 以及保护模块, 用于使用安全参数保护在第一端与 第二端之间在媒体面上的端到端的媒体流。 优选的, 保护模块具体包括: 加密单元, 用于在媒体面发送媒体流之前 先用安全参数加密媒体流; 以及解密单元, 用于在媒体面接收媒体流之后使 用安全参数解密媒体流。 优选的, 保护模块具体包括: 完整性保护单元, 用于在媒体面发送媒体 流之前先用安全参数对媒体流进行完整性保护; 以及完整性检查单元, 用于 在媒体面接收媒体流之后使用安全参数对媒体流进行完整性检查。 上述实施例的实现方法和实现装置提出由第一端与第二端通信双方直 接通过信令面协商安全参数, 从而实现了对端到端的媒体流提供安全保护。 附图说明 此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1 示出了根据本发明实施例的用于端到端的媒体流安全的实现方法 的流程图; 图 2示出了根据本发明实施例的端到端媒体流安全框图; 图 3 示出了根据本发明实施例的基于安全信令路径的媒体流安全参数 协商过程; 图 4 示出了根据本发明实施例的基于安全信令路径的媒体流安全参数 传递流程图; 图 5 示出了根据本发明实施例的基于密钥管理协议的媒体流安全参数 协商过程; 图 6 示出了根据本发明实施例的基于密钥管理协议的媒体流安全参数 传递流程图; 图 7 示出了根据本发明实施例的用于端到端的媒体流安全的实现装置 的方^ ^图。 具体实施方式 下面将参考附图并结合实施例, 来详细说明本发明。 图 1 示出了 居本发明实施例的用于端到端的媒体流安全的实现方法 的流程图, 包 4舌以下步骤: 步骤 S10, 第一端与第二端建立包括信令面的会话; 步骤 S20, 第一端与第二端在信令面上协商安全参数; 步骤 S30, 将安全参数从信令面传递到媒体面; 以及 步骤 S40, 使用安全参数保护第一端与第二端之间在媒体面上的端到端 的媒体流。 上述第一端与第二端之间的通信就是用户到用户的媒体流。本实现方法 提出由第一端与第二端通信双方直接通过信令面协商安全参数, 从而实现了 对端到端的媒体流提供安全保护。 优选的, 安全参数包括: 密钥、 密钥长度、 和安全算法。 优选的, 第一端与第二端在信令面上协商安全参数具体包括: 通过信令 通道来协商, 或者通过专门的密钥管理协议来协商。 优选的,由信令面通知媒体面进行安全通信;把安全参数传递到媒体面; 步骤 S40具体包括: 在媒体面发送媒体流之前先用安全参数加密媒体流; 以 及在媒体面接收媒体流之后使用安全参数解密媒体流。 优选的, 还包括: 第一端与第二端使用安全参数对在第一端与第二端之 间的端到端的媒体流进行完整性保护和检查。 以上的保护都是加密保护, 这 里加入了完整性保护之后, 安全机制就更加健全。 优选的,由信令面通知媒体面进行安全通信; 4巴安全参数传递到媒体面; 步骤 S40具体包括: 在媒体面发送媒体流之前先用安全参数对媒体流进行完 整性保护; 以及在媒体面接收媒体流之后使用安全参数对媒体流进行完整性 检查。 优选的, 包括信令面的会话包括以下至少一种: 遵循会话初始协议的会 话; 遵循会话描述协议的会话。 优选的, 第一端与第二端在信令面上采用安 全实时传输协议和相关的密钥管理协议来协商安全参数。 这里给出了可以采 用的会话协议和安全协议,利用这些协议可以进行本发明实施例的具体实践。 上述实施例给出了在 NGN中端到端的媒体流安全的实现方法, 该方法 具有以下特点: ( 1 ) 不需要网络参与密钥材料和安全参数的分配, 直接由最 终用户来完成上述过程; ( 2 ) 满足用户隐私的安全需求。 图 2是端到端情况下实现媒体流安全的模块以及模块之间的联系。当用 户 1 100 (即第一端) 与用户 2 110 (即第二端) 进行安全通信时, 在信令面 160上通过信令协议模块 120在通信双方建立会话, 通过密钥管理协议模块 130在用户间协商安全参数(如密钥、 密钥长度、 密码算法等), 这些安全参 数然后从信令面 160传递到媒体面 170。 在用户面上, 用户 100数据通过媒 体流协议模块 150进行编码, 然后通过安全媒体流协议模块 140进行完整性 保护与加密保护,这些数据可以通过不安全的信道安全地传输到用户 110上, 用户 110然后对这些数据进行完整性检查和解密。 这样就实现了端到端的媒 体流安全。 对图 2的进一步说明如下: The present invention relates to the field of communications, and in particular to a method and apparatus for implementing media stream security for end-to-end (ie, user-to-user, Point To Point, P2P). BACKGROUND With the rise of Internet Protocol Television (IPTV) and the widespread use of Voice over IP (VoIP) technology, media stream security is becoming more and more important. Media stream security protects user-side data (such as video, voice, pictures, text, etc.) to prevent unauthorized users from accessing the data illegally. Media stream security is a value-added service of the network; in addition, the security requirements of the media stream involving user privacy also require the network to provide corresponding security. In the next Next Generation Network (NGN), media stream security is a basic requirement. The NGN network should be able to guarantee the confidentiality and integrity of the transmitted media stream. The media stream security here refers to cryptographic security, that is to say, using cryptographic protection technologies (such as integrity protection, encryption protection), the attacker cannot decipher the protected media stream data with limited resources. At present, the implementation method of media stream security is: negotiation and allocation of keys and security parameters required by network devices to participate in media stream security. This reduces the security of end-to-end media stream transmission. SUMMARY OF THE INVENTION An implementation method and apparatus for end-to-end media stream security can solve the problem that the prior art cannot provide security protection for end-to-end media streams. In an embodiment of the present invention, an end-to-end scheme is provided. The method for implementing the media stream security includes the following steps: the first end and the second end establish a session including a signaling plane; the first end and the second end negotiate security parameters on the signaling plane; and the security parameter is transmitted from the signaling plane To the media side; and using the security parameters to protect the end-to-end media stream on the media side between the first end and the second end. Preferably, the security parameters include: a key, a key length, and a security algorithm. Preferably, the channel for negotiating security parameters between the first end and the second end on the signaling plane includes: negotiating through a signaling channel, or negotiating through a special key management protocol. Preferably, the use of the security parameter to protect the end-to-end media stream on the media plane between the first end and the second end comprises: encrypting the media stream with a security parameter before sending the media stream on the media plane; and receiving the media on the media plane The stream is then decrypted using the security parameters. Preferably, the use of the security parameter to protect the end-to-end media stream on the media plane between the first end and the second end comprises: performing integrity protection on the media stream with security parameters before sending the media stream on the media plane; After the media side receives the media stream, it uses the security parameters to perform an integrity check on the media stream. Preferably, the session including the signaling plane includes: a session following the session initial protocol; a session following the session description protocol. Preferably, the first end and the second end use a secure real-time transport protocol and an associated key management protocol on the signaling plane to negotiate security parameters. In an embodiment of the present invention, an apparatus for implementing end-to-end media stream security is further provided, including: an establishing module, configured to establish a session including a signaling plane by the first end and the second end; and a negotiation module, The first end and the second end are used to negotiate a security parameter on the signaling plane; the delivery module transmits the security parameter from the signaling plane to the media plane; and the protection module is configured to protect the first end and the second by using the security parameter End-to-end media streaming between the ends on the media side. Preferably, the protection module specifically includes: an encryption unit, configured to encrypt the media stream with a security parameter before the media plane sends the media stream; and a decryption unit, configured to decrypt the media stream by using the security parameter after the media plane receives the media stream. Preferably, the protection module specifically includes: an integrity protection unit, configured to perform integrity protection on the media stream by using a security parameter before the media plane sends the media stream; and an integrity checking unit, configured to use after the media plane receives the media stream The security parameters perform an integrity check on the media stream. The implementation method and the implementation device of the foregoing embodiment propose that the communication between the first end and the second end directly negotiates the security parameters through the signaling plane, thereby providing security protection for the end-to-end media stream. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a flow chart showing an implementation method for end-to-end media stream security according to an embodiment of the present invention; FIG. 2 is a block diagram showing an end-to-end media stream security according to an embodiment of the present invention; FIG. 3 illustrates a media flow security parameter negotiation process based on a secure signaling path according to an embodiment of the present invention; FIG. 4 is a flowchart of a media flow security parameter delivery based on a secure signaling path according to an embodiment of the present invention; 5 shows a media stream security parameter negotiation process based on a key management protocol according to an embodiment of the present invention; FIG. 6 shows a flow chart of media stream security parameter delivery based on a key management protocol according to an embodiment of the present invention; A diagram of an apparatus for implementing end-to-end media stream security in accordance with an embodiment of the present invention is shown. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings in conjunction with the embodiments. FIG. 1 is a flowchart of a method for implementing end-to-end media stream security according to an embodiment of the present invention. The following steps are performed: Step S10: A first end and a second end establish a session including a signaling plane; Step S20, the first end and the second end negotiate security parameters on the signaling plane; Step S30, the security parameter is transmitted from the signaling plane to the media plane; and in step S40, the first end and the second end are protected by using the security parameter. End-to-end on the media side Media stream. The communication between the first end and the second end is a media flow from the user to the user. The implementation method proposes that the communication between the first end and the second end directly negotiates the security parameters through the signaling plane, thereby implementing security protection for the end-to-end media stream. Preferably, the security parameters include: a key, a key length, and a security algorithm. Preferably, the first end and the second end negotiating the security parameters on the signaling plane include: negotiating through a signaling channel, or negotiating through a special key management protocol. Preferably, the signaling plane notifies the media plane to perform secure communication; and the security parameter is transmitted to the media plane; Step S40 specifically includes: encrypting the media stream with the security parameter before sending the media stream on the media plane; and after receiving the media stream on the media plane Decrypt the media stream using security parameters. Preferably, the method further includes: the first end and the second end use the security parameter to perform integrity protection and checking on the end-to-end media stream between the first end and the second end. The above protections are all cryptographic protection. After the integrity protection is added, the security mechanism is more complete. Preferably, the communication plane is notified by the signaling plane to perform secure communication; 4 bar security parameters are transmitted to the media plane; Step S40 specifically includes: performing integrity protection on the media stream with security parameters before sending the media stream on the media plane; The media stream is integrity checked using security parameters after receiving the media stream. Preferably, the session including the signaling plane includes at least one of the following: a session following a session initial protocol; a session following a session description protocol. Preferably, the first end and the second end use a secure real-time transport protocol and an associated key management protocol on the signaling plane to negotiate security parameters. The session protocols and security protocols that can be employed are given here, and the specific practices of the embodiments of the present invention can be performed by using these protocols. The foregoing embodiment provides an implementation method for end-to-end media stream security in the NGN. The method has the following features: (1) The network does not need to participate in the distribution of key materials and security parameters, and the end user directly completes the foregoing process; (2) Meet the security needs of users' privacy. Figure 2 shows the modules that implement media stream security and the connections between modules in an end-to-end scenario. When the user 1 100 (ie, the first end) and the user 2 110 (ie, the second end) perform secure communication, a session is established on the signaling plane 160 by the signaling protocol module 120 on both sides of the communication, through the key management protocol module 130. Security parameters (such as keys, key lengths, cryptographic algorithms, etc.) are negotiated between users, which are then passed from the signaling plane 160 to the media plane 170. On the user side, the user 100 data passes through the medium. The body stream protocol module 150 encodes and then performs integrity protection and encryption protection through the secure media stream protocol module 140, which can be securely transmitted to the user 110 over an unsecured channel, and the user 110 then performs integrity checks on the data. And decryption. This achieves end-to-end media stream security. Further explanation of Figure 2 is as follows:
( 1 ) 对端到端的媒体流安全, 用户通过信令面协商安全参数, 安全参 数从信令面传递到媒体面, 在媒体面上安全地传输数据。 (1) For end-to-end media stream security, the user negotiates security parameters through the signaling plane, and the security parameters are transmitted from the signaling plane to the media plane, and the data is transmitted securely on the media plane.
( 2 )信令协议在两个用户间建立呼叫会话, 密钥管理协议协商安全参 数, 媒体流协议进行媒体的编解码, 安全媒体流协议用来加密 /解密媒体流。 其中, 密钥管理协议由信令协议通知并由密钥管理协议 ·!巴安全参数传递给安 全媒体流协议。 (2) The signaling protocol establishes a call session between two users, the key management protocol negotiates security parameters, the media stream protocol performs media encoding and decoding, and the secure media streaming protocol is used to encrypt/decrypt the media stream. The key management protocol is notified by the signaling protocol and passed to the secure media streaming protocol by the key management protocol.
( 3 ) 在网络不参与密钥分配的情况下就可以实现端到端的安全通信。 下面以会话初始协议 ( SIP, Session Initiation Protocol ). 会话描述协议 ( SDP , Session Description Protocol )、 安全实时传输十办议 ( SRTP, Secure Real-time Transport Protocol ) 和相关的密钥管理+办议为例来说明端到端的媒 体流安全具体的实现方法。 安全 RTP ( SRTP, Secure RTP )为 RTP提供了安全服务, SRTP数据包 中, 主密钥标识符 (MKI, Master Key Identifier ) 标识主密钥, 会话密钥从 主密钥导出, 用于认证和加密数据包。 MKI由信令管理协议定义、 信令通知 和使用。 消息认证码(MAC, Message Authentication Code )用于携带认证数 据。 图 3基于安全信令路径的媒体流安全参数协商过程, 该过程在 SDP中 增加了新的属性 "a=crypto" 来协商 SRTP媒体流 250的安全参数, 该方法依 赖安全的信令路径(如 SIPS )来保护在信令中交换的密钥, 可以看作一个嵌 入在安全信令协议中的 "密钥管理协议 "。 两个 SIP用户代理 200和 210为 SRTP媒体流 250准备密钥材料,通过安全 SIP信令通道( SIPS, SIP over TLS ) 220来传递 SDP数据, 密钥以明文方式在 SDP中传输。 图 4 基于安全信令路径的媒体流安全参数传递过程, 该方法在信令面 300上, 把 SIPS安全信令通道 320上协商的安全参数 330传递到媒体面 310 上, SRTP协议 340 居安全参数对媒体流进行安全保护。 图 5基于密钥管理协议的媒体流安全参数协商过程,该过程密钥管理协 议 (如 MIKEY ) 为安全协议 (如 SRTP ) 建立安全关联, MIKEY消息沿着 SIP信令路径传输, 并且在 SDP中捎带。 KEYMGT在 SDP中定义了一个扩 展 "a=key-mgmt"来携带由密钥管理协议(如 MIKEY )指定的消息。 MIKEY 消息包含一个或多个密钥和一组安全协议需要的参数, 如使用的加密和认证 算法。 KEYMGT 能够为媒体流建立端到端的安全并且与信令保护无关。 该 方法要求端点有预先配置的密钥或公共安全基础设施。两个 SIP用户代理 400 和 410分别通过对应的 SIP代理服务器 430和 440利用 SIP信令 420建立会 话, MIKEY密钥管理协议 450为 SRTP媒体流 460准备安全参数。 图 6 基于密钥管理协议的媒体流安全参数传递过程, 该方法在信令面 500上, 通过 SIP信令协议 520把安全参数 530传递到 MIKEY密钥管理协 议 540, MIKEY把安全参数协商的结果 550传递到媒体面 510上, SRTP协 议 560根据安全参数对媒体流进行安全保护。 图 7 示出了根据本发明实施例的用于端到端的媒体流安全的实现装置 的方框图, 包括: 建立模块 10, 用于第一端与第二端建立包括信令面的会话; 协商模块 20, 用于第一端与第二端在信令面上协商安全参数; 传递模块 30, 用于将安全参数从信令面传递到媒体面, 以及 保护模块 40, 用于使用安全参数保护在第一端与第二端之间在媒体面 上的端到端的媒体流。 优选的, 保护模块 40具体包括: 加密单元, 用于在媒体面发送媒体流 之前先用安全参数加密媒体流; 以及解密单元, 用于在媒体面接收媒体流之 后使用安全参数解密媒体流。 优选的, 保护模块 40具体包括: 完整性保护单元, 用于在媒体面发送 媒体流之前先用安全参数对媒体流进行完整性保护; 以及完整性检查单元, 用于在媒体面接收媒体流之后使用安全参数对媒体流进行完整性检查。 上述第一端与第二端之间的通信就是用户到用户的媒体流。本实现装置 提出由第一端与第二端通信双方直接通过信令面协商安全参数, 从而实现了 对端到端的媒体流提供安全保护。 从以上的描述中, 可以看出, 本发明提出在 NGN中端到端的媒体流安 全的实现方法和装置, 具有以下特点: ( 1 ) 不需要网络参与密钥材料和安全 参数的分配, 直接由最终用户来完成上述过程; (2 ) 满足用户隐私的安全需 求。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 或 者将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制 作成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软 件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。 (3) End-to-end secure communication can be achieved without the network participating in key distribution. The following is the Session Initiation Protocol (SIP), the Session Description Protocol (SDP), the Secure Real-time Transport Protocol (SRTP), and the related key management protocol. This example illustrates the specific implementation of end-to-end media stream security. Secure RTP (SRTP, Secure RTP) provides security services for RTP. In SRTP packets, the Master Key Identifier (MKI) identifies the master key, and the session key is derived from the master key for authentication and Encrypt the packet. The MKI is defined, signaled, and used by the signaling management protocol. A message authentication code (MAC) is used to carry authentication data. FIG. 3 is a media flow security parameter negotiation process based on a secure signaling path. The process adds a new attribute "a=crypto" to the SDP to negotiate the security parameters of the SRTP media stream 250. The method relies on a secure signaling path (eg, SIPS) to protect the keys exchanged in the signaling can be seen as a "key management protocol" embedded in the secure signaling protocol. The two SIP user agents 200 and 210 prepare the key material for the SRTP media stream 250, and pass the SDP data through the Secure SIP Signaling Channel (SIPS, SIP over TLS) 220, which is transmitted in the SDP in plaintext. FIG. 4 is a media flow security parameter delivery process based on a secure signaling path. The method transmits the security parameter 330 negotiated on the SIPS secure signaling channel 320 to the media plane 310 on the signaling plane 300. The SRTP protocol 340 resides in the security parameter. Secure media streams. FIG. 5 is a media stream security parameter negotiation process based on a key management protocol. The process key management protocol (such as MIKEY) establishes a security association for a security protocol (such as SRTP), and the MIKEY message is transmitted along the SIP signaling path, and is in the SDP. incidentally. KEYMGT defines an extension "a=key-mgmt" in SDP to carry messages specified by a key management protocol such as MIKEY. A MIKEY message contains one or more keys and a set of parameters required by a security protocol, such as the encryption and authentication algorithms used. KEYMGT is able to establish end-to-end security for media streams and is independent of signaling protection. This method requires the endpoint to have a pre-configured key or public safety infrastructure. The two SIP User Agents 400 and 410 establish a session with SIP signaling 420 through the corresponding SIP Proxy Servers 430 and 440, respectively, and the MIKEY Key Management Protocol 450 prepares security parameters for the SRTP Media Stream 460. FIG. 6 is a media stream security parameter delivery process based on a key management protocol. The method transmits the security parameter 530 to the MIKEY key management protocol 540 via the SIP signaling protocol 520 on the signaling plane 500. The result of the security parameter negotiation by the MIKEY The 550 is passed to the media plane 510, and the SRTP protocol 560 secures the media stream based on security parameters. FIG. 7 is a block diagram of an apparatus for implementing end-to-end media stream security according to an embodiment of the present invention, including: an establishing module 10, configured to establish a session including a signaling plane by a first end and a second end; 20, the first end and the second end are used to negotiate a security parameter on the signaling plane; the delivery module 30 is configured to transmit the security parameter from the signaling plane to the media plane, and the protection module 40 is configured to use the security parameter to protect An end-to-end media stream on the media surface between the first end and the second end. Preferably, the protection module 40 specifically includes: an encryption unit, configured to encrypt the media stream with a security parameter before the media plane sends the media stream; and a decryption unit, configured to decrypt the media stream by using the security parameter after the media plane receives the media stream. Preferably, the protection module 40 specifically includes: an integrity protection unit, configured to perform integrity protection on the media stream by using a security parameter before the media plane sends the media stream; and an integrity checking unit, configured to: after receiving the media stream on the media plane Use the security parameters to perform an integrity check on the media stream. The communication between the first end and the second end is a media flow from the user to the user. The implementation device proposes that the communication between the first end and the second end directly negotiates the security parameters through the signaling plane, thereby providing security protection for the end-to-end media stream. From the above description, it can be seen that the present invention proposes an end-to-end media stream security implementation method and apparatus in NGN, which has the following features: (1) does not require network participation key material and security parameter allocation, directly by The end user completes the above process; (2) meets the security needs of the user's privacy. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种用于端到端的媒体流安全的实现方法, 其特征在于, 包括以下步骤: 第一端与第二端建立包括信令面的会话; A method for implementing end-to-end media stream security, comprising the steps of: establishing a session including a signaling plane by a first end and a second end;
所述第一端与第二端在所述信令面上协商安全参数;  The first end and the second end negotiate security parameters on the signaling plane;
将所述安全参数从所述信令面传递到媒体面; 以及  Passing the security parameter from the signaling plane to a media plane;
使用所述安全参数保护所述第一端与第二端之间在所述媒体面上 的端到端的媒体流。  The end-to-end media stream on the media surface between the first end and the second end is protected using the security parameters.
2. 根据权利要求 1 所述的实现方法, 其特征在于, 所述安全参数包括: 密 钥、 密钥长度、 和安全算法。 The implementation method according to claim 1, wherein the security parameters include: a key, a key length, and a security algorithm.
3. 居权利要求 1所述的实现方法, 其特征在于, 所述第一端与第二端在 所述信令面上协商安全参数的通道具体包括: The implementation method of claim 1, wherein the channel for negotiating security parameters between the first end and the second end on the signaling plane includes:
通过信令通道来协商, 或者通过专门的密钥管理协议来协商。  Negotiate through the signaling channel or through a special key management protocol.
4. 根据权利要求 1 所述的实现方法, 其特征在于, 使用所述安全参数保护 所述第一端与第二端之间在所述媒体面上的端到端的媒体流具体包括: 在所述媒体面发送所述媒体流之前先用所述安全参数加密所述媒 体流; 以及 The implementation of the method according to claim 1, wherein the use of the security parameter to protect the end-to-end media stream between the first end and the second end on the media plane comprises: Encrypting the media stream with the security parameter before transmitting the media stream; and
在所述媒体面接收所述媒体流之后使用所述安全参数解密所述媒 体流。  The media stream is decrypted using the security parameter after the media face receives the media stream.
5. 根据权利要求 1 所述的实现方法, 其特征在于, 使用所述安全参数保护 所述第一端与第二端之间在所述媒体面上的端到端的媒体流具体包括: 在所述媒体面发送所述媒体流之前先用所述安全参数对所述媒体 流进行完整性保护; 以及 The implementation method of claim 1, wherein the using the security parameter to protect the end-to-end media stream between the first end and the second end on the media plane comprises: Performing integrity protection on the media stream by using the security parameter before sending the media stream; and
在所述媒体面接收所述媒体流之后使用所述安全参数对所述媒体 流进行完整性检查。 Performing an integrity check on the media stream using the security parameter after the media face receives the media stream.
6. 根据权利要求 1至 5任一项所述的实现方法, 其特征在于, 所述包括 f 令面的会话包括: The implementation method according to any one of claims 1 to 5, wherein the session including the f-face includes:
遵循会话初始协议的会话;  a session that follows the session initiation protocol;
遵循会话描述协议的会话。  A session that follows the session description protocol.
7. 根据权利要求 1至 5任一项所述的实现方法, 其特征在于, 所述第一端 与第二端在所述信令面上采用安全实时传输协议和相关的密钥管理协议 来协商安全参数。 The implementation method according to any one of claims 1 to 5, wherein the first end and the second end adopt a secure real-time transmission protocol and an associated key management protocol on the signaling plane. Negotiate security parameters.
8. 一种用于端到端的媒体流安全的实现装置, 其特征在于, 包括: An apparatus for implementing end-to-end media stream security, comprising:
建立模块, 用于第一端与第二端建立包括信令面的会话; 协商模块, 用于所述第一端与第二端在所述信令面上协商安全参 数;  a establishing module, configured to establish a session including a signaling plane by the first end and the second end, and a negotiation module, configured to negotiate, by the first end and the second end, a security parameter on the signaling plane;
传递模块, 将所述安全参数从所述信令面传递到媒体面; 以及 保护模块,用于使用所述安全参数保护在所述第一端与第二端之间 在所述媒体面上的端到端的媒体流。  a delivery module that communicates the security parameter from the signaling plane to a media plane; and a protection module for protecting the media surface between the first end and the second end using the security parameter End-to-end media streaming.
9. 根据权利要求 8所述的实现装置, 其特征在于, 所述保护模块具体包括: 加密单元,用于在所述媒体面发送所述媒体流之前先用所述安全参 数加密所述媒体流; 以及 The implementation device according to claim 8, wherein the protection module specifically includes: an encryption unit, configured to encrypt the media stream by using the security parameter before sending the media stream on the media plane ; as well as
解密单元,用于在所述媒体面接收所述媒体流之后使用所述安全参 数解密所述媒体流。  And a decryption unit, configured to decrypt the media stream by using the security parameter after the media plane receives the media stream.
10. 根据权利要求 8所述的实现装置, 其特征在于, 所述保护模块具体包括: 完整性保护单元,用于在所述媒体面发送所述媒体流之前先用所述 安全参数对所述媒体流进行完整性保护; 以及 The implementation device according to claim 8, wherein the protection module specifically includes: an integrity protection unit, configured to use the security parameter to send the media stream before the media plane sends the media stream Media stream integrity protection;
完整性检查单元,用于在所述媒体面接收所述媒体流之后使用所述 安全参数对所述媒体流进行完整性检查。  And an integrity checking unit, configured to perform an integrity check on the media stream by using the security parameter after the media plane receives the media stream.
PCT/CN2008/000624 2008-01-23 2008-03-28 Method and apparatus for implementing the security of point to point media stream WO2009094812A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2008100087404A CN101222324B (en) 2008-01-23 2008-01-23 Method and apparatus for implementing end-to-end media stream safety
CN200810008740.4 2008-01-23

Publications (1)

Publication Number Publication Date
WO2009094812A1 true WO2009094812A1 (en) 2009-08-06

Family

ID=39631922

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/000624 WO2009094812A1 (en) 2008-01-23 2008-03-28 Method and apparatus for implementing the security of point to point media stream

Country Status (2)

Country Link
CN (1) CN101222324B (en)
WO (1) WO2009094812A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101895882A (en) * 2009-05-21 2010-11-24 中兴通讯股份有限公司 Data transmission method, system and device in WiMAX system
CN105636028A (en) * 2015-07-29 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Video data transmission method and device and wireless terminal
CN110249584B (en) * 2017-01-27 2022-04-19 三星电子株式会社 Method for providing end-to-end security in mission critical data communication systems
CN111064717B (en) * 2019-12-06 2022-11-22 浙江大华技术股份有限公司 Data encoding method, data decoding method, related terminal and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1643839A (en) * 2002-03-22 2005-07-20 通用仪器公司 End-to-end protection of media stream encryption keys for voice-over-ip systems
CN1801698A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Method for ensuring media stream safety in IP multimedia service subsystem network
CN1983921A (en) * 2005-12-16 2007-06-20 华为技术有限公司 Method and system for realizing end to end media fluid safety
US20070206787A1 (en) * 2006-02-24 2007-09-06 Cisco Technology, Inc. Method and system for secure transmission of an encrypted media stream across a network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7352867B2 (en) * 2002-07-10 2008-04-01 General Instrument Corporation Method of preventing unauthorized distribution and use of electronic keys using a key seed
GB2433008B (en) * 2003-11-04 2007-08-22 Ntt Comm Corp Method, apparatus and program for establishing encrypted communication channel between apparatuses

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1643839A (en) * 2002-03-22 2005-07-20 通用仪器公司 End-to-end protection of media stream encryption keys for voice-over-ip systems
CN1801698A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Method for ensuring media stream safety in IP multimedia service subsystem network
CN1983921A (en) * 2005-12-16 2007-06-20 华为技术有限公司 Method and system for realizing end to end media fluid safety
US20070206787A1 (en) * 2006-02-24 2007-09-06 Cisco Technology, Inc. Method and system for secure transmission of an encrypted media stream across a network

Also Published As

Publication number Publication date
CN101222324B (en) 2012-02-08
CN101222324A (en) 2008-07-16

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
Andreasen et al. Session description protocol (SDP) security descriptions for media streams
Baugher et al. The secure real-time transport protocol (SRTP)
US8452008B2 (en) Content distributing method, apparatus and system
JP3819729B2 (en) Data-safety communication apparatus and method
US8645680B2 (en) Sending media data via an intermediate node
CN104486077A (en) End-to-end secret key negotiation method for VoIP (Voice Over Internet Protocol) real-time data safety transmission
Wang et al. A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes
CN106936788A (en) A kind of cryptographic key distribution method suitable for VOIP voice encryptions
JP2009526454A (en) Method, apparatus and / or computer program product for encrypting and transmitting media data between a media server and a subscriber device
Baugher et al. RFC3711: The secure real-time transport protocol (SRTP)
CN101790160A (en) Method and device for safely consulting session key
WO2009094812A1 (en) Method and apparatus for implementing the security of point to point media stream
CN101247218B (en) Safety parameter negotiation method and device for implementing media stream safety
Steffen et al. SIP security
Jung et al. Securing rtp packets using per-packet selective encryption scheme for real-time multimedia applications
KR20120087550A (en) Encrypted Communication Method and Encrypted Communication System Using the Same
CN101729535B (en) Implementation method of media on-demand business
WO2010069102A1 (en) Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method
Fries et al. On the applicability of various multimedia internet keying (mikey) modes and extensions
WO2009094814A1 (en) A security parameter generating method for implementing media stream security and the apparatus thereof
Andreasen et al. RFC 4568: Session description protocol (SDP) security descriptions for media streams
Zhao et al. Secure voice over internet protocol based on combined secret key method
Blom et al. Key management and protection for IP multimedia
Carrara Security for IP multimedia applications over heterogeneous networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08715066

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08715066

Country of ref document: EP

Kind code of ref document: A1