WO2017088575A1

WO2017088575A1 - Encryption mechanism-based ipc service implementation method and system

Info

Publication number: WO2017088575A1
Application number: PCT/CN2016/099895
Authority: WO
Inventors: 田晓川
Original assignee: 北京奇虎科技有限公司; 奇智软件（北京）有限公司
Priority date: 2015-11-26
Filing date: 2016-09-23
Publication date: 2017-06-01
Also published as: CN105306493B; CN105306493A

Abstract

The present invention relates to the technical field of communications, and in particular to an encryption mechanism-based IPC service implementation method and system. The method comprises: receiving a connection and registration request of an IPC terminal to complete the registration thereof; generating an encryption key and a decryption key, and respectively and correspondingly transmitting same to the IPC terminal and an APP client bound with the IPC terminal; and receiving a playing request of the APP client, and controlling the APP client so that same establishes a connection with the IPC terminal, so as to enable the IPC terminal to transmit an audio and video stream encrypted using the encryption key to the APP client which can use the decryption key for decryption to perform decryption and playing. In the present solution, a server controls processes of an APP client being bound with and establishing a connection with an IPC terminal, and generating an encryption key and a decryption key and respectively transmitting same to the APP client and the IPC terminal, etc., thereby preventing an illegitimate user from acquiring and/or decrypting a user's audio and video stream information, ensuring the security of audio and video stream information transmission, and further improving the security of the user's privacy.

Description

Method and system for implementing IPC service based on encryption mechanism

Technical field

The present invention relates to the field of communications technologies, and in particular, to a method and system for implementing an IPC service based on an encryption mechanism.

Background technique

With the rapid development of the mobile Internet, IPC (IP Camera) technology has now been widely used. The service targets of video surveillance are gradually developing from professional services for industry and enterprises to general video surveillance services for the general public such as individuals and families. At the same time, the network environment of its monitoring system is gradually moving from private network to LAN. Development; network video surveillance currently provided to individual users is generally based on the Internet. Individuals and families install network cameras at home to obtain remote video surveillance services. At the same time, users also worry about and pay attention to the security of video data, and worry about video data leakage. Or video data is illegally intercepted during transmission and its video information is easily known.

Summary of the invention

In view of the above problems, the present invention has been made in order to provide an encryption mechanism based IPC service implementation method and system that overcomes the above problems or at least partially solves the above problems.

According to an aspect of the present invention, an IPC service implementation method based on an encryption mechanism is provided, which includes the following steps:

Receiving the connection and registration request of the IPC terminal and completing its registration;

Generating an encryption key and a decryption key, respectively corresponding to an APP (Application; application) client that is transmitted to the IPC terminal and bound to the IPC terminal;

Receiving a play request of the APP client, and controlling the APP client to establish a connection with the IPC terminal, so that the IPC terminal transmits the audio and video stream encrypted by using the encryption key to the APP that can be decrypted by using the decryption key. The client performs decryption playback.

According to an aspect of the present invention, an IPC service implementation system based on an encryption mechanism is provided, which includes:

a receiving module, configured to receive a connection and registration request of the IPC terminal, and complete registration thereof;

Generating a transmission module, configured to generate an encryption key and a decryption key, and respectively corresponding to the IPC terminal and an APP client bound to the IPC terminal;

a receiving control module, configured to receive a play request of the APP client, and control the APP client to establish a connection with the IPC terminal, so that the IPC terminal transmits the audio and video stream encrypted by using the encryption key to enable The APP client decrypting the key for decryption plays the decrypted play.

According to an aspect of the present invention, an IPC service implementation method based on an encryption mechanism is further provided, which includes the following steps:

The IPC terminal connects to the primary server through HTTP or HTTPS and registers with the primary server, and then the APP client performs binding with the IPC terminal;

The primary server generates an encryption key and a decryption key, and transmits the encryption key to the IPC terminal, and transmits the decryption key to the APP client, the encryption key and a decryption key Using symmetric encryption;

Sending, by the APP client, a play request to the primary server, so that the APP client and the IPC terminal respectively establish a TCP connection with the base station;

The IPC terminal encrypts the audio and video stream by using the encryption key, and transmits the audio and video stream to the APP client;

After receiving the audio and video stream encrypted by the IPC terminal, the APP client decrypts the audio and video stream by using the decryption key to implement audio and video playback.

The invention also provides an IPC service implementation system based on an encryption mechanism, which comprises:

Registering a binding module, the IPC terminal is connected to the primary server by using HTTP or HTTPS, and is registered with the primary server, and the APP client performs binding with the IPC terminal;

a key generation module, configured to generate an encryption key and a decryption key by the primary server, and transmit the encryption key to the IPC terminal and transmit the decryption key to the APP client; The encryption key and the decryption key are symmetrically encrypted;

a base station connection module, configured to send, by the APP client, a play request to the primary server, so that the APP client The IPC terminal establishes a TCP connection with the base station respectively;

An encryption module, configured to: the IPC terminal encrypts the audio and video stream by using the encryption key, and transmits the audio and video stream to the APP client;

And a decryption module, configured to perform decryption processing on the audio and video stream by using the decryption key after the APP client receives the audio and video stream encrypted by the IPC terminal, so as to implement audio and video playback.

According to an aspect of the invention there is provided a computer program comprising computer readable code, when said computer readable code is run on a computing device, causing said computing device to perform any of said encryption based mechanisms described above IPC service implementation method.

According to another aspect of the present invention, a computer readable medium storing the computer program as described above.

Compared with the prior art, the present invention has the following advantages:

In the present invention, the server generates an encryption key and a decryption key, which are respectively transmitted to the IPC terminal and the APP client bound to the IPC terminal. When the server receives the playback request of the APP client, the server control office The APP client establishes a connection with the IPC terminal, so that the IPC terminal transmits the audio and video stream encrypted by the encryption key to the APP client, and the APP client receives the encrypted audio and video stream corresponding to the encryption key. The decryption key decrypts and plays the audio and video stream; in the process, only after the audio and video stream that has been encrypted and processed is successfully decrypted, the audio and video stream can be played normally, if the APP client does not perform the encrypted audio and video stream. The decrypted decryption key or decryption key does not correspond to the encryption key, so even if the client acquires the audio and video stream, it cannot be decrypted and processed, and thus cannot be played normally, and accordingly, the security of the audio and video information is ensured. Sex, that is, the user's privacy is better protected.

Correspondingly, when the server controls the APP client to establish a connection with the IPC terminal, the server uses the public key check to determine whether the sig provided by the APP client and the IPC terminal is legal; when the determination is no, the server does not Granting the APP client to establish a connection with the IPC terminal, and when the determination is yes, granting the APP client to establish a connection with the IPC terminal; the process can prevent the APP client and the non-IPC terminal from being bound to the IPC terminal. The IPC terminal establishes a connection, thereby preventing the APP client not bound to the IPC terminal from acquiring audio and video streams, which further improves the security of the audio and video information, and the user's privacy is better protected.

It can be seen from the above that the technical solution provided by the present invention acquires and saves the corresponding control relationship between the master device and the smart device through authentication, and saves the association relationship between the smart devices on the other hand, according to the relationship between the smart device and the smart device. According to the scheme, the association information between the master devices is passively established according to the association information between the smart devices, so that the control of the smart device by the master device is no longer controlled. Limited to one-to-one individual control, the master device supervises and controls the related information between the corresponding smart devices through the association information between the master devices, so that the master device is more comprehensive and effective for the corresponding smart devices. control.

The above description is only an overview of the technical solutions of the present invention, and the above-described and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below.

DRAWINGS

Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:

1 is a flowchart of a process of an embodiment of an IPC service implementation method based on an encryption mechanism in the present invention;

2 is a flowchart of a process of an embodiment of an IPC service implementation method based on an encryption mechanism in the present invention;

3 is a structural block diagram of an embodiment of an IPC service implementation system based on an encryption mechanism in the present invention;

4 is a structural block diagram of an embodiment of a receiving control module in an IPC service implementation system based on an encryption mechanism in the present invention;

5 is a structural block diagram of an embodiment of a processing module in an IPC service implementation system based on an encryption mechanism in the present invention;

6 is a structural block diagram of an embodiment of an IPC service implementation system interrupt connection assistance module based on an encryption mechanism in the present invention;

7 is a structural block diagram of an embodiment of a push assisting module in an IPC service implementation system based on an encryption mechanism in the present invention;

8 is a flowchart of a process of an embodiment of an IPC service implementation method based on an encryption mechanism in the present invention;

9 is a flowchart of a process of an embodiment of an IPC service implementation method based on an encryption mechanism in the present invention;

10 is a flowchart of a process of an embodiment of an IPC service implementation method based on an encryption mechanism in the present invention;

11 is a flowchart of a process of an embodiment of an IPC service implementation method based on an encryption mechanism in the present invention;

12 is a structural block diagram of an embodiment of an IPC service implementation system based on an encryption mechanism in the present invention;

13 is a structural block diagram of an embodiment of an IPC service implementation system based on an encryption mechanism in the present invention;

14 is a structural block diagram of an embodiment of a base station connection module in an IPC service implementation system based on an encryption mechanism in the present invention;

15 is a structural block diagram of an embodiment of a signaling processing module in an IPC service implementation system based on an encryption mechanism in the present invention;

16 is a structural block diagram of an embodiment of an event pushing module in an IPC service implementation system based on an encryption mechanism in the present invention;

Figure 17 is a schematic block diagram showing a computing device for performing a method in accordance with the present invention;

Fig. 18 schematically shows a storage unit for holding or carrying program code implementing the method according to the invention.

Specific embodiment

The invention is further described in the following with reference to the drawings and exemplary embodiments, which are illustrated in the accompanying drawings, in which the same or similar reference numerals are used to refer to the same or similar elements or elements having the same or similar functions. . The embodiments described below with reference to the drawings are intended to be illustrative of the invention and are not to be construed as limiting. Further, if a detailed description of a known technique is not necessary to show the features of the present invention, it will be omitted.

The singular forms "a", "an", "the" It is to be understood that the phrase "comprise" or "an" Integers, steps, operations, components, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element. Further, "connected" or "coupled" as used herein may include either a wireless connection or a wireless coupling. The phrase "and/or" used herein includes all or any one and all combinations of one or more of the associated listed.

Those skilled in the art will appreciate that all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the invention belongs, unless otherwise defined. It should also be understood that terms such as those defined in a general dictionary should be understood to have meaning consistent with the meaning in the context of the prior art, and will not be idealized or excessive unless specifically defined as here. The formal meaning is explained.

Those skilled in the art can understand that the "terminal" and "terminal device" used herein include both a wireless signal receiver device, a device having only a wireless signal receiver without a transmitting capability, and a receiving and transmitting hardware. A device having a device capable of performing two-way communication receiving and transmitting hardware on a two-way communication link. Such devices may include cellular or other communication devices having a single line display or a multi-line display or a cellular or other communication device without a multi-line display; PCS (Personal Communications Service), which may combine voice, data Processing, fax, and/or data communication capabilities; PDA (Personal Digital Assistant), which can include radio frequency receivers, pagers, Internet/Intranet access, web browsers, notepads, calendars, and/or GPS (Global Positioning System (Global Positioning System) receiver; conventional laptop and/or palmtop computer or other device having a conventional laptop and/or palmtop computer or other device that includes and/or includes a radio frequency receiver. As used herein, "terminal", "terminal device" may be portable, transportable, installed in a vehicle (aviation, sea and/or land), or adapted and/or configured to operate locally, and/or Run in any other location on the Earth and/or space in a distributed form. The "terminal" and "terminal device" used herein may also be a communication terminal, an internet terminal, a music/video playback terminal, and may be, for example, a PDA or a MID (Mobile Internet Device). Networked devices) and/or mobile phones with music/video playback capabilities can also be devices such as smart TVs, set-top boxes, and the like.

Those skilled in the art can understand that the concepts of servers, clouds, remote network devices, and the like used herein have equivalent effects, including but not limited to computers, network hosts, single network servers, multiple network server sets, or multiple servers. The cloud that makes up. Here, the cloud is composed of a large number of computers or network servers based on Cloud Computing, which is a kind of distributed computing, a super virtual computer composed of a group of loosely coupled computers. In the embodiment of the present invention, the communication between the remote network device, the terminal device and the WNS server can be implemented by any communication method, including but not limited to, mobile communication based on 3GPP, LTE, WIMAX, TCP/IP, UDP protocol. Computer network communication and short-range wireless transmission based on Bluetooth and infrared transmission standards.

It is necessary to first make a preliminary description of the application scenario and principles of the present invention as follows.

In the Internet, it generally includes a client (user mobile terminal), a network, and a server (such as a web server of a website). The client can be a user's Internet mobile terminal, such as a desktop computer (PC), a laptop (Laptop), a smart device with web browsing capabilities, such as a personal digital assistant (PDA), and mobile Internet devices (MID) and smartphones (Phone). These mobile terminals can all request a service by another process (such as a server-provided process) in an Internet environment, typically in an Internet environment.

The server is typically a remote computer system that can be accessed via a communication medium such as the Internet, typically such as the Internet. Moreover, servers can often serve multiple clients from the Internet. The service process includes receiving requests from the client, collecting user information and feedback information, and the like. In essence, the server acts as an information provider for the computer network. The server is usually located on the party providing the service, or configured by the service provider to serve the content, such a service provider may be, for example, an Internet service company's website.

The application method of the related method and terminal of the present invention is an APP device suitable for audio and video playback and web browsing function, such as a desktop client, a laptop computer, a PDA, a MID, and an intelligent device. A mobile phone or the like, with the cloud server as the server described below, is exemplified by taking an IPC terminal as described below as an example for an intelligent device suitable for collecting audio and video data and with a network connection function. The APP client and the IPC terminal are installed with an application that implements data interaction with the server through the network. It should be noted that the description is merely exemplary, and the scope of the invention is not limited thereto.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, specific embodiments of several technical solutions of the present invention proposed to implement the above-described scenarios using the above-described principles will be described in detail. It should be noted that the present invention provides an IPC service implementation method based on an encryption mechanism, that is, the method is described from the perspective of a server, and the IPC service implementation method of the encryption mechanism can be implemented as a computer program in a remote network device by programming. Implementations include, but are not limited to, a computer, a network host, a single network server, a plurality of network server sets, or a cloud of multiple servers.

Referring to FIG. 1, an exemplary embodiment of an IPC service implementation method based on an encryption mechanism according to the present invention includes the following steps:

S100. Receive a connection and registration request of the IPC terminal, and complete registration.

Specifically, the IPC terminal initiates a connection request to the server. After the connection is successful, the IPC terminal initiates a registration request to the server through the HTTPS, and the server obtains configuration information used by the IPC terminal for registration and authentication, and the server performs configuration information. The comparison judges that if it is determined that the SN already exists and is not the same QID, the bound error message is returned. If it is determined that the SN already exists and is the same QID, the TS word number data is updated, and if it is determined that the SN does not exist, the data is entered. The library also returns the response data to the APP client; after the registration authentication is passed, the IPC terminal obtains an ID and its corresponding token token that is logged into the server. The IPC terminal enters the server page through the network, enters the ID and its corresponding token token in the corresponding dialog box, and the server verifies the ID and token of the IPC terminal. After the verification is passed, the IPC terminal can perform correspondingly through the server. operating.

Further, the method of the present invention further includes a step S110, generating an encryption key and a decryption key, respectively corresponding to the IPC terminal and an APP (Application; application client) bound to the IPC terminal. .

Specifically, the server uses a symmetric encryption algorithm to generate an encryption key and a decryption key, transmits the encryption key to the IPC terminal, and transmits the corresponding decryption key to the APP client bound to the IPC terminal. The process of binding the IPC terminal to the APP client includes: first, the APP client requests the server to obtain the IPC terminal through the QID and the TS. After binding the data, the server determines whether the APP client has been bound, and if the determination is yes, returns the determination result, and downlinks the binding result signaling to the APP client; If no, the binding operation is performed and the result is returned, and the downlink binding result signaling is sent to the APP client and the IPC terminal. In addition, if the server does not allow the APP client to obtain the binding data of the IPC terminal, the acquisition fails, and the result of the failure of obtaining the failure is returned to the APP client, and the next acquisition request of the APP client is awaited.

Further, the method of the present invention further includes a step S120, receiving a play request of the APP client, and controlling the APP client to establish a connection with the IPC terminal, so that the IPC terminal encrypts the voice by using an encryption key. The video stream is transmitted to an APP client that can be decrypted using the decryption key for decryption playback.

Specifically, the APP client initiates a play request to the server through HTTPS, and the server receives the play request and returns a corresponding response notification.

The process of establishing a connection between the APP client and the IPC terminal includes: the server controls the APP client to initiate a connection to the IPC terminal, and then the server uses the public key check to determine the APP client and the IPC terminal. Whether the sig is legal or not; if the determination is no, the APP client is not allowed to establish a connection with the IPC terminal, and if the determination is yes, the APP client is permitted to establish a connection with the IPC terminal. For ease of understanding, the process is further illustrated as follows. For example, the APP client and the IPC terminal establish a connection through the base station as a relay station. First, the server controls the APP client to initiate a TCP connection to the base station, and then the base station. The public key provided by the server is used to check whether the sig provided by the APP client is legal. When the check result is legal, the server sends the check result information to the IPC terminal, so that the IPC terminal initiates a connection to the base station, and the base station also uses the base station. The public key check provided by the server determines whether the sig provided by the IPC terminal is legal. If the check result is legal, the APP client establishes a connection with the IPC terminal, and can perform corresponding subsequent actions.

After the foregoing process is completed, the IPC terminal encrypts the audio and video stream by using an encryption key, and then transmits the result to the APP client, and the APP client receives the encrypted audio and video stream and uses the corresponding After the decryption key is successfully decrypted, it can be played normally. If the APP client receives the encrypted audio and video stream without a decryption key or a corresponding decryption key, the encrypted audio and video stream cannot be decrypted normally. , that is, the audio and video cannot be played normally.

In addition, if the APP client that is legal and has a normal decryption key for the encrypted audio and video stream shares the encrypted audio and video stream with other playback clients, the encrypted audio and video stream must be shared not only, but also The corresponding decryption key needs to be shared together; the playback client that receives the encrypted audio and video stream shared by the APP client must also use the corresponding decryption key to decrypt the encrypted audio and video stream before playing normally. Therefore, the solution of the present invention can also share the audio and video information that the user is willing to share to the relevant user after authorizing the authorized user.

Further, referring to FIG. 2, the method of the present invention further includes the step S130, the APP client is disconnected from the IPC terminal.

Specifically, the APP client actively closes the connection with the IPC terminal, and then the IPC terminal is closed. For ease of understanding, the process is further illustrated. If the APP client and the IPC terminal are connected through the base station as a transit station, the details are as follows: the APP client actively closes the TCP long connection with the base station, and then The base station sends the command result to the IPC terminal, and after receiving the IPC terminal, the TCP connection with the base station is also closed.

Further, the method of the present invention further includes the step of processing the operation control signaling sent by the APP client to the IPC terminal; the step may be interspersed in the foregoing related step process, and the specific operation control signaling The device may include a light-on command, a shake-up command, and a focus command. The step includes: the APP client sends corresponding operation control signaling, and after receiving the signaling sent by the APP client, the server sends the signal to the APP client. And returning the response data to the IPC terminal, and sending an execution signaling notification by using the private key signature to the IPC terminal, after receiving the execution signaling notification, the IPC terminal performs an execution action corresponding to the execution signaling, and uploads to the server. After the server receives the signaling execution result uploaded by the IPC terminal, the process ends. The parameters for performing the signaling include the session ID and the signaling code.

Further, the method of the present invention further includes the step of assisting the IPC terminal to push an event to the APP client.

Specifically, the process includes: the IPC terminal pushes the event data to the server through the HTTPS, and after receiving the event data sent by the IPC terminal, the server returns the response data to the IPC terminal and sends the event to the APP client. News After the APP client receives the message notification, if the event is intentionally sent to the server to send a request for acquiring the specific data of the event, the server receives the request of the APP client to acquire event specific data and responds to the request. The message notification sent by the server to the APP client is signed by using its private key, and the message notification parameter includes a session ID and a signaling code. This step can greatly improve the interactivity of information between the APP client, the server and the IPC terminal, and also improve the timeliness and stability of information transmission.

Further, the method of the present invention further includes the step of assisting in processing the unbinding between the APP client and the IPC terminal.

Specifically, the step of the step is substantially the same as the step of processing the operation control signaling sent by the APP client to the IPC terminal, which is equivalent to the APP client sending an unbinding signaling to the IPC terminal; The difference is that the process requires the server to remove the local binding state. This step facilitates the binding state relationship between the APP client and the IPC terminal.

Further, the method of the present invention further includes the step of assisting the processing of the APP client to trigger the IPC terminal upgrade.

Specifically, the step process integrates the operation control signaling sent by the APP client to the IPC terminal, which is similar to the APP client sending an upgrade signaling to the IPC terminal, but in the process The IPC terminal also closes the offline and starts the online process, and during this step, the IPC terminal feeds back the upgrade process status information to the server multiple times. This step enables the defects to be continuously optimized, which makes the user's operation more convenient and improves the user experience.

In still another embodiment of the present invention, the step of disconnecting the APP client from the IPC terminal includes a process of assisting the APP client to close the connection with the IPC terminal. For example, the APP client shares audio and video information to other parts of the client for playback, and the APP client directly connected to the IPC terminal needs to cancel sharing to forcibly close the connection with the IPC terminal. For ease of understanding, the process is further illustrated. If the APP client and the IPC terminal are connected to each other through the base station as a transit station, the specific process is as follows: the APP client actively closes the TCP long connection with the base station. The server sends an information notification to the APP client that needs to be unshared and forcibly closed. After receiving the notification, the APP client may send a signaling to the server to forcibly close the connection with the IPC terminal, and the server receives the notification. After the signaling of the connection with the IPC terminal is forcibly closed, the signaling result is fed back to the base station, and the control base station is disconnected from the APP client, and the IPC terminal is sent to close the connection with the APP client. It is notified that after receiving the IPC terminal, the TCP connection with the base station is also closed. It not only prevents the inconvenience caused by the direct owner of the IPC terminal, but also facilitates the control of the shared information by the direct owner of the IPC terminal.

In still another embodiment of the present invention, the step of disconnecting the APP client from the IPC terminal includes monitoring the use or operation status of the playback client by the audio and video information relay station. For ease of understanding, the process is further illustrated. If the APP client and the IPC terminal are connected through the base station as a transit station, the specific process is as follows: when the base station detects no APP client or other After the playing client is using or operating the IPC terminal for more than a preset time, the base station closes the TCP connection with the IPC terminal, and the APP client also disconnects from the IPC terminal and the base station. Open the connection. It not only saves related resources, avoids waste of resources, but also prolongs the service life of related equipment to a certain extent.

In summary, in the present invention, the server avoids the process of binding the APP client to the IPC terminal, establishing a connection, and generating an encryption key and a decryption key, respectively, and transmitting the same to the APP client and the IPC terminal. The illegal user acquires and/or decrypts the audio and video stream information of the user, ensures the security of the audio and video stream information transmission, and further improves the security of the user's privacy; in addition, the invention has better information interactivity and stability, and is convenient to use. Sexuality and better user experience, while saving related resources, avoiding waste of resources, and extending the service life of related equipment to a certain extent.

Correspondingly, according to the functional modularization of computer software, the present invention also provides an IPC service implementation system based on an encryption mechanism, that is, a server for implementing an IPC service based on an encryption mechanism. Referring to FIG. 3, the following includes the modules included in the system and the specific functions implemented by each module. The system includes:

The receiving module 11 is configured to receive a connection and registration request of the IPC terminal, and complete registration thereof.

Specifically, the IPC terminal initiates a connection request to the receiving module 11, and after the connection is successful, the IPC terminal initiates a registration request to the receiving module 11 through the HTTPS, and the receiving module 11 acquires configuration information used by the IPC terminal for registration and authentication. The server compares the configuration information, and if it determines that the SN already exists and is not the same QID, returns a bound error message, if If it is determined that the SN already exists and is the same QID, the TS word number data is updated. If it is determined that the SN does not exist, the data is stored in the database and the response data is returned to the APP client; after the registration authentication is passed, the IPC terminal obtains a login to the server. ID and its corresponding token token. The IPC terminal enters the server page through the network, enters the ID and its corresponding token token in the corresponding dialog box, and the server verifies the ID and token of the IPC terminal. After the verification is passed, the IPC terminal can perform correspondingly through the server. Operation.

Further, the system of the present invention further includes a generating transfer module 13 and a control module 12.

The generating and transmitting module 13 is configured to generate an encryption key and a decryption key, and respectively transmit the same to the IPC terminal and the APP client bound to the IPC terminal.

The control module 12 is configured to control the APP client to be bound to the IPC terminal. The control module 12 includes: a grant determining unit, configured to obtain the binding data of the IPC terminal by the APP client, and a method for determining whether the APP client is in a binding state, and if yes, The result of the determination is returned, and the result signaling is downlink-bound, and if not, the binding operation and the return result are performed, and the result signaling is downlink-bound.

Specifically, the generating and transmitting module 13 generates an encryption key and a decryption key by using a symmetric encryption algorithm, transmits the encryption key to the IPC terminal, and transmits the corresponding decryption key to the APP client bound to the IPC terminal. . The process of binding the IPC terminal to the APP client includes: first, the APP client requests the server to obtain the binding data of the IPC terminal through the QID and the TS, and the granting judgment unit grants the request, and determines the location. Whether the APP client has been bound, if the determination is yes, the decision result is returned, and the downlink binding result signaling is sent to the APP client; if the determination is no, the binding operation and the return result are executed, and at the same time, The downlink binding result signaling is sent to the APP client and the IPC terminal. In addition, if the server does not allow the APP client to obtain the binding data of the IPC terminal, the acquisition fails, and the result of the failure of obtaining the failure is returned to the APP client, and the next acquisition request of the APP client is awaited.

Further, the system of the present invention further includes a receiving control module 14 configured to receive a play request of the APP client, and control the APP client to establish a connection with the IPC terminal, so that the IPC terminal will utilize the encryption key. The encrypted audio and video stream is transmitted to an APP client that can be decrypted by using the decryption key for decryption playback. Referring to FIG. 4, the receiving control module 14 includes:

The control unit 141 is configured to control the APP client to initiate a connection to the IPC terminal.

The determining unit 142 is configured to determine whether the sig provided by the APP client and the IPC terminal is legal by using a public key check; if the determination is no, the APP client is not allowed to establish a connection with the IPC terminal, and if it is determined to be If yes, the APP client is granted a connection with the IPC terminal.

Specifically, the APP client initiates a play request to the receiving control module 14 through HTTPS, and the receiving control module 14 receives the play request and returns a corresponding response notification.

The process of establishing a connection between the APP client and the IPC terminal includes: the control unit 141 of the server controls the APP client to initiate a connection to the IPC terminal, and then the determining unit 142 of the server uses the public key check to determine the APP client. Whether the sig provided by the terminal and the IPC terminal is legal; if the determination is no, the APP client is not allowed to establish a connection with the IPC terminal, and if the determination is yes, the APP client is allowed to establish a connection with the IPC terminal. . For ease of understanding, the process is further illustrated as follows. For example, the APP client and the IPC terminal establish a connection through the base station as a relay station. First, the control unit 141 of the server controls the APP client to initiate a TCP to the base station. After the connection is made, the base station uses the public key provided by the determining unit 142 of the server to check whether the sig provided by the APP client is legal. When the check result is legal, the server sends the check result information to the IPC terminal, so that the IPC terminal sends the IPC terminal to the IPC terminal. The base station initiates the connection, and the base station also uses the public key provided by the determining unit 142 of the server to check whether the sig provided by the IPC terminal is legal. If the check result is legal, the APP client establishes a connection with the IPC terminal, and can perform corresponding follow-up actions. .

In addition, if the APP client that is legal and has a normal decryption key for the encrypted audio and video stream, the encrypted audio and video should be encrypted. The stream is shared with other playing clients, and not only the encrypted audio and video stream is shared, but also the corresponding decryption key is shared; the playing client of the encrypted audio and video stream shared by the APP client is received. It is also necessary to use the corresponding decryption key to decrypt the encrypted audio and video stream before playing normally. Therefore, the solution of the present invention can also share the audio and video information that the user is willing to share to the relevant user after authorizing the authorized user.

Further, the system of the present invention further includes a processing module for processing operation control signaling sent by the APP client to the IPC terminal. Referring to FIG. 5, the processing module includes:

The first receiving unit 151 is configured to receive signaling sent by the APP client.

The notification sending unit 152 is configured to return response data to the APP client, and send an execution signaling that is signed by the private key to the IPC terminal, where the parameters of the execution signaling include a session ID and a signaling code. .

The second receiving unit 153 is configured to receive a signaling execution result uploaded by the IPC terminal.

Specifically, the operation control signaling may include a light-on command, a shake command, a focus command, and the like; the processing of the processing module includes: the APP client sends corresponding operation control signaling, and the first receiving unit 151 receives the After the signaling sent by the APP client, the response data is returned to the APP client, and the sending unit 152 sends an execution signaling notification by using the private key signature to the IPC terminal, and the IPC terminal receives the execution. After the signaling is notified, an execution action corresponding to the execution signaling is performed, and a signaling execution result is uploaded to the server, and after the second receiving unit 153 receives the signaling execution result uploaded by the IPC terminal, the process ends; The parameters for performing signaling include a session ID and a signaling code.

Further, the system of the present invention further includes a disconnection assistance module for assisting the APP client to close the connection with the IPC terminal. Referring to FIG. 6, the disconnection assistance module includes:

The strong closed receiving unit 161 is configured to receive signaling sent by the APP client to forcibly close the connection with the IPC terminal.

The strong-close sending unit 162 is configured to send a notification to the IPC terminal to close the connection with the APP client.

Specifically, when the APP client shares the audio and video information to other parts of the client for playing, the APP client directly connected to the IPC terminal needs to cancel the sharing to forcibly close the connection with the IPC terminal. For ease of understanding, the process is further illustrated. If the APP client and the IPC terminal are connected to each other through the base station as a transit station, the specific process is as follows: the APP client actively closes the TCP long connection with the base station. The server sends an information notification to the APP client that needs to be unshared and forcibly closed. After receiving the information notification, the APP client may send a signaling to the strong receiving unit to forcibly close the connection with the IPC terminal, and close the signal. After receiving the signaling for forcibly closing the connection with the IPC terminal, the receiving unit 161 feeds back the signaling result to the base station, and the control base station disconnects from the APP client, and at the same time, the strong-close sending unit 162 sends the signal to the IPC. The terminal sends a notification to close the connection with the APP client, and after receiving the IPC terminal, the TCP connection with the base station is also closed. It not only prevents the inconvenience caused by the direct owner of the IPC terminal, but also facilitates the control of the shared information by the direct owner of the IPC terminal. In addition, if the APP client does not share the audio and video information, the APP client only needs to actively close the connection with the IPC terminal; if the base station detects that there is no APP client or other playback client, the IPC terminal is After the user uses or operates for more than the preset time, the base station closes the TCP connection with the IPC terminal, and the APP client also disconnects from the IPC terminal and the base station.

Further, the system of the present invention further includes a push assistance module for assisting the IPC terminal to push an event to the APP client. Referring to FIG. 7, the push assisting module includes:

The push receiving unit 171 is configured to receive event data sent by the IPC terminal.

The sending and sending unit 172 is configured to return response data to the IPC terminal, and send a message notification of the event to the APP client.

The request receiving unit 173 is configured to receive a request for the APP client to acquire event specific data, and respond to the request.

Specifically, the working process of the push assisting module includes: the IPC terminal pushes the event data to the server through the HTTPS, and after the push receiving unit 171 receives the event data sent by the IPC terminal, the push sending unit 172 returns a response to the IPC terminal. The data is sent to the APP client to send a message notification of the event. After receiving the message notification, if the APP client intends to send a request for acquiring the specific data of the event to the server, the request receiving unit 173 receives the message. The APP client Get a request for event specific data and respond to the request. The message notification sent by the sending and delivering unit 172 to the APP client is signed by using the server private key, and the message notification parameter includes a session ID and a signaling code. This process can greatly improve the interactivity of information between the APP client, the server and the IPC terminal, and also improve the timeliness and stability of information transmission.

Further, the system of the present invention further includes an unbundling assistance module for assisting in processing the unbinding between the APP client and the IPC terminal.

Specifically, the working process of the unbinding assistance module is basically the same as the working process of the processing module, which is equivalent to the APP client sending an unbinding signaling to the IPC terminal; the difference is that the unbinding assistance module The work process requires the server to delete the local binding state. The unbinding assistance module has a binding state relationship that facilitates the APP client to freely control the IPC terminal.

Further, the system of the present invention further includes an upgrade assistance module for assisting in processing the APP client to trigger the IPC terminal upgrade.

Specifically, the working process of the upgrade assisting module integrates the working process of the processing module, which is similar to the APP client sending an upgrade signaling to the IPC terminal, but in the process, the IPC terminal is further closed and opened. During the process of going online, and during the work of the upgrade assistance module, the IPC terminal will feedback the upgrade process status information to the server multiple times. The upgrade assistance module can continuously optimize various defects, make the user operation more convenient, and improve the user experience.

Further, the present invention further provides an IPC service implementation method based on an encryption mechanism, which describes the method from the perspective of the entire large system (including an APP client, a main server, and an IPC terminal), and can program the IPC service of the encryption mechanism. The implementation is implemented as a computer program implemented on a remote network device, including but not limited to a computer, a network host, a single network server, a plurality of network server sets, or a cloud of multiple servers.

Referring to FIG. 8, an exemplary embodiment of an IPC service implementation method based on an encryption mechanism according to the present invention includes the following steps:

S300. The IPC terminal connects to the primary server by using HTTP or HTTPS and registers with the primary server, and then the APP client performs binding with the IPC terminal.

Specifically, the IPC terminal initiates a connection request to the primary server. After the connection is successful, the IPC terminal initiates a registration request to the primary server through the HTTPS, and the primary server acquires configuration information used by the IPC terminal for registration and authentication, and the primary server The configuration information is compared and determined. If it is determined that the SN already exists and is not the same QID, the bound error message is returned. If it is determined that the SN already exists and is the same QID, the TS word number data is updated, and if it is determined that the SN does not exist, Then the data is stored in the library and the response data is returned to the APP client; after the registration authentication is passed, the IPC terminal obtains an ID and its corresponding token token that is logged into the main server. The IPC terminal enters the main server page through the network, enters the ID and its corresponding token token in the corresponding dialog box, and the main server verifies the ID and token of the IPC terminal. After the verification is passed, the IPC terminal can pass the primary server. Take the appropriate action.

In addition, the process of binding the APP client to the IPC terminal includes: first, the APP client requests the primary server to obtain the binding data of the IPC terminal through the QID and the TS, and after the primary server grants the request, Determining whether the APP client has been bound, if the determination is yes, returning the determination result, and downlink binding result signaling to the APP client; if the determination is no, performing the binding operation and returning the result And downlink binding result signaling to the APP client and the IPC terminal. In addition, if the primary server does not allow the APP client to obtain the binding data of the IPC terminal, the acquisition fails, and the result notification of the failure of the acquisition is returned to the APP client, and the next acquisition request of the APP client is awaited.

S310. The primary server generates an encryption key and a decryption key, and transmits the encryption key to the IPC terminal, and transmits the decryption key to the APP client.

Specifically, the encryption key and the decryption key are generated by using a symmetric encryption algorithm.

S320. The APP client sends a play request to the primary server, so that the APP client and the IPC terminal respectively establish a TCP connection with the base station.

Specifically, the APP client initiates a play request to the primary server by using HTTPS, and the primary server receives the play request and returns a corresponding response notification. The process of establishing a connection between the APP client and the IPC terminal includes: the APP client initiates a connection to the IPC terminal, and then the primary server uses the public key check to determine the sig provided by the APP client and the IPC terminal. If the determination is no, the APP client is not allowed to establish a connection with the IPC terminal. If the determination is yes, the APP client is allowed to establish a connection with the IPC terminal. For ease of understanding, the process is further illustrated as follows. For example, the APP client and the IPC terminal establish a connection through the base station as a relay station. First, the APP client initiates a TCP connection to the base station, and then the base station uses the master. The public key check provided by the server determines whether the sig provided by the APP client is legal. When the check result is legal, the primary server sends the check result information to the IPC terminal, so that the IPC terminal initiates a connection to the base station, and the base station also uses the base station. The public key check provided by the primary server determines whether the sig provided by the IPC terminal is legal. If the check result is legal, the APP client establishes a connection with the IPC terminal, and can perform corresponding subsequent actions.

S330. The IPC terminal encrypts the audio and video stream by using the encryption key, and then transmits the audio and video stream to the APP client.

S340. After receiving the audio and video stream encrypted by the IPC terminal, the APP client decrypts the audio and video stream by using the decryption key to implement audio and video playback.

Specifically, after receiving the encrypted audio and video stream, the APP client can perform normal decryption after performing decryption by using the corresponding decryption key, and if the APP client receives the encrypted audio and video stream, there is no decryption key or no Corresponding decryption key, then the encrypted audio and video stream cannot be decrypted normally, that is, the audio and video cannot be played normally.

Further, referring to FIG. 9, the method of the present invention further includes a step S350, in which the APP client and the IPC terminal are closed from the base station.

Specifically, the APP client actively closes the TCP long connection with the base station, and then the base station sends the command result to the IPC terminal, and after receiving the IPC terminal, the TCP connection with the base station is also closed. The above is implemented on the premise that the base station is used as a relay station to establish an connection between the APP client and the IPC terminal, and the base station can also be implemented as a transit station by other means.

Further, the method of the present invention further includes a signaling processing step when the APP client sends operation control signaling to the IPC terminal; the step may be interspersed in the foregoing related steps, and the specific operation control The signaling may include a light-on command, a shaking command, and a focus command. The step specifically includes: the APP client sends corresponding operation control signaling, and after receiving the signaling sent by the APP client, the primary server The APP client returns the response data, and sends an execution signaling notification by using the private key signature to the IPC terminal, and after receiving the execution signaling notification, the IPC terminal performs an execution action corresponding to the execution signaling, and After the signaling execution result is uploaded to the primary server, the process ends after the primary server receives the signaling execution result uploaded by the IPC terminal, where the parameters for performing the signaling notification include a session ID and a signaling code.

Further, the method of the present invention further includes the step of the IPC terminal pushing an event to the APP client.

Specifically, the process includes: the IPC terminal pushes the event data to the primary server by using the HTTPS, and after receiving the event data sent by the IPC terminal, the primary server returns the response data to the IPC terminal and sends the response data to the APP client. The message notification of the event, after the APP client receives the message notification, if the event is intentionally sent to the main server to send a request for acquiring the specific data of the event, the main server receives the request of the APP client to acquire the specific data of the event and Respond to the request. The message notification sent by the primary server to the APP client is signed by using its private key, and the message notification parameter includes a session ID and a signaling code. This step can greatly improve the interactivity of information between the APP client, the server and the IPC terminal, and also improve the timeliness and stability of information transmission.

Further, the method of the present invention further includes the step of unbinding between the APP client and the IPC terminal.

Specifically, the step of the step is substantially the same as the step of processing the operation control signaling sent by the APP client to the IPC terminal, which is equivalent to the APP client sending an unbinding signaling to the IPC terminal; The difference is that the process requires the primary server to delete the local binding state. This step facilitates the binding state relationship between the APP client and the IPC terminal.

Further, the method of the present invention further includes the step of the APP client triggering the IPC terminal upgrade.

Specifically, the step process integrates the operation control signaling sent by the APP client to the IPC terminal, which is similar to the APP client sending an upgrade signaling to the IPC terminal, but in the process The IPC terminal also closes the offline and starts the online process, and during this step, the IPC terminal feeds back the upgrade process status information to the primary server multiple times. This step enables the defects to be continuously optimized, which makes the user's operation more convenient and improves the user experience.

Referring to FIG. 10, in an embodiment of the present invention, in step S350, the APP client and the IPC terminal are disconnected from the base station, the method includes: S351, the APP client sends a forced shutdown to the primary server. Signaling of the TCP connection between the APP client and the IPC terminal and the base station.

S353. The primary server sends a notification to the IPC terminal to close a TCP connection with the base station.

S355. After receiving the notification sent by the primary server, the IPC terminal closes the TCP connection with the base station.

For example, the APP client shares audio and video information to other parts of the client for playback, and the APP client directly connected to the IPC terminal needs to cancel sharing to forcibly close the connection with the IPC terminal. For ease of understanding, the process is further illustrated. If the APP client and the IPC terminal are connected to each other through the base station as a transit station, the specific process is as follows: the APP client actively closes the TCP long connection with the base station. The primary server sends an information notification to the APP client that needs to be unshared and forcibly closed. After receiving the notification, the APP client may send a signaling to the primary server to forcibly close the connection with the IPC terminal, the primary server. After receiving the signaling for forcibly closing the connection with the IPC terminal, the signaling result is fed back to the base station, and the control base station disconnects from the APP client, and simultaneously sends the close to the APP client to the IPC terminal. The notification of the end connection, after receiving the IPC terminal, also closes the TCP connection with the base station. It not only prevents the inconvenience caused by the direct owner of the IPC terminal, but also facilitates the control of the shared information by the direct owner of the IPC terminal. The above is implemented on the premise that the base station is used as a relay station to establish an connection between the APP client and the IPC terminal, and the base station can also be implemented as a relay station by other means.

Referring to FIG. 11, in another embodiment of the present invention, in step S350, the APP client and the IPC terminal are disconnected from the base station, the method includes: S352, the base station detects that the APP client is not detected. The IPC terminal is being used or operated for more than a preset time.

S354. The base station closes a TCP connection with the IPC terminal.

For ease of understanding, the process is further illustrated as follows. The specific process is as follows: when the base station detects that no APP client or other playing client is using or operating the IPC terminal for more than a preset time, The base station will close the TCP connection with the IPC terminal, and the APP client will also disconnect from the IPC terminal and the base station. It not only saves related resources, avoids waste of resources, but also prolongs the service life of related equipment to a certain extent. The above is implemented on the premise that the base station is used as a relay station to establish an connection between the APP client and the IPC terminal, and the base station can also be implemented as a relay station by other means.

In summary, in the present invention, the APP client binds to the IPC terminal, establishes a connection, and the primary server generates an encryption key and a decryption key and transmits the same to the APP client and the IPC terminal, respectively. The illegal user is prevented from acquiring and/or decrypting the audio and video stream information of the user, thereby ensuring the security of the audio and video stream information transmission, thereby improving the security of the user's privacy; in addition, the invention has better information interactivity, stability, and use. Convenience and better user experience, while saving related resources, avoiding waste of resources, and extending the service life of related equipment to a certain extent.

Correspondingly, the present invention also provides an IPC service implementation system based on an encryption mechanism. Referring to FIG. 12, the following includes the modules included in the system and the specific functions implemented by the modules. The system includes:

The registration binding module 31 is configured to connect the IPC terminal to the primary server via HTTP or HTTPS and register with the primary server, and the APP client performs binding with the IPC terminal.

The registration binding module 31 includes:

a binding judging unit, configured to acquire, by the qd and ts, the binding data of the IPC terminal, and determine whether the APP client is in a binding state; if yes, return the determination result, and downlink Binding result signaling; if not, performing binding operation and returning result, and downlink binding result signaling.

The process of binding the APP client to the IPC terminal includes: first, the APP client requests the primary server to obtain the binding data of the IPC terminal through the QID and the TS, and after the primary server grants the request, the determining Whether the APP client has been bound, if the determination is yes, the decision result is returned, and the downlink binding result signaling is sent to the APP client; if the determination is no, the binding operation and the return result are executed, and at the same time, The downlink binding result signaling is sent to the APP client and the IPC terminal. In addition, if the primary server does not allow the APP client to obtain the binding data of the IPC terminal, the acquisition fails, and the result notification of the failure of the acquisition is returned to the APP client, and the next acquisition request of the APP client is awaited.

The key generation module 32 is configured to generate an encryption key and a decryption key by the primary server, and transmit the encryption key to the IPC terminal and transmit the decryption key to the APP client.

Specifically, the encryption key and the decryption key adopt a symmetric encryption method.

The base station connection module 33 is configured to send, by the APP client, a play request to the primary server, so that the APP client and the IPC terminal respectively establish a TCP connection with the base station.

Specifically, referring to FIG. 14, the base station connection module 33 includes:

The first connection unit 331 is configured to initiate, by the APP client, a TCP connection to the base station.

The first check determining unit 332 is configured to determine, by the base station, whether the sig provided by the APP client is legal by using a public key check of the primary server; if the determination is negative, the connection fails; if the determination is yes, the The APP client establishes a connection with the base station, and sends a notification for connecting the base station to the IPC terminal by using the primary server.

The second connection unit 333 is configured to initiate, by the IPC terminal, a TCP connection to the base station.

The second check determining unit 334 is configured to determine, by the base station, whether the sig provided by the IPC terminal is legal using the public key check of the primary server; if the determination is negative, the connection fails, and if the determination is yes, the IPC The terminal establishes a connection with the base station.

The process of establishing a connection between the APP client and the IPC terminal includes: first, the APP client initiates a TCP connection to the base station, and then the base station uses the public key provided by the primary server to check whether the sig provided by the APP client is legal. When the check result is legal, the primary server sends the check result information to the IPC terminal, so that the IPC terminal initiates a connection to the base station, and the base station also checks whether the sig provided by the IPC terminal is legal by using the public key provided by the primary server. If the check result is legal, the APP client establishes a connection with the IPC terminal, and can perform corresponding subsequent actions.

Further, referring to FIG. 12, the system of the present invention further includes an encryption module 34, configured to encrypt the audio and video stream by the IPC terminal by using the encryption key, and then transmit the audio and video stream to the APP client.

The decryption module 35 is configured to perform decryption processing on the audio and video stream by using the decryption key after the APP client receives the audio and video stream encrypted by the IPC terminal, so as to implement audio and video playback.

In addition, if the APP client that is legal and has a normal decryption key for the encrypted audio and video stream shares the encrypted audio and video stream with other playback clients, the encrypted audio and video stream must be shared not only, but also Need to divide the corresponding decryption key The playing client that receives the encrypted audio and video stream shared by the APP client also needs to use the corresponding decryption key to decrypt the encrypted audio and video stream before playing normally. Therefore, the solution of the present invention can also share the audio and video information that the user is willing to share to the relevant user after authorizing the authorized user.

Further, referring to FIG. 13, the system of the present invention further includes a base station disconnection mode for the APP client and the IPC terminal to close the connection with the base station, 36; the base station disconnection module 36 includes:

And a first disconnecting unit, configured to perform, by the APP client, an operation of closing a TCP connection with the base station.

Specifically, the working process of the base station disconnection module 36 includes: the APP client actively closes the TCP long connection with the base station, and then the base station sends the command result to the IPC terminal, and after receiving the IPC terminal, the TCP connection with the base station is also closed. . The above is implemented on the premise that the base station is used as a relay station to establish an connection between the APP client and the IPC terminal, and the base station can also be implemented as a transit station by other means.

Further, the system of the present invention further includes a signaling processing module for signaling processing when the APP client sends operation control signaling to the IPC terminal. Referring to FIG. 15, the signaling processing module includes:

The signaling sending unit 371 is configured to send, by the APP client, signaling to the primary server by using HTTPS.

The information notification delivery unit 372 is configured to return response data to the primary server, and send an information notification of performing signaling to the IPC terminal by using HTTP.

The signaling execution unit 373 is configured to perform corresponding operations according to the signaling content by the IPC terminal, and upload a signaling execution result.

Specifically, the working process of the signaling processing module includes: the APP client sends corresponding operation control signaling, and after receiving the signaling sent by the APP client, the primary server returns response data to the APP client. And sending an execution signaling notification by using the private key signature to the IPC terminal, after receiving the execution signaling notification, the IPC terminal performs an execution action corresponding to the execution signaling, and uploads signaling execution to the primary server. As a result, after the primary server receives the signaling execution result uploaded by the IPC terminal, the process ends; wherein the parameters for performing the signaling notification include a session ID and a signaling code. The operation control signaling may include a light-on command, a shake command, a focus command, and the like.

Further, the system of the present invention further includes an event pushing module for the IPC terminal to push an event to the APP client. Referring to FIG. 16, the event pushing module includes:

The event sending unit 381 is configured to send, by the IPC terminal, event data to the primary server by using HTTPS.

The event issuance unit 382 is configured to return response data to the primary server, and send an information notification of the event to the APP client by using HTTP.

The event obtaining unit 383 is configured to request, by the APP client, specific data of an event to the primary server by using HTTPS.

Specifically, the working process of the event pushing module includes: the IPC terminal pushes event data to the primary server by using the HTTPS, and after receiving the event data sent by the IPC terminal, the primary server returns the response data to the IPC terminal and The APP client sends a message notification of the event, after the APP client receives the message notification, if the event is intentionally sent to the primary server to send a request for obtaining the specific data of the event, the primary server receives the APP client to obtain the request. A request for event specific data and respond to the request. The message notification sent by the primary server to the APP client is signed by using its private key, and the message notification parameter includes a session ID and a signaling code. This process can greatly improve the interactivity of information between the APP client, the server and the IPC terminal, and also improve the timeliness and stability of information transmission.

Further, the system of the present invention further includes an unbinding module for unbinding between the APP client and the IPC terminal.

Specifically, the working process of the unbinding module is similar to the working process of the signaling processing module, which is equivalent to the APP client sending an unbinding signaling to the IPC terminal; the difference is that the unbinding module The work process requires the primary server to remove the local binding state. The unbinding module has a binding state relationship that facilitates the APP client to freely control the IPC terminal.

Further, the system of the present invention further includes an upgrade module for the APP client to trigger the upgrade of the IPC terminal.

Specifically, the working process of the upgrade module is similar to the working process of the signaling processing module, and the APP client sends an upgrade signaling to the IPC terminal, but the IPC terminal is also closed in the process. The process of going offline and starting the online, and in the process, the IPC terminal will feedback the upgrade process status information to the primary server multiple times. The upgrade module can be systemized The defect is continuously optimized to make the user's operation more convenient and improve the user experience.

In still another embodiment of the present invention, the base station disconnection module 36 further includes:

And disconnecting the sending unit, configured to send, by the APP client, signaling for forcibly closing a TCP connection between the APP client and the IPC terminal and the base station to the primary server.

And a notification sending unit, configured to send, by the primary server, a notification to close the TCP connection with the base station to the IPC terminal.

a second disconnecting unit, configured to: after the IPC terminal receives the notification sent by the primary server, the IPC terminal closes a TCP connection with the base station.

Specifically, for example, the APP client shares audio and video information to other parts of the client for playback, and the APP client directly connected to the IPC terminal needs to cancel sharing to forcibly close the connection with the IPC terminal. The specific process is as follows: the APP client actively closes the TCP long connection with the base station, and the primary server sends an information notification to the APP client that needs to be unshared and forcibly closed. After receiving the information notification, the APP client can then redirect to the primary server. Sending a signaling for forcibly closing the connection with the IPC terminal, after receiving the signaling for forcibly closing the connection with the IPC terminal, the primary server feeds back the signaling result to the base station, and controls the base station and the APP client to be disconnected. The connection is opened, and at the same time, the IPC terminal is notified to close the connection with the APP client, and after receiving the IPC terminal, the TCP connection with the base station is also closed. It not only prevents the inconvenience caused by the direct owner of the IPC terminal, but also facilitates the control of the shared information by the direct owner of the IPC terminal. The above is implemented on the premise that the base station is used as a relay station to establish an connection between the APP client and the IPC terminal, and the base station can also be implemented as a relay station by other means.

a third disconnecting unit, configured to: when the base station detects that the APP client is not using or operating the IPC terminal, and continues to exceed a preset time, the base station closes the TCP with the IPC terminal. connection.

Specifically, for ease of understanding, the process of the base station disconnection module is further illustrated as follows: when the base station detects that no APP client or other playback client is using or operating the IPC terminal. After the preset time is exceeded, the base station closes the TCP connection with the IPC terminal, and the APP client also disconnects from the IPC terminal and the base station. It not only saves related resources, avoids waste of resources, but also prolongs the service life of related equipment to a certain extent. The above is implemented on the premise that the base station is used as a relay station to establish an connection between the APP client and the IPC terminal, and the base station can also be implemented as a relay station by other means.

In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some embodiments, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the specification.

While some exemplary embodiments of the invention have been shown in the foregoing, the embodiments of the invention may The scope is defined by the claims and their equivalents.

The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of some or all of the components of an encryption mechanism based IPC service implementation system in accordance with an embodiment of the present invention. Features. The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.

For example, Figure 17 shows a block diagram of a computing device for performing the method in accordance with the present invention. The computing device conventionally includes a processor 1710 and a computer program product or computer readable medium in the form of a memory 1720. The memory 1720 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM. Memory 1720 has a memory space 1730 for program code 1731 for performing any of the method steps described above. For example, the storage space 1730 for program code may include respective program codes 1731 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG. The storage unit may have a storage segment, a storage space, and the like that are similarly arranged to the storage 1720 in the computing device of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes computer readable code 1731', ie, code that can be read by a processor, such as, for example, 1710, which when executed by a computing device causes the computing device to perform each of the methods described above step.

"an embodiment," or "an embodiment," or "an embodiment," In addition, it is noted that the phrase "in one embodiment" is not necessarily referring to the same embodiment.

It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.

In addition, it should be noted that the language used in the specification has been selected for the purpose of readability and teaching, and is not intended to be construed or limited. Therefore, many modifications and changes will be apparent to those skilled in the art without departing from the scope of the invention. The disclosure of the present invention is intended to be illustrative, and not restrictive, and the scope of the invention is defined by the appended claims.

Claims

An IPC service implementation method based on an encryption mechanism, which comprises the following steps:

Receiving the connection and registration request of the IPC terminal and completing its registration;

Generating an encryption key and a decryption key, respectively corresponding to the IPC terminal and the APP client bound to the IPC terminal;

Receiving a play request of the APP client, and controlling the APP client to establish a connection with the IPC terminal, so that the IPC terminal transmits the audio and video stream encrypted by using the encryption key to the APP that can be decrypted by using the decryption key. The client performs decryption playback.
The method of claim 1, wherein the specific steps in the process of binding the IPC terminal to the APP client include:

Granting the APP client to acquire binding data of the IPC terminal, and determining whether the APP client is in a binding state;

If yes, the decision result is returned, and the downlink binding result signaling is performed;

If not, the binding operation is performed and the result is returned, and the result signaling is downlink bound.
The method according to claim 1 or 2, wherein the specific steps in the process of controlling the connection between the APP client and the IPC terminal include:

Controlling the APP client to initiate a connection to the IPC terminal;

Using the public key check to determine whether the sig provided by the APP client and the IPC terminal is legal; if the determination is no, the APP client is not allowed to establish a connection with the IPC terminal, and if the determination is yes, the grant is granted. The APP client establishes a connection with the IPC terminal.
The method of any of claims 1-3, wherein the method further comprises: the step of processing the operation control signaling sent by the APP client to the IPC terminal; the step specifically comprising:

Receiving signaling sent by the APP client;

Returning the response data to the APP client, and sending an execution signaling notification by using the private key signature to the IPC terminal, where the parameters of the execution signaling include a session ID and a signaling code;

Receiving a signaling execution result uploaded by the IPC terminal.
The method of any of claims 1-4, wherein the method further comprises the step of assisting the APP client to close the connection with the IPC terminal; the step specifically comprising:

Receiving, by the APP client, signaling for forcibly closing a connection with the IPC terminal;

Sending a notification to the IPC terminal to close the connection with the APP client.
The method of any of claims 1-5, wherein the method further comprises: a step of assisting the IPC terminal to push an event to the APP client; the step specifically comprising:

Receiving event data sent by the IPC terminal;

Returning response data to the IPC terminal, and sending a message notification of the event to the APP client;

Receiving a request for the APP client to acquire event specific data, and responding to the request.
The method of any of claims 1-6, wherein the method further comprises the step of assisting in processing the unbinding between the APP client and the IPC terminal.
The method of any of claims 1-7, wherein the method further comprises the step of assisting in processing the APP client to trigger the IPC terminal upgrade.
The method of any of claims 1-8, wherein the encryption key and the decryption key are generated using a symmetric encryption algorithm.
An IPC service implementation system based on an encryption mechanism, which includes:

a receiving module, configured to receive a connection and registration request of the IPC terminal, and complete registration thereof;

Generating a transmission module, configured to generate an encryption key and a decryption key, and respectively corresponding to the IPC terminal and an APP client bound to the IPC terminal;

a receiving control module, configured to receive a play request of the APP client, and control the APP client to establish a connection with the IPC terminal, so that the IPC terminal transmits the audio and video stream encrypted by using the encryption key to enable The APP client decrypting the key for decryption plays the decrypted play.
The system of claim 10, further comprising: a control module for controlling binding of the APP client to the IPC terminal; the control module comprising:

a granting unit, configured to: grant the APP client to acquire binding data of the IPC terminal; and determine whether the APP client is in a binding state;

If yes, the decision result is returned, and the downlink binding result signaling is performed;

If not, the binding operation is performed and the result is returned, and the result signaling is downlink bound.
The system of claim 10 or 11, wherein the receiving control module comprises:

a control unit, configured to control the APP client to initiate a connection to the IPC terminal;

a determining unit, configured to determine, by using a public key check, whether the sig provided by the APP client and the IPC terminal is legal; if the determination is no, the APP client is not allowed to establish a connection with the IPC terminal, and if the determination is yes When the APP client is granted to establish a connection with the IPC terminal.
The system of any of claims 10-12, wherein the system further comprises a processing module for processing operation control signaling sent by the APP client to the IPC terminal; the processing module comprising:

a first receiving unit, configured to receive signaling sent by the APP client;

a notification sending unit, configured to return response data to the APP client, and send an execution signaling that is signed by the private key to the IPC terminal, where the parameters of the execution signaling include a session ID and a signaling code;

And a second receiving unit, configured to receive a signaling execution result uploaded by the IPC terminal.
The system of any of claims 10-13, wherein the system further comprises a disconnection assistance module for assisting the APP client to close a connection with the IPC terminal; the disconnection assistance module includes :

a strong closed receiving unit, configured to receive signaling sent by the APP client to forcibly close a connection with the IPC terminal;

And a strong closed sending unit, configured to send a notification to the IPC terminal to close the connection with the APP client.
The system of any of claims 10-14, wherein the system further comprises a push assistance module for assisting the IPC terminal to push an event to an APP client; the push assistance module comprising:

a push receiving unit, configured to receive event data sent by the IPC terminal;

a sending and delivering unit, configured to return response data to the IPC terminal, and send a message notification of the event to the APP client;

The request receiving unit is configured to receive the request of the APP client to acquire event specific data, and respond to the request.
The system of any of claims 10-15, wherein the system further comprises an unbundling assistance module for facilitating processing of unbinding between the APP client and the IPC terminal.
The system of any of claims 10-16, wherein the system further comprises an upgrade assistance module for assisting in processing the APP client to trigger the IPC terminal upgrade.
The system of any of claims 10-17, wherein the encryption key and the decryption key are generated using a symmetric encryption algorithm.
An IPC service implementation method based on an encryption mechanism, comprising the following steps:

The IPC terminal connects to the primary server through HTTP or HTTPS and registers with the primary server, and then the APP client performs binding with the IPC terminal;

The primary server generates an encryption key and a decryption key, and transmits the encryption key to the IPC terminal, and transmits the decryption key to the APP client, the encryption key and a decryption key Using symmetric encryption;

Sending, by the APP client, a play request to the primary server, so that the APP client and the IPC terminal respectively establish a TCP connection with the base station;

The IPC terminal encrypts the audio and video stream by using the encryption key, and transmits the audio and video stream to the APP client;

After receiving the audio and video stream encrypted by the IPC terminal, the APP client decrypts the audio and video stream by using the decryption key to implement audio and video playback.
The method of claim 19, wherein the step of the binding of the APP client to the IPC terminal comprises:

The APP client obtains binding data of the IPC terminal by using qid and ts, and determines whether the APP client is in a binding state.

If yes, the decision result is returned, and the downlink binding result signaling is performed;

If not, the binding operation is performed and the result is returned, and the result signaling is downlink bound.
The method according to claim 19 or 20, wherein in the process of establishing a TCP connection between the APP client and the IPC terminal and the base station, the specific steps include:

The APP client initiates a TCP connection to the base station;

The base station uses the public key of the primary server to check whether the sig provided by the APP client is legal; if the determination is no, the connection fails, and if the determination is yes, the APP client establishes a connection with the base station, and Sending, by the primary server, a notification that the base station is connected to the IPC terminal;

The IPC terminal initiates a TCP connection to the base station;

The base station uses the public key of the primary server to check whether the sig provided by the IPC terminal is legal. If the determination is negative, the connection fails. If the determination is yes, the IPC terminal establishes a connection with the base station.
The method according to any one of claims 19 to 21, wherein the method comprises: a signaling processing step when the APP client sends operation control signaling to the IPC terminal; the step specifically comprising:

The APP client sends signaling to the primary server by using HTTPS;

The primary server returns response data, and sends an information notification of performing signaling to the IPC terminal by using HTTP, the information notification is signed by a private key of the primary server, and the information notification parameter includes a session ID and signaling. code;

The IPC terminal performs a corresponding operation according to the signaling content, and uploads a signaling execution result.
The method according to any one of claims 19 to 22, wherein the method comprises the steps of: closing the connection between the APP client and the IPC terminal and the base station; the step specifically comprising:

The APP client actively performs an operation of closing a TCP connection with the base station.
The method according to any one of claims 19 to 23, wherein the step of closing the connection between the APP client and the IPC terminal and the base station further comprises:

Sending, by the APP client, signaling for forcibly closing a TCP connection between the APP client and the IPC terminal and the base station to the primary server;

The primary server sends a notification to the IPC terminal to close a TCP connection with the base station;

After the IPC terminal receives the notification sent by the primary server, the IPC terminal closes the TCP connection with the base station.
The method according to any one of claims 19 to 24, wherein the step of closing the connection between the APP client and the IPC terminal and the base station; further comprising:

After the base station detects that the APP client is not using or operating the IPC terminal, and continues for more than a preset time, the base station closes the TCP connection with the IPC terminal.
The method of any of claims 19 to 25, wherein the method further comprises: the IPC terminal The step of the APP client pushing the event; the step specifically includes:

The IPC terminal sends event data to the primary server by using HTTPS;

The primary server returns response data, and sends an information notification of the event to the APP client by using HTTP;

The APP client requests and acquires specific data of an event from the primary server through HTTPS.
The method of any of claims 19-26, wherein the method further comprises the step of unbinding between the APP client and the IPC terminal.
The method of any of claims 19-27, wherein the method further comprises the step of the APP client triggering the IPC terminal upgrade.
An IPC service implementation system based on an encryption mechanism, which includes:

Registering a binding module, the IPC terminal is connected to the primary server by using HTTP or HTTPS, and is registered with the primary server, and the APP client performs binding with the IPC terminal;

a key generation module, configured to generate an encryption key and a decryption key by the primary server, and transmit the encryption key to the IPC terminal and transmit the decryption key to the APP client; The encryption key and the decryption key are symmetrically encrypted;

a base station connection module, configured to send, by the APP client, a play request to the primary server, so that the APP client and the IPC terminal respectively establish a TCP connection with the base station;

An encryption module, configured to: the IPC terminal encrypts the audio and video stream by using the encryption key, and transmits the audio and video stream to the APP client;

And a decryption module, configured to perform decryption processing on the audio and video stream by using the decryption key after the APP client receives the audio and video stream encrypted by the IPC terminal, so as to implement audio and video playback.
The system of claim 29 wherein said registration binding module comprises:

a binding determining unit, configured to acquire the binding data of the IPC terminal by using the qid and the ts, and determine whether the APP client is in a binding state;

If yes, the decision result is returned, and the downlink binding result signaling is performed;

If not, the binding operation is performed and the result is returned, and the result signaling is downlink bound.
The system of claim 29 or 30, wherein the base station connection module comprises:

a first connecting unit, configured to initiate, by the APP client, a TCP connection to the base station;

a first check judging unit, configured to: use the public key check of the main server to determine whether the sig provided by the APP client is legal; if the determination is no, the connection fails; if the determination is yes, the APP The client establishes a connection with the base station, and sends a notification for connecting the base station to the IPC terminal by using the primary server;

a second connecting unit, configured to initiate, by the IPC terminal, a TCP connection to the base station;

a second check judging unit, configured to: use the public key check of the main server to determine whether the sig provided by the IPC terminal is legal; if the determination is no, the connection fails, and if the determination is yes, the IPC terminal Establish a connection with the base station.
The system of any of claims 29-31, wherein the system further comprises a signaling processing module for signaling processing when the APP client sends operational control signaling to the IPC terminal, The signaling processing module includes:

a signaling sending unit, configured to send, by the APP client, signaling to the primary server by using HTTPS;

And the information notification sending unit is configured to send the response data to the primary server, and send an information notification of performing signaling to the IPC terminal by using HTTP; the information notification is signed by the private key of the primary server, where the information is The notification parameter includes a session ID and a signaling code;

And a signaling execution unit, configured to perform corresponding operations according to the signaling content by the IPC terminal, and upload a signaling execution result.
The system of any of claims 29-32, wherein the system further comprises for the APP The base station disconnecting module is connected to the base station and the IPC terminal and the base station is closed, and the base station disconnecting module includes:

And a first disconnecting unit, configured to perform, by the APP client, an operation of closing a TCP connection with the base station.
The system of any of claims 29-33, wherein the base station disconnection module further comprises:

a disconnect sending unit, configured to send, by the APP client, signaling for forcibly closing a TCP connection between the APP client and the IPC terminal and the base station to the primary server;

a notification sending unit, configured to send, by the primary server, a notification to the IPC terminal to close a TCP connection with the base station;

a second disconnecting unit, configured to: after the IPC terminal receives the notification sent by the primary server, the IPC terminal closes a TCP connection with the base station.
The system of any of claims 29-34, wherein the base station disconnection module further comprises:

a third disconnecting unit, configured to: when the base station detects that the APP client is not using or operating the IPC terminal, and continues to exceed a preset time, the base station closes the TCP with the IPC terminal. connection.
The system of any of claims 29-35, wherein the system further comprises an event pushing module for the IPC terminal to push an event to the APP client; the event pushing module comprising:

An event sending unit, configured to send, by the IPC terminal, event data to the primary server by using HTTPS;

An event sending unit, configured to send response data to the main server, and send an information notification of the event to the APP client by using HTTP;

An event obtaining unit, configured to request, by the APP client, specific data of an event to the primary server by using HTTPS.
The system of any of claims 29-36, wherein the system further comprises an unbundling module for unbinding between the APP client and the IPC terminal.
The system of any of claims 29-37, wherein the system further comprises an upgrade module for the APP client to trigger the IPC terminal upgrade.
A computer program comprising computer readable code, when said computer readable code is run on a computing device, causing said computing device to perform an encryption mechanism based IPC service according to any of claims 1-9 Implementing a method, or the computing device performing the encryption mechanism based IPC service implementation method according to any one of claims 19-28.
A computer readable medium storing the computer program of claim 39.