WO2023039871A1 - Data monitoring method, apparatus, device and system - Google Patents

Data monitoring method, apparatus, device and system Download PDF

Info

Publication number
WO2023039871A1
WO2023039871A1 PCT/CN2021/119269 CN2021119269W WO2023039871A1 WO 2023039871 A1 WO2023039871 A1 WO 2023039871A1 CN 2021119269 W CN2021119269 W CN 2021119269W WO 2023039871 A1 WO2023039871 A1 WO 2023039871A1
Authority
WO
WIPO (PCT)
Prior art keywords
call
client
encrypted
server
target
Prior art date
Application number
PCT/CN2021/119269
Other languages
French (fr)
Chinese (zh)
Inventor
刘军飞
关洪军
Original Assignee
海能达通信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 海能达通信股份有限公司 filed Critical 海能达通信股份有限公司
Priority to PCT/CN2021/119269 priority Critical patent/WO2023039871A1/en
Publication of WO2023039871A1 publication Critical patent/WO2023039871A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Definitions

  • the present invention relates to the field of data processing, more specifically, to a data monitoring method, device, equipment and system.
  • the data transmitted between devices is not encrypted, the data can be monitored directly based on the transmitted data, but when the transmitted data is encrypted, because the encryption password is unknown, the transmitted data cannot be decrypted, and thus the actual transmitted data cannot be obtained And realize the monitoring of data, reduce the reliability of data transmission.
  • the present invention provides a data monitoring method, device, equipment and system to solve the problem that the monitoring function of transmitted encrypted data cannot be realized and the reliability of data transmission is reduced.
  • a data monitoring method applied to a server comprising:
  • the target call In the case where the target call is monitored, obtain user information of a client subscribed to monitor the target call;
  • the encrypted call subscription monitoring message includes a target call identifier
  • acquiring user information of a client subscribed to monitor the target call includes:
  • the target call includes a target group call or a target individual call.
  • a data monitoring method applied to a client comprising:
  • the call key information is when the server monitors that there is a target call Next, obtain the user information of the client that subscribes to monitor the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can configure the call key based on the user information obtained after being encrypted and sent to the server;
  • the receiving server before the call key information sent by the receiving server, it also includes:
  • the encrypted call subscription monitoring message includes a target call identifier
  • the data monitoring method also includes:
  • the server sends the user information of the client to the call control terminal corresponding to the target call when the server detects that the target call exists
  • the The call control end encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
  • a data monitoring device applied to a server comprising:
  • An information acquisition module configured to acquire user information of a client subscribed to monitor the target call when the target call is detected
  • a data encryption module configured to send the user information to a call control terminal corresponding to the target call, so that the call control terminal encrypts a call key based on the user information to obtain encrypted call key information, and sent to said server;
  • a data forwarding module configured to receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information, get call key;
  • a call monitoring module configured to obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call encryption
  • the encryption key is used to decrypt the encrypted call content data to obtain the call content data.
  • a data monitoring device, an application client, the data monitoring device includes:
  • the decryption module is configured to receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key;
  • the call key information is the In the case of a target call, obtain user information of the client subscribed to monitor the target call, and send the user information to a call control terminal corresponding to the target call, so that the call control terminal is based on the user
  • the information is obtained by encrypting the call key and sending it to the server;
  • the monitoring module is configured to receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain the call content data.
  • a data monitoring device comprising: a memory and a processor
  • the memory is used to store programs
  • the processor invokes the program and is used to execute the above data monitoring method.
  • a data monitoring system comprising a server for executing the above data monitoring method, and a client for executing the above data monitoring method.
  • a storage medium includes a stored program, wherein when the program is running, the device where the storage medium is located is controlled to execute the above data monitoring method.
  • the present invention has the following beneficial effects:
  • the present invention provides a data monitoring method, device, equipment and system.
  • a target call When a target call is monitored, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the target call.
  • the corresponding call control terminal so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and Sending the call key information to the client, so that the client decrypts the call key information based on the user information to obtain a call key, and obtains the encrypted key information transmitted during the target call.
  • call content data and send the encrypted call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data .
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • Fig. 1 is a method flowchart of a data monitoring method provided by an embodiment of the present invention
  • FIG. 2 is a method flowchart of another data monitoring method provided by an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a scene of a data monitoring method provided by an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of another data monitoring method provided by an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a data monitoring device provided by an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of another data monitoring device provided by an embodiment of the present invention.
  • the data transmitted between devices is not encrypted, the data can be monitored directly based on the transmitted data, but when the transmitted data is encrypted, because the encryption password is unknown, the transmitted data cannot be decrypted, and thus the actual transmitted data cannot be obtained And realize the monitoring of data, reduce the reliability of data transmission.
  • the inventors found that when data is encrypted, the transmitted data cannot be decrypted because the encryption password is unknown. If the encryption password can be obtained, the transmitted data can be decrypted, thereby realizing data monitoring.
  • the present invention provides a data monitoring method, device, device, and system.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the The call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server, and receives the call key information , and send the call key information to the client, so that the client decrypts the call key information based on the user information, obtains the call key, and obtains the the encrypted call content data, and send the encrypted call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain Call content data.
  • the server sends the call key used by the encrypted data during the call to the client, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actually transmitted call content data.
  • the special encryption ensures that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • an embodiment of the present invention provides a data monitoring method applied to a server, and the server in this embodiment may be a mission-critical MCS server.
  • the invention can be applied to the field of mobile communication such as call monitoring under the encrypted situation of 3GPP key task end-to-end call.
  • the data monitoring method may include:
  • the target call may be a target group call or a target individual call, that is, in this embodiment, the group call or individual call may be monitored.
  • the server can pre-set the call monitoring function of the client. Specifically, before monitoring the existence of the target call, it also includes:
  • the encrypted call subscription monitoring message includes a target call identifier. That is to say, if a certain client wants to monitor a certain call, it can determine the target call to be monitored, and then send an encrypted call subscription monitoring message including the target call identifier of the target call to the server.
  • the target call ID can be:
  • target A and target B when target A calls with target B, such as the user numbers of A and B;
  • either a single call or a group call can be monitored.
  • the server is provided with an association relationship between the client and the authority to monitor the call, and the server inquires whether the client has the authority to monitor the target call from the above association relationship.
  • the target call is a call that the client can monitor, then send a successful subscription response message to the client, and record the client and the encrypted call subscription monitoring message.
  • the server starts listening to the call and confirms whether there is a client subscription to listen to the upcoming call or the ongoing call.
  • one client can subscribe to monitor multiple calls, and one call can also be subscribed and monitored by multiple clients.
  • the server will record the subscription message and monitor whether there is a call that is subscribed to monitor.
  • obtaining the user information of the client that subscribes to monitor the target call includes:
  • a target call when a target call is received, it is first determined whether there is a client monitoring the call, and if so, a client with the monitoring authority of the target call is determined, and then the client is sent A user information acquisition request is sent to the client, so that the client feeds back the user information of the client.
  • the user information of the client with monitoring authority may also be directly stored in the server.
  • User information can be information such as client name, identity mark, communication address, etc., so that when user information is needed, it can be obtained directly.
  • the user information may also be carried when the client sends the subscription monitoring message, or it may be sent separately in other business processes.
  • the number of clients is not limited, and may be one or multiple, that is, at least one client may monitor the same call.
  • the client In order to implement call monitoring, the client needs to obtain the call key used in the call process, and in order to ensure the security of the transmitted information, it is also necessary to ensure that other clients cannot obtain the call key. Furthermore, in this embodiment, the user information of the client may be used to encrypt the call key. Since the user information of the client is known only to the client and not to other clients, the client in this embodiment can decrypt the call key information encrypted with the user information to obtain the call key. At the same time, other clients cannot decrypt, ensuring the security of the encrypted data transmitted.
  • the call control terminal In order to use the user information of the client to encrypt the call key, the call control terminal needs to obtain the user information.
  • the server sends the user information to the call control terminal corresponding to the target call, so that all The call control end encrypts the call key based on the user information to obtain encrypted call key information.
  • the call control terminal may be the calling terminal.
  • the call control terminal may be a GMS agent terminal of the group management server in the group call, such as a group management server.
  • the call control terminal After the call control terminal obtains the encrypted call key information, it will send the call key information to the server, and the server will send the call key information to the client.
  • the client after receiving the call key information sent by the server, the client uses its own user information to decrypt the call key information to obtain the call key, and then can use the call key to The encrypted call content data is decrypted to obtain the call content data, so as to monitor the call content data, and output warning information in time when there are sensitive words in the call content data.
  • the encrypted call content data will be transmitted through the server.
  • the server will send the encrypted call content data to the client, so that the client can use the call
  • the key decrypts the encrypted call content data to obtain the call content data, realizing the monitoring of the transmitted data.
  • the server obtains the user information of each client and sends it to the call control terminal, and the call control terminal encrypts the key based on the user information respectively and then sends it to the server, and the server Then send them to the corresponding clients respectively. Subsequently, the server sends the obtained call content data to each client respectively, so that each client uses the call key to decrypt the encrypted call content data to obtain the call content data, thereby realizing the transmission of data. monitoring.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • the data monitoring method includes:
  • S21 Receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key; In the case of , obtain the user information of the client that subscribes to monitor the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can make calls based on the user information
  • the key is obtained after being encrypted and sent to the server.
  • the server before receiving the call key information sent by the server, it also includes:
  • the encrypted call subscription monitoring message includes a target call identifier
  • the data monitoring method also includes:
  • the server sends the user information of the client to the call control terminal corresponding to the target call when the server detects that the target call exists
  • the The call control end encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • Step 1 Monitoring terminal 1 and monitoring terminal 2 send a subscription request to the MCS server.
  • monitoring terminal 1 UE-DL1
  • monitoring terminal 2 UE-DL2
  • UE-DL1 monitoring terminal 1
  • UE-DL2 monitoring terminal 2
  • one listening terminal alone initiates the request, for example, only the listening terminal 1 (UE-DL1) initiates the encrypted call subscription monitoring of the user.
  • Step 2 The MCS server performs an authorization check, and sends subscription confirmation information to the monitoring terminal 1 and the monitoring terminal 2.
  • the MCS server After the MCS server receives the subscription request for careful monitoring of encrypted calls, it conducts an authorization check, specifically checking whether the corresponding terminal is configured with monitoring authority. After the authority check is passed, the encrypted call monitoring subscription context is recorded locally, and encrypted call subscription success response messages are sent back to the monitoring terminals UE-DL1 and UE-DL2 respectively.
  • monitoring terminal 1 UE-DL1
  • monitoring terminal 2 UE-DL2
  • UE-O the calling terminal
  • UE-T the called terminal Single call between
  • Step 3 The calling terminal initiates a call request to the called party to the MCS server.
  • the request carries identification numbers of the calling terminal UE-O and the called terminal UE-T.
  • the calling terminal UE-O decides to initiate a voice or video encrypted single call to the terminal UE-T.
  • the calling terminal UE-O locally generates a PCK (Private Call Key, private call key), and sends the session initiation protocol
  • the invitation message SIP invite (SIP: Session Initial Protocol, session initiation protocol) carries mikey (PCK, UE-T) to the MCS server.
  • Step 4 The MCS server initiates a call request to the called party.
  • the MCS server receives and processes the invite message and forwards it to the called terminal UE-T, and the called terminal UE-T decrypts mikey(PCK, UE-T) to obtain the single call key PCK.
  • the MCS server checks the local encrypted call subscription monitoring context, and determines that monitoring terminal 1 and monitoring terminal 2 have subscribed to the call monitoring.
  • Step 5 The MCS server sends the call key acquisition request of the monitoring terminal to the calling terminal.
  • the MCS server sends a request message for obtaining a call key to the calling terminal, where the key request message includes user information of the monitoring terminal 1 and the monitoring terminal 2 .
  • Step 6 The calling terminal sends a response message carrying the encryption key usable by the monitoring terminal to the MCS server.
  • the calling terminal UE-O encrypts the single call key of this call based on the user information of the monitoring terminal 1 (UE-DL1) and the monitoring terminal 2 (UE-DL2), and generates the encryption key of the monitoring terminal 1 and the monitoring terminal 1.
  • the encryption key of terminal 2 is then sent to the server through a response message.
  • the calling terminal after receiving the message, the calling terminal encrypts the PCK with the user information of the listening terminal 1 (UE-DL1) and the listening terminal 2 (UE-DL2), and sends a message carrying mikey (PCK, UE-DL1) and mikey (PCK, UE-DL2) to the MCS server.
  • Steps 7-8 The MCS server sends a monitor call request to monitor terminal 1 and monitor terminal 2 .
  • the MCS server forwards the secret key information mikey (PCK, UE-DL1) and mikey (PCK, UE-DL2) to the monitoring terminal 1 (UE- DL1) and the monitoring terminal 2 (UE-DL2), specifically forward the encryption key mikey (PCK, UE-DL1) to the monitoring terminal 1, and the encryption key mikey (PCK, UE-DL2) to the monitoring terminal 2.
  • the monitoring terminals UE-DL1 and UE-DL2 respectively use their own user information to decrypt the mikey information, and take out the private call key PCK.
  • Step 9 The called terminal sends a call response to the MCS server.
  • Step 10 The MCS server sends the call response to the calling terminal.
  • Step 11 The calling terminal sends a call second handshake response to the MCS server.
  • Step 12 The MCS server sends a call second handshake response to the called terminal.
  • the called terminal UE-T sends a call signaling SIP:18X/200 to the MCS server, and the call information may be to accept a single call, reject a single call, or report progress.
  • the MCS server forwards the message to the calling terminal UE-O, and the calling terminal UE-O sends the call second handshake response message to the MCS server after receiving it, and the MCS server forwards the call second handshake response message to the calling terminal UE-T.
  • Steps 13-14 the monitoring terminal sends a call response to the MCS server.
  • Steps 15-16 The MCS server sends a call second handshake response to the monitoring terminal.
  • the monitoring terminals UE-DL1/UE-DL2 respectively send call signaling SIP:18X/200 to the MCS server, and the MCS server sends call second handshake response messages to the terminal UE-DL1/UE-DL2 respectively.
  • steps 9-16 are a normal communication process between two devices during data transmission.
  • Step 17 The calling terminal sends SRTP to the MCS server.
  • Steps 18-20 The MCS server sends SRTP to the called terminal and the listening terminal.
  • the speaking party is speaking (may be the calling terminal or the called terminal), in this embodiment, the speaking party is the calling terminal as an example.
  • the MCS server forwards the SRTP (Security Secure Real-time Transport Protocol, secure RTP protocol) encrypted media sent by the calling terminal to the called terminal, and the MCS server also forwards the SRTP encrypted media to the monitoring terminal 1/2 respectively, and the monitoring terminal receives the encrypted media After that, the PCK is used for decryption and playback, so that monitoring can be realized based on the decrypted content.
  • SRTP Security Secure Real-time Transport Protocol, secure RTP protocol
  • steps 5-8 and corresponding steps 13-14 may be performed after the call negotiation between the calling terminal and the called terminal is completed and the call service is officially started. That is, the server checks whether there is a monitoring subscription after confirming that the call negotiation is successful, and does not check the subscription monitoring status for a call that fails in negotiation or is rejected by the called party.
  • the group call monitoring process is similar to the single call monitoring process. In this embodiment, only a brief introduction is made to the group call process, as follows:
  • Step 1-2
  • Monitoring terminal 1 UE-DL1
  • monitoring terminal 2 UE-DL2
  • the MCS server After receiving the subscription message, the MCS server performs an authorization check. After the authorization check passes, the local Record the encrypted call subscription monitoring context, and send back the careful monitoring encrypted call subscription success response message to the monitoring terminals UE-DL1 and UE-DL2 respectively.
  • the calling terminal UE-O decides to initiate a voice or video encrypted single call to the group.
  • UE-O obtains the GMK, and sends a group call request.
  • SIP invite carries mikey (GMK, group) to the MCS server, and the MCS server receives After the invite message is processed, it is forwarded to the group called terminal UE-Ts, and UE-Ts uses the group secret key to decrypt mikey(GMK, group) to obtain the secret key GMK.
  • the MCS server checks the local encrypted call subscription monitoring context, and determines that the monitoring terminals UE-DL1 and UE-DL2 have subscribed to user or group monitoring.
  • the MCS server sends the monitoring terminal key to the group management server.
  • the group management server replies the monitoring terminal key response information to the MCS server. It should be noted that, in this embodiment, for the single call mode, the calling terminal may generate a key for the monitoring terminal to perform the monitoring function.
  • the group management server may generate a key for the interception terminal to perform the interception function.
  • the group management server After receiving the message, the group management server encrypts the GMK with UE-DL1 and UE-DL2 user information respectively, and sends the message carrying mikey(GMK, UE-DL1) and mikey(GMK, UE-DL2) to the MCS server.
  • the MCS server After receiving the GMS monitoring key response message, the MCS server forwards the encryption key mikey (GMK, UE-DL1) to the terminal UE-DL1, and the encryption key mikey (GMK, UE-DL2) to the terminal UE-DL2; the terminal UE -DL1 and UE-DL2 use their own key material to decrypt the mikey information and take out the key GMK.
  • Terminals UE-Ts each send a call response (including acceptance/rejection/progress) to MCS-Server, such as call signaling SIP: 18X/200, and the MCS server will process it after receiving it, and send a call response to terminal UE-O, such as SIP : 18X/200.
  • MCS-Server such as call signaling SIP: 18X/200
  • terminal UE-O After receiving it, the terminal UE-O sends a call second handshake response message to the MCS server, and the MCS server also sends a call second handshake response message to the called terminal of each group member.
  • the monitoring terminals UE-DL1/UE-DL2 each send a call response (including acceptance/rejection/progress) to the MCS server, such as call signaling SIP: 18X/200, and the MCS server sends a second call handshake response message to the terminal UE-DL1 respectively /UE-DL2.
  • a call response including acceptance/rejection/progress
  • the MCS server sends a second call handshake response message to the terminal UE-DL1 respectively /UE-DL2.
  • the MCS server forwards the SRTP encrypted media to the receiver in the group, and the MCS server also forwards the SRTP encrypted media to the listening terminal For UE-DL1/UE-DL2, after receiving the encrypted media, the monitoring terminal uses GMK to decrypt and play.
  • an MCX client authorized by the system can effectively monitor an end-to-end encrypted call, such as a single call between two terminals, or a group call between multiple terminals. In the case of ensuring high security, it can also provide monitoring function to optimize user experience.
  • another embodiment of the present invention provides a data monitoring device, which is applied to a server.
  • the data monitoring device includes:
  • An information acquisition module 11 configured to acquire user information of a client subscribed to monitor the target call when the target call is detected;
  • a data encryption module 12 configured to send the user information to the call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information , and sent to the server;
  • a data forwarding module 13 configured to receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information , get the calling key;
  • a call monitoring module 14 configured to obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call
  • the key decrypts the encrypted call content data to obtain the call content data.
  • a subscription information receiving module configured to receive an encrypted call subscription monitoring message sent by the client; the encrypted call subscription monitoring message includes a target call identifier;
  • An authority determining module configured to determine whether the client has the authority to monitor the target call corresponding to the target call identifier
  • a subscription message sending module configured to send a successful subscription response message to the client if yes, and record the client and the encrypted call subscription monitoring message.
  • information acquisition module 11 is specifically used for:
  • the target call includes a target group call or a target individual call.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • another embodiment of the present invention provides a data monitoring device, an application client, referring to FIG. 6, the data monitoring device includes:
  • the decryption module 21 is configured to receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key;
  • the call key information is the When there is a target call, obtain the user information of the client subscribed to listen to the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can based on the The user information is obtained by encrypting the call key and sending it to the server;
  • the monitoring module 22 is configured to receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain the call content data .
  • the monitoring subscription module is configured to send an encrypted call subscription monitoring message to the server; receive the successful subscription response information sent by the server when it is determined that the client has the right to monitor the target call corresponding to the target call identifier;
  • the encrypted call subscription monitoring message includes the target call identifier.
  • a request receiving module configured to receive a user information acquisition request sent by the server when it is determined that the client has the monitoring authority of the target call;
  • an information sending module configured to send the user information of the client to the server, so that the server sends the user information of the client to the corresponding
  • the call control terminal encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • another embodiment of the present invention provides a data monitoring device, which is characterized in that it includes: a memory and a processor;
  • the memory is used to store programs
  • the processor invokes the program and is used to execute the above data monitoring method.
  • another embodiment of the present invention provides a data monitoring system, including a system for executing the above-mentioned data monitoring method applied to a server The server, and the client of the above-mentioned data monitoring method applied to the client.
  • another embodiment of the present invention provides a storage medium, the storage medium includes a stored program, wherein When the program is running, control the device where the storage medium is located to execute the above data monitoring method.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.

Abstract

A data monitoring method, apparatus, device and system. A call control terminal encrypts a call key on the basis of user information of a client to obtain call key information, and forwards the call key to a client by means of a server, so that the client obtains the call key; the server obtains encrypted call content data transmitted during target call, and forwards the encrypted call content data to the client, so that the client decrypts the encrypted call content data by means of the call key to obtain call content data; the server sends the client a call key subjected to special encryption and used by encrypted data during call, so that the client can use the call key to decrypt the call content data encrypted during call, so as to obtain actually transmitted call content data. The special encryption ensures that only the client can decrypt an encryption key, that is, the monitoring during encrypted data transmission is realized, and the reliability of data transmission is improved.

Description

一种数据监听方法、装置、设备以及系统A data monitoring method, device, equipment and system 技术领域technical field
本发明涉及数据处理领域,更具体的说,涉及一种数据监听方法、装置、设备以及系统。The present invention relates to the field of data processing, more specifically, to a data monitoring method, device, equipment and system.
背景技术Background technique
目前,通信技术不断成熟,设备之间的数据传输频率越来越高,为了数据传输的安全性,需要对传输的数据进行监听。At present, communication technology continues to mature, and the frequency of data transmission between devices is getting higher and higher. For the security of data transmission, it is necessary to monitor the transmitted data.
在设备之间传输的数据未加密时,能够直接基于传输的数据进行数据的监听,但是当传输的数据加密时,由于加密密码未知,无法对传输的数据进行解密,进而无法获取传输的实际数据并实现数据的监听,降低数据传输的可靠性。When the data transmitted between devices is not encrypted, the data can be monitored directly based on the transmitted data, but when the transmitted data is encrypted, because the encryption password is unknown, the transmitted data cannot be decrypted, and thus the actual transmitted data cannot be obtained And realize the monitoring of data, reduce the reliability of data transmission.
发明内容Contents of the invention
有鉴于此,本发明提供一种数据监听方法、装置、设备以及系统,以解决无法实现对传输的加密数据的监听功能,降低数据传输的可靠性的问题。In view of this, the present invention provides a data monitoring method, device, equipment and system to solve the problem that the monitoring function of transmitted encrypted data cannot be realized and the reliability of data transmission is reduced.
为解决上述技术问题,本发明采用了如下技术方案:In order to solve the problems of the technologies described above, the present invention adopts the following technical solutions:
一种数据监听方法,应用于服务器,所述数据监听方法包括:A data monitoring method applied to a server, the data monitoring method comprising:
在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息;In the case where the target call is monitored, obtain user information of a client subscribed to monitor the target call;
将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器;sending the user information to the call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server ;
接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;receiving the call key information, and sending the call key information to the client, so that the client decrypts the call key information based on the user information to obtain a call key;
获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加 密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。Obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call key to encrypt the encrypted The call content data is decrypted to obtain the call content data.
可选地,在监听到存在目标呼叫之前,还包括:Optionally, before monitoring that there is a target call, it also includes:
接收客户端发送的加密呼叫订阅监听消息;所述加密呼叫订阅监听消息包括目标呼叫标识;receiving an encrypted call subscription monitoring message sent by the client; the encrypted call subscription monitoring message includes a target call identifier;
确定所述客户端是否具有监听所述目标呼叫标识对应的目标呼叫的权限;Determine whether the client has the authority to monitor the target call corresponding to the target call identifier;
若是,则发送成功订阅响应消息至所述客户端,并记录所述客户端及所述加密呼叫订阅监听消息。If yes, send a successful subscription response message to the client, and record the client and the encrypted call subscription monitoring message.
可选地,获取订阅监听所述目标呼叫的客户端的用户信息,包括:Optionally, acquiring user information of a client subscribed to monitor the target call includes:
查询具有所述目标呼叫的监听权限的客户端,发送用户信息获取请求至所述客户端,并接收所述客户端返回的所述客户端的用户信息。Querying the client with the interception authority of the target call, sending a user information acquisition request to the client, and receiving the user information of the client returned by the client.
可选地,所述目标呼叫包括目标组呼或目标单呼。Optionally, the target call includes a target group call or a target individual call.
一种数据监听方法,应用于客户端,所述数据监听方法包括:A data monitoring method applied to a client, the data monitoring method comprising:
接收服务器发送的呼叫密钥信息,并基于所述客户端的用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;所述呼叫密钥信息为所述服务器在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的所述客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密后发送给所述服务器得到的;receiving the call key information sent by the server, and decrypting the call key information based on the user information of the client to obtain the call key; the call key information is when the server monitors that there is a target call Next, obtain the user information of the client that subscribes to monitor the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can configure the call key based on the user information obtained after being encrypted and sent to the server;
接收所述服务器发送的所述目标呼叫过程中传输的加密后的呼叫内容数据,并使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。receiving the encrypted call content data transmitted during the target call sent by the server, and using the call key to decrypt the encrypted call content data to obtain the call content data.
可选地,所述接收服务器发送的呼叫密钥信息之前,还包括:Optionally, before the call key information sent by the receiving server, it also includes:
发送加密呼叫订阅监听消息至服务器;所述加密呼叫订阅监听消息包括目标呼叫标识;Send an encrypted call subscription monitoring message to the server; the encrypted call subscription monitoring message includes a target call identifier;
接收所述服务器在确定出所述客户端具有监听所述目标呼叫标识对应的目标呼叫权限的情况下,发送的成功订阅响应信息。Receive the successful subscription response information sent by the server when it is determined that the client has the authority to monitor the target call corresponding to the target call identifier.
可选地,所述数据监听方法还包括:Optionally, the data monitoring method also includes:
接收服务器在确定出所述客户端具有所述目标呼叫的监听权限的情况 下发送的用户信息获取请求;receiving the user information acquisition request sent by the server after determining that the client has the monitoring authority of the target call;
发送所述客户端的用户信息至所述服务器,以使所述服务器在监听到存在所述目标呼叫的情况下,将所述客户端的用户信息发送至所述目标呼叫对应的呼叫控制端,所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息并发送给所述服务器。sending the user information of the client to the server, so that the server sends the user information of the client to the call control terminal corresponding to the target call when the server detects that the target call exists, the The call control end encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
一种数据监听装置,应用于服务器,所述数据监听装置包括:A data monitoring device applied to a server, the data monitoring device comprising:
信息获取模块,用于在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息;An information acquisition module, configured to acquire user information of a client subscribed to monitor the target call when the target call is detected;
数据加密模块,用于将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器;a data encryption module, configured to send the user information to a call control terminal corresponding to the target call, so that the call control terminal encrypts a call key based on the user information to obtain encrypted call key information, and sent to said server;
数据转发模块,用于接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;a data forwarding module, configured to receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information, get call key;
呼叫监听模块,用于获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。A call monitoring module, configured to obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call encryption The encryption key is used to decrypt the encrypted call content data to obtain the call content data.
一种数据监听装置,应用客户端,所述数据监听装置包括:A data monitoring device, an application client, the data monitoring device includes:
解密模块,用于接收服务器发送的呼叫密钥信息,并基于所述客户端的用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;所述呼叫密钥信息为所述服务器在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的所述客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密后发送给所述服务器得到的;The decryption module is configured to receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key; the call key information is the In the case of a target call, obtain user information of the client subscribed to monitor the target call, and send the user information to a call control terminal corresponding to the target call, so that the call control terminal is based on the user The information is obtained by encrypting the call key and sending it to the server;
监听模块,用于接收所述服务器发送的所述目标呼叫过程中传输的加密后的呼叫内容数据,并使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。The monitoring module is configured to receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain the call content data.
一种数据监听设备,包括:存储器和处理器;A data monitoring device, comprising: a memory and a processor;
其中,所述存储器用于存储程序;Wherein, the memory is used to store programs;
处理器调用程序并用于执行上述的数据监听方法。The processor invokes the program and is used to execute the above data monitoring method.
一种数据监听系统,包括用于执行上述的数据监听方法的服务器、以及用于执行上述的数据监听方法的客户端。A data monitoring system, comprising a server for executing the above data monitoring method, and a client for executing the above data monitoring method.
一种存储介质,所述存储介质包括存储的程序,其中,在所述程序运行时控制所述存储介质所在设备执行上述的数据监听方法。A storage medium, the storage medium includes a stored program, wherein when the program is running, the device where the storage medium is located is controlled to execute the above data monitoring method.
相较于现有技术,本发明具有以下有益效果:Compared with the prior art, the present invention has the following beneficial effects:
本发明提供了一种数据监听方法、装置、设备以及系统,在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器,接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥,获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。即通过本发明,服务器将进行特殊加密之后的在呼叫过程中加密数据使用的呼叫密钥发送客户端,进而客户端能够使用该呼叫密钥对呼叫过程中加密的呼叫内容数据进行解密,得到实际传输的呼叫内容数据,特殊加密保证了仅该客户端能解密所述加密密钥,即实现了加密数据传输过程中的监控,又提高了数据传输的可靠性。The present invention provides a data monitoring method, device, equipment and system. When a target call is monitored, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the target call. The corresponding call control terminal, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and Sending the call key information to the client, so that the client decrypts the call key information based on the user information to obtain a call key, and obtains the encrypted key information transmitted during the target call. call content data, and send the encrypted call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data . That is to say, through the present invention, the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual The transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.
图1为本发明实施例提供的一种数据监听方法的方法流程图;Fig. 1 is a method flowchart of a data monitoring method provided by an embodiment of the present invention;
图2为本发明实施例提供的另一种数据监听方法的方法流程图;FIG. 2 is a method flowchart of another data monitoring method provided by an embodiment of the present invention;
图3为本发明实施例提供的一种数据监听方法的场景示意图;FIG. 3 is a schematic diagram of a scene of a data monitoring method provided by an embodiment of the present invention;
图4为本发明实施例提供的另一种数据监听方法的场景示意图;FIG. 4 is a schematic diagram of another data monitoring method provided by an embodiment of the present invention;
图5为本发明实施例提供的一种数据监听装置的结构示意图;FIG. 5 is a schematic structural diagram of a data monitoring device provided by an embodiment of the present invention;
图6为本发明实施例提供的另一种数据监听装置的结构示意图。FIG. 6 is a schematic structural diagram of another data monitoring device provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
在设备之间传输的数据未加密时,能够直接基于传输的数据进行数据的监听,但是当传输的数据加密时,由于加密密码未知,无法对传输的数据进行解密,进而无法获取传输的实际数据并实现数据的监听,降低数据传输的可靠性。When the data transmitted between devices is not encrypted, the data can be monitored directly based on the transmitted data, but when the transmitted data is encrypted, because the encryption password is unknown, the transmitted data cannot be decrypted, and thus the actual transmitted data cannot be obtained And realize the monitoring of data, reduce the reliability of data transmission.
为了解决上述技术问题,发明人发现,在数据加密时,由于加密密码未知,才导致不能对传输的数据进行解密,若是能够获取到加密密码,则可以对传输的数据进行解密,从而实现了数据的监控。In order to solve the above technical problems, the inventors found that when data is encrypted, the transmitted data cannot be decrypted because the encryption password is unknown. If the encryption password can be obtained, the transmitted data can be decrypted, thereby realizing data monitoring.
具体的,本发明提供了一种数据监听方法、装置、设备以及系统,在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器,接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥,获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。即通过本发明,服务器将呼叫过程中加密数据使用的呼叫密钥发送客户端,进而客户端能够使用该呼叫密钥对呼叫过程中加密的呼叫内容数据进行解密,得到实际传输的呼叫内容数据,特殊加密 保证了仅该客户端能解密所述加密密钥,即实现了加密数据传输过程中的监控,又提高了数据传输的可靠性。Specifically, the present invention provides a data monitoring method, device, device, and system. When a target call is detected, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the The call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server, and receives the call key information , and send the call key information to the client, so that the client decrypts the call key information based on the user information, obtains the call key, and obtains the the encrypted call content data, and send the encrypted call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain Call content data. That is, through the present invention, the server sends the call key used by the encrypted data during the call to the client, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actually transmitted call content data. The special encryption ensures that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
在上述内容的基础上,本发明实施例提供了一种数据监听方法,应用于服务器,本实施例中的服务器可以是关键任务MCS服务器。本发明可适用于3GPP关键任务端到端呼叫在加密情形下进行呼叫监听等移动通信领域。On the basis of the above content, an embodiment of the present invention provides a data monitoring method applied to a server, and the server in this embodiment may be a mission-critical MCS server. The invention can be applied to the field of mobile communication such as call monitoring under the encrypted situation of 3GPP key task end-to-end call.
参照图1,数据监听方法可以包括:Referring to Figure 1, the data monitoring method may include:
S11、在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息。S11. If it is detected that there is a target call, acquire user information of a client subscribed to monitor the target call.
本实施例中,目标呼叫可以是目标组呼或者是目标单呼,也就是说,本实施例中,可以对组呼或者是单呼进行监听。In this embodiment, the target call may be a target group call or a target individual call, that is, in this embodiment, the group call or individual call may be monitored.
服务器可以预先设置客户端的呼叫监听功能,具体的,在监听到存在目标呼叫之前,还包括:The server can pre-set the call monitoring function of the client. Specifically, before monitoring the existence of the target call, it also includes:
1)接收客户端发送的加密呼叫订阅监听消息。1) Receive the encrypted call subscription monitoring message sent by the client.
其中,所述加密呼叫订阅监听消息包括目标呼叫标识。也就是说,若是某一客户端想要对某一呼叫进行监听,则可以确定想要监听的目标呼叫,然后向服务器发送包括目标呼叫的目标呼叫标识的加密呼叫订阅监听消息。其中,目标呼叫标识可以是:Wherein, the encrypted call subscription monitoring message includes a target call identifier. That is to say, if a certain client wants to monitor a certain call, it can determine the target call to be monitored, and then send an encrypted call subscription monitoring message including the target call identifier of the target call to the server. Among them, the target call ID can be:
目标A与目标B进行呼叫时的目标A标识以及目标B标识,如A、B的用户号码;The identity of target A and target B when target A calls with target B, such as the user numbers of A and B;
或,正在处于呼叫状态的呼叫的标识;or, the identification of the call that is in the call state;
或,目标群组号码。Or, the target group number.
也即本实施例中,即可监听单呼,也可以监听组呼。That is to say, in this embodiment, either a single call or a group call can be monitored.
2)确定所述客户端是否具有监听所述目标呼叫标识对应的目标呼叫的权限。2) Determine whether the client has the authority to monitor the target call corresponding to the target call identifier.
具体的,服务器内设置有客户端与可监听呼叫权限之间的关联关系,服务器从上述的关联关系中,查询该客户端是否有监听目标呼叫的权限。Specifically, the server is provided with an association relationship between the client and the authority to monitor the call, and the server inquires whether the client has the authority to monitor the target call from the above association relationship.
3)若是,则发送成功订阅响应消息至所述客户端,并记录所述客户端及所述加密呼叫订阅监听消息。3) If yes, send a successful subscription response message to the client, and record the client and the encrypted call subscription monitoring message.
若上述目标呼叫是该客户端可监听的呼叫,则发送成功订阅响应消息 至所述客户端,并记录所述客户端及所述加密呼叫订阅监听消息。服务器开始监听呼叫,并确认即将开始的呼叫或正在进行的呼叫是否有客户端订阅监听。If the above-mentioned target call is a call that the client can monitor, then send a successful subscription response message to the client, and record the client and the encrypted call subscription monitoring message. The server starts listening to the call and confirms whether there is a client subscription to listen to the upcoming call or the ongoing call.
在本实施例中,一个客户端可以订阅监听多个呼叫,一个呼叫也可以被多个客户端订阅监听,服务器会记录订阅消息,并监听是否有存在被订阅监听的呼叫。In this embodiment, one client can subscribe to monitor multiple calls, and one call can also be subscribed and monitored by multiple clients. The server will record the subscription message and monitor whether there is a call that is subscribed to monitor.
本实施例中,获取订阅监听所述目标呼叫的客户端的用户信息,包括:In this embodiment, obtaining the user information of the client that subscribes to monitor the target call includes:
查询具有所述目标呼叫的监听权限的客户端,发送用户信息获取请求至所述客户端,并接收所述客户端返回的所述客户端的用户信息。Querying the client with the interception authority of the target call, sending a user information acquisition request to the client, and receiving the user information of the client returned by the client.
具体的,本实施例中,在接收到目标呼叫时,首先确定是否有客户端对该呼叫进行监听,若有,则确定具有所述目标呼叫的监听权限的客户端,然后向该客户端发送用户信息获取请求至所述客户端,以使所述客户端反馈所述客户端的用户信息。Specifically, in this embodiment, when a target call is received, it is first determined whether there is a client monitoring the call, and if so, a client with the monitoring authority of the target call is determined, and then the client is sent A user information acquisition request is sent to the client, so that the client feeds back the user information of the client.
或,获取预先存储的具有所述目标呼叫的监听权限的客户端的用户信息。Or, acquire pre-stored user information of the client with the interception authority of the target call.
具体的,为了节省通信资源,还可以直接将具有监控权限的客户端的用户信息存储到服务器中。用户信息可以是客户端名称、身份标识、通信地址等信息,以便在需要用户信息时,直接获取即可。Specifically, in order to save communication resources, the user information of the client with monitoring authority may also be directly stored in the server. User information can be information such as client name, identity mark, communication address, etc., so that when user information is needed, it can be obtained directly.
或,获取具有所述目标呼叫的监听权限的客户端预先发送的用户信息。Or, acquire the user information sent in advance by the client with the interception authority of the target call.
此外,还可以是在客户端在发送订阅监听消息时携带有用户信息,或者是在其它业务流程中单独发送的。In addition, the user information may also be carried when the client sends the subscription monitoring message, or it may be sent separately in other business processes.
需要说明的是,本实施例中,对客户端的数量不做限定,可以是一个,也可以是多个,即可以是至少一个客户端对同一个呼叫进行监听。It should be noted that, in this embodiment, the number of clients is not limited, and may be one or multiple, that is, at least one client may monitor the same call.
S12、将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器。S12. Send the user information to the call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the call control terminal said server.
为了实现呼叫监控,需要使客户端获取到呼叫过程中使用的呼叫密钥,并且,为了保证传输信息的安全性,还需要保证其他客户端不能获取到该呼叫密钥。进而本实施例中,可以是使用该客户端的用户信息对呼叫密钥进行加密。由于客户端的用户信息只有客户端已知,其他客户端未知,进 而本实施例中的客户端能够对使用用户信息对呼叫密钥加密的呼叫密钥信息进行解密,从而获取到呼叫密钥。同时,其他客户端无法进行解密,保证了传输的加密数据的安全性。In order to implement call monitoring, the client needs to obtain the call key used in the call process, and in order to ensure the security of the transmitted information, it is also necessary to ensure that other clients cannot obtain the call key. Furthermore, in this embodiment, the user information of the client may be used to encrypt the call key. Since the user information of the client is known only to the client and not to other clients, the client in this embodiment can decrypt the call key information encrypted with the user information to obtain the call key. At the same time, other clients cannot decrypt, ensuring the security of the encrypted data transmitted.
为了实现使用客户端的用户信息对呼叫密钥进行加密,需要使呼叫控制端获取到用户信息,本实施例中,服务器将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密,得到加密后的呼叫密钥信息。其中,在单呼时,呼叫控制端可以是主叫终端。在组呼时,呼叫控制端可以是组呼中的组管理服务器GMS代理终端,如组管理服务器。In order to use the user information of the client to encrypt the call key, the call control terminal needs to obtain the user information. In this embodiment, the server sends the user information to the call control terminal corresponding to the target call, so that all The call control end encrypts the call key based on the user information to obtain encrypted call key information. Wherein, during a single call, the call control terminal may be the calling terminal. During a group call, the call control terminal may be a GMS agent terminal of the group management server in the group call, such as a group management server.
呼叫控制端在得到加密后的呼叫密钥信息之后,会将呼叫密钥信息发送至服务器,服务器将呼叫密钥信息下发给客户端。After the call control terminal obtains the encrypted call key information, it will send the call key information to the server, and the server will send the call key information to the client.
S13、接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥。S13. Receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information to obtain a call key .
本实施例中,客户端在接收到服务器发送的呼叫密钥信息之后,使用自身的用户信息对呼叫密钥信息进行解密,得到呼叫密钥,进而就能够使用呼叫密钥,对呼叫过程中产生的加密后的呼叫内容数据进行解密操作,得到呼叫内容数据,从而对呼叫内容数据进行监控,在呼叫内容数据存在敏感词汇时,及时输出警示信息。In this embodiment, after receiving the call key information sent by the server, the client uses its own user information to decrypt the call key information to obtain the call key, and then can use the call key to The encrypted call content data is decrypted to obtain the call content data, so as to monitor the call content data, and output warning information in time when there are sensitive words in the call content data.
S14、获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。S14. Obtain the encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call key to The encrypted call content data is decrypted to obtain the call content data.
在呼叫过程中,传输的加密后的呼叫内容数据均会通过服务器传输,本实施例中,服务器会将加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据,实现了传输数据的监控。During the call process, the encrypted call content data will be transmitted through the server. In this embodiment, the server will send the encrypted call content data to the client, so that the client can use the call The key decrypts the encrypted call content data to obtain the call content data, realizing the monitoring of the transmitted data.
需要说明的是,在上述的客户端的数量为多个时,服务器获取到每一客户端的用户信息之后发送给呼叫控制端,呼叫控制端分别基于这些用户信息对密钥加密之后发送给服务器,服务器再分别发送给相应的客户端。后续,服务器将获取的呼叫内容数据也分别发至每一客户端,使得每一客 户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据,实现了传输数据的监控。It should be noted that when the number of the above-mentioned clients is multiple, the server obtains the user information of each client and sends it to the call control terminal, and the call control terminal encrypts the key based on the user information respectively and then sends it to the server, and the server Then send them to the corresponding clients respectively. Subsequently, the server sends the obtained call content data to each client respectively, so that each client uses the call key to decrypt the encrypted call content data to obtain the call content data, thereby realizing the transmission of data. monitoring.
本实施例中,在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器,接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥,获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。即通过本发明,服务器将进行特殊加密之后的在呼叫过程中加密数据使用的呼叫密钥发送客户端,进而客户端能够使用该呼叫密钥对呼叫过程中加密的呼叫内容数据进行解密,得到实际传输的呼叫内容数据,特殊加密保证了仅该客户端能解密所述加密密钥,即实现了加密数据传输过程中的监控,又提高了数据传输的可靠性。In this embodiment, when it is detected that there is a target call, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call The control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data. That is to say, through the present invention, the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual The transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
在上述内容的基础上,本发明的另一实施例提供了一种数据监听方法,应用于客户端,参照图2,所述数据监听方法包括:On the basis of the above content, another embodiment of the present invention provides a data monitoring method, which is applied to a client. Referring to FIG. 2, the data monitoring method includes:
S21、接收服务器发送的呼叫密钥信息,并基于所述客户端的用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;所述呼叫密钥信息为所述服务器在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的所述客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密后发送给所述服务器得到的。S21. Receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key; In the case of , obtain the user information of the client that subscribes to monitor the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can make calls based on the user information The key is obtained after being encrypted and sent to the server.
S22、接收所述服务器发送的所述目标呼叫过程中传输的加密后的呼叫内容数据,并使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。S22. Receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain call content data.
进一步,所述接收服务器发送的呼叫密钥信息之前,还包括:Further, before receiving the call key information sent by the server, it also includes:
发送加密呼叫订阅监听消息至服务器;所述加密呼叫订阅监听消息包括目标呼叫标识;Send an encrypted call subscription monitoring message to the server; the encrypted call subscription monitoring message includes a target call identifier;
接收所述服务器在确定出所述客户端具有监听所述目标呼叫标识对应的目标呼叫权限的情况下,发送的成功订阅响应信息。Receive the successful subscription response information sent by the server when it is determined that the client has the authority to monitor the target call corresponding to the target call identifier.
进一步,所述数据监听方法还包括:Further, the data monitoring method also includes:
接收服务器在确定出所述客户端具有所述目标呼叫的监听权限的情况下发送的用户信息获取请求;receiving the user information acquisition request sent by the server after determining that the client has the interception authority of the target call;
发送所述客户端的用户信息至所述服务器,以使所述服务器在监听到存在所述目标呼叫的情况下,将所述客户端的用户信息发送至所述目标呼叫对应的呼叫控制端,所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息并发送给所述服务器。sending the user information of the client to the server, so that the server sends the user information of the client to the call control terminal corresponding to the target call when the server detects that the target call exists, the The call control end encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
本实施例中,在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器,接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥,获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。即通过本发明,服务器将进行特殊加密之后的在呼叫过程中加密数据使用的呼叫密钥发送客户端,进而客户端能够使用该呼叫密钥对呼叫过程中加密的呼叫内容数据进行解密,得到实际传输的呼叫内容数据,特殊加密保证了仅该客户端能解密所述加密密钥,即实现了加密数据传输过程中的监控,又提高了数据传输的可靠性。In this embodiment, when it is detected that there is a target call, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call The control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data. That is to say, through the present invention, the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual The transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
需要说明的是,本实施例中的各个步骤的具体实现过程,请参照上述实施例中的相应说明,在此不再赘述。It should be noted that, for the specific implementation process of each step in this embodiment, please refer to the corresponding description in the foregoing embodiment, and details are not repeated here.
在上述内容的基础上,为了本领域技术人员能够更加清楚的了解本发明,现分别对组呼和单呼中的监控过程进行举例说明。On the basis of the above content, in order for those skilled in the art to understand the present invention more clearly, examples are given to illustrate the monitoring process in group call and individual call.
1、单呼监控过程参照图3,具体如下:1. Refer to Figure 3 for the single call monitoring process, which is as follows:
步骤1:监听终端1和监听终端2向MCS服务器发送订阅请求。Step 1: Monitoring terminal 1 and monitoring terminal 2 send a subscription request to the MCS server.
具体的,监听终端1(UE-DL1)和监听终端2(UE-DL2)发起缜密监 听加密呼叫的订阅请求,该请求中携带有想要监控的单呼呼叫。Specifically, monitoring terminal 1 (UE-DL1) and monitoring terminal 2 (UE-DL2) initiate a subscription request for careful monitoring of encrypted calls, and the request carries the single call to be monitored.
本实施例中,还可以是一个监听终端单独发起请求,如仅监听终端1(UE-DL1)发起对用户的加密呼叫订阅监听。In this embodiment, it is also possible that one listening terminal alone initiates the request, for example, only the listening terminal 1 (UE-DL1) initiates the encrypted call subscription monitoring of the user.
步骤2:MCS服务器进行授权检查,并向监听终端1和监听终端2发送订阅确认信息。Step 2: The MCS server performs an authorization check, and sends subscription confirmation information to the monitoring terminal 1 and the monitoring terminal 2.
MCS服务器收到缜密监听加密呼叫的订阅请求后,进行授权检查,具体检查是否为相应的终端配置有监听权限。权限检查通过后,在本地记录加密呼叫监听订阅上下文,并分别给监听终端UE-DL1和UE-DL2回送加密呼叫订阅成功应答消息。After the MCS server receives the subscription request for careful monitoring of encrypted calls, it conducts an authorization check, specifically checking whether the corresponding terminal is configured with monitoring authority. After the authority check is passed, the encrypted call monitoring subscription context is recorded locally, and encrypted call subscription success response messages are sent back to the monitoring terminals UE-DL1 and UE-DL2 respectively.
本实施例中,监听终端1(UE-DL1)和监听终端2(UE-DL2)监控的是主叫终端(UE-O)发起的单呼,或者是主叫终端UE-O与被叫终端(UE-T)之间的单呼。In this embodiment, what monitoring terminal 1 (UE-DL1) and monitoring terminal 2 (UE-DL2) monitor is the single call initiated by the calling terminal (UE-O), or the calling terminal UE-O and the called terminal Single call between (UE-T).
步骤3:主叫终端发起到被叫的呼叫请求至MCS服务器。Step 3: The calling terminal initiates a call request to the called party to the MCS server.
其中,该请求中携带有主叫终端UE-O和被叫终端UE-T的标识号。Wherein, the request carries identification numbers of the calling terminal UE-O and the called terminal UE-T.
具体的,主叫终端UE-O决定对终端UE-T发起语音或者视频加密单呼,首先在主叫终端UE-O本地生成PCK(Private Call Key,单呼秘钥),通过发送会话初始协议邀请信息SIP invite(SIP:Session Initial Protocol,会话初始协议)携带mikey(PCK,UE-T)到MCS服务器。Specifically, the calling terminal UE-O decides to initiate a voice or video encrypted single call to the terminal UE-T. First, the calling terminal UE-O locally generates a PCK (Private Call Key, private call key), and sends the session initiation protocol The invitation message SIP invite (SIP: Session Initial Protocol, session initiation protocol) carries mikey (PCK, UE-T) to the MCS server.
步骤4:MCS服务器发起到被叫的呼叫请求。Step 4: The MCS server initiates a call request to the called party.
MCS服务器收到invite消息处理后转发给被叫终端UE-T,被叫终端UE-T解密mikey(PCK,UE-T)获得单呼秘钥PCK。The MCS server receives and processes the invite message and forwards it to the called terminal UE-T, and the called terminal UE-T decrypts mikey(PCK, UE-T) to obtain the single call key PCK.
MCS服务器查看本地加密呼叫订阅监听上下文,确定监听终端1和监听终端2已经订阅该呼叫监听。The MCS server checks the local encrypted call subscription monitoring context, and determines that monitoring terminal 1 and monitoring terminal 2 have subscribed to the call monitoring.
步骤5:MCS服务器将监听终端获取呼叫密钥请求发送至主叫终端。Step 5: The MCS server sends the call key acquisition request of the monitoring terminal to the calling terminal.
MCS服务器发送获取呼叫密钥的请求消息至主叫终端,其中密钥请求消息包括监听终端1和监听终端2的用户信息。The MCS server sends a request message for obtaining a call key to the calling terminal, where the key request message includes user information of the monitoring terminal 1 and the monitoring terminal 2 .
步骤6:主叫终端将携带监听终端可使用的加密密钥应答消息发送至MCS服务器。Step 6: The calling terminal sends a response message carrying the encryption key usable by the monitoring terminal to the MCS server.
主叫终端UE-O基于监听终端1(UE-DL1)和监听终端2(UE-DL2)的用户信息,分别对本次呼叫的单呼密钥加密,生成监听终端1的加密密钥和 监听终端2的加密密钥,再通过应答消息发送给服务器。The calling terminal UE-O encrypts the single call key of this call based on the user information of the monitoring terminal 1 (UE-DL1) and the monitoring terminal 2 (UE-DL2), and generates the encryption key of the monitoring terminal 1 and the monitoring terminal 1. The encryption key of terminal 2 is then sent to the server through a response message.
具体的,主叫终端收到消息后,对PCK分别用监听终端1(UE-DL1)和监听终端2(UE-DL2)的用户信息加密,发送消息携带mikey(PCK,UE-DL1)和mikey(PCK,UE-DL2)给MCS服务器。Specifically, after receiving the message, the calling terminal encrypts the PCK with the user information of the listening terminal 1 (UE-DL1) and the listening terminal 2 (UE-DL2), and sends a message carrying mikey (PCK, UE-DL1) and mikey (PCK, UE-DL2) to the MCS server.
步骤7-8:MCS服务器发送监听呼叫请求至监听终端1和监听终端2。Steps 7-8: The MCS server sends a monitor call request to monitor terminal 1 and monitor terminal 2 .
具体的,MCS服务器接收到主叫终端UE-O监听秘钥应答信息后,将秘钥信息mikey(PCK,UE-DL1)和mikey(PCK,UE-DL2)分别转发至监听终端1(UE-DL1)和监听终端2(UE-DL2),具体转发加密秘钥mikey(PCK,UE-DL1)给监听终端1,加密秘钥mikey(PCK,UE-DL2)给监听终端2。Specifically, the MCS server forwards the secret key information mikey (PCK, UE-DL1) and mikey (PCK, UE-DL2) to the monitoring terminal 1 (UE- DL1) and the monitoring terminal 2 (UE-DL2), specifically forward the encryption key mikey (PCK, UE-DL1) to the monitoring terminal 1, and the encryption key mikey (PCK, UE-DL2) to the monitoring terminal 2.
监听终端UE-DL1和UE-DL2分别用自己的用户信息解密mikey信息,取出单呼秘钥PCK。The monitoring terminals UE-DL1 and UE-DL2 respectively use their own user information to decrypt the mikey information, and take out the private call key PCK.
步骤9:被叫终端发送呼叫应答至MCS服务器。Step 9: The called terminal sends a call response to the MCS server.
步骤10:MCS服务器将呼叫应答发送至主叫终端。Step 10: The MCS server sends the call response to the calling terminal.
步骤11:主叫终端发送呼叫二次握手应答至MCS服务器。Step 11: The calling terminal sends a call second handshake response to the MCS server.
步骤12:MCS服务器发送呼叫二次握手应答至被叫终端。Step 12: The MCS server sends a call second handshake response to the called terminal.
被叫终端UE-T向MCS服务器发送呼叫信令SIP:18X/200,呼叫信息可以是接受单呼、拒绝单呼、或者是汇报进展。MCS服务器转发给主叫终端UE-O,主叫终端UE-O收到后向MCS服务器发送呼叫二次握手应答消息,MCS服务器转发呼叫二次握手应答消息给主叫终端UE-T。The called terminal UE-T sends a call signaling SIP:18X/200 to the MCS server, and the call information may be to accept a single call, reject a single call, or report progress. The MCS server forwards the message to the calling terminal UE-O, and the calling terminal UE-O sends the call second handshake response message to the MCS server after receiving it, and the MCS server forwards the call second handshake response message to the calling terminal UE-T.
步骤13-14:监控终端向MCS服务器发送呼叫应答。Steps 13-14: the monitoring terminal sends a call response to the MCS server.
步骤15-16:MCS服务器发送呼叫二次握手应答至监控终端。Steps 15-16: The MCS server sends a call second handshake response to the monitoring terminal.
监听终端UE-DL1/UE-DL2各自向MCS服务器发送呼叫信令SIP:18X/200,MCS服务器分别发送呼叫二次握手应答消息给终端UE-DL1/UE-DL2。The monitoring terminals UE-DL1/UE-DL2 respectively send call signaling SIP:18X/200 to the MCS server, and the MCS server sends call second handshake response messages to the terminal UE-DL1/UE-DL2 respectively.
需要说明的是,步骤9-16是两个设备在进行数据传输时的正常通信过程。It should be noted that steps 9-16 are a normal communication process between two devices during data transmission.
步骤17:主叫终端发送SRTP至MCS服务器。Step 17: The calling terminal sends SRTP to the MCS server.
步骤18-20:MCS服务器发送SRTP至被叫终端以及监听终端。Steps 18-20: The MCS server sends SRTP to the called terminal and the listening terminal.
讲话方在讲话时(可能是主叫终端或被叫终端),本实施例中以讲话方 是主叫终端为例。When the speaking party is speaking (may be the calling terminal or the called terminal), in this embodiment, the speaking party is the calling terminal as an example.
MCS服务器转发主叫终端发送的SRTP(Security Secure Real-time Transport Protocol,安全RTP协议)加密媒体给被叫终端,MCS服务器也分别转发SRTP加密媒体给监听终端1/2,监听终端收到加密媒体后,使用PCK进行解密播放,从而可以基于解密的内容实现监控。The MCS server forwards the SRTP (Security Secure Real-time Transport Protocol, secure RTP protocol) encrypted media sent by the calling terminal to the called terminal, and the MCS server also forwards the SRTP encrypted media to the monitoring terminal 1/2 respectively, and the monitoring terminal receives the encrypted media After that, the PCK is used for decryption and playback, so that monitoring can be realized based on the decrypted content.
在其他实施例中,步骤5-8及对应的步骤13-14可以是在主叫终端与被叫终端呼叫协商完毕,呼叫业务正式开始之后再执行的。即,服务器是在确认本次呼叫协商成功之后再检查是否有监听订阅的,对于协商失败或者被叫拒绝的呼叫,不检查订阅监听情况。In other embodiments, steps 5-8 and corresponding steps 13-14 may be performed after the call negotiation between the calling terminal and the called terminal is completed and the call service is officially started. That is, the server checks whether there is a monitoring subscription after confirming that the call negotiation is successful, and does not check the subscription monitoring status for a call that fails in negotiation or is rejected by the called party.
2、组呼监控过程参照图3,其中,组呼监控过程和单呼监控过程类似,本实施例中仅对组呼过程做简单介绍,具体如下:2. Referring to Figure 3 for the group call monitoring process, the group call monitoring process is similar to the single call monitoring process. In this embodiment, only a brief introduction is made to the group call process, as follows:
步骤1-2:Step 1-2:
监听终端1(UE-DL1)和监听终端2(UE-DL2)各自发起对用户或者组的缜密监听加密呼叫订阅消息,MCS服务器接收到订阅消息后,进行授权检查,权限检查通过后,在本地记录加密呼叫订阅监听上下文,分别给监听终端UE-DL1和UE-DL2回送缜密监听加密呼叫订阅成功应答消息。Monitoring terminal 1 (UE-DL1) and monitoring terminal 2 (UE-DL2) each initiate a careful monitoring of encrypted call subscription messages for users or groups. After receiving the subscription message, the MCS server performs an authorization check. After the authorization check passes, the local Record the encrypted call subscription monitoring context, and send back the careful monitoring encrypted call subscription success response message to the monitoring terminals UE-DL1 and UE-DL2 respectively.
步骤3-4:Step 3-4:
主叫终端UE-O决定对组发起语音或者视频加密单呼,首先在UE-O获取GMK,通过发送群组的呼叫请求,如SIP invite携带mikey(GMK,group)到MCS服务器,MCS服务器收到invite消息处理后转发给群组被叫终端UE-Ts,UE-Ts使用组秘钥解密mikey(GMK,group)获得秘钥GMK。The calling terminal UE-O decides to initiate a voice or video encrypted single call to the group. First, UE-O obtains the GMK, and sends a group call request. For example, SIP invite carries mikey (GMK, group) to the MCS server, and the MCS server receives After the invite message is processed, it is forwarded to the group called terminal UE-Ts, and UE-Ts uses the group secret key to decrypt mikey(GMK, group) to obtain the secret key GMK.
步骤:5-6:Steps: 5-6:
MCS服务器查看本地加密呼叫订阅监听上下文,确定监听终端UE-DL1和UE-DL2已经订阅用户或组监听。MCS服务器发送监听终端密钥到组管理服务器。组管理服务器回复监听终端密钥应答信息至MCS服务器。需要说明的是,本实施例中,对于单呼方式,可以是由主叫终端生成监听终端执行监听功能时的密钥。对于组呼方式,可以是由组管理服务器生成监听终端执行监听功能时的密钥。The MCS server checks the local encrypted call subscription monitoring context, and determines that the monitoring terminals UE-DL1 and UE-DL2 have subscribed to user or group monitoring. The MCS server sends the monitoring terminal key to the group management server. The group management server replies the monitoring terminal key response information to the MCS server. It should be noted that, in this embodiment, for the single call mode, the calling terminal may generate a key for the monitoring terminal to perform the monitoring function. For the group call mode, the group management server may generate a key for the interception terminal to perform the interception function.
组管理服务器接收到消息后,对GMK分别用UE-DL1和UE-DL2用 户信息加密,发送消息携带mikey(GMK,UE-DL1)和mikey(GMK,UE-DL2)给MCS服务器。After receiving the message, the group management server encrypts the GMK with UE-DL1 and UE-DL2 user information respectively, and sends the message carrying mikey(GMK, UE-DL1) and mikey(GMK, UE-DL2) to the MCS server.
步骤7-8:Steps 7-8:
MCS服务器收到GMS监听秘钥应答信息后,分别转发加密秘钥mikey(GMK,UE-DL1)给终端UE-DL1,加密秘钥mikey(GMK,UE-DL2)给终端UE-DL2;终端UE-DL1和UE-DL2分别用自己的秘钥材料解密mikey信息,取出秘钥GMK。After receiving the GMS monitoring key response message, the MCS server forwards the encryption key mikey (GMK, UE-DL1) to the terminal UE-DL1, and the encryption key mikey (GMK, UE-DL2) to the terminal UE-DL2; the terminal UE -DL1 and UE-DL2 use their own key material to decrypt the mikey information and take out the key GMK.
步骤9-12:Steps 9-12:
终端UE-Ts各自向MCS-Server发送呼叫应答(包括接受/拒绝/进展),如呼叫信令SIP:18X/200,MCS服务器收到后处理,并且给终端UE-O发送呼叫应答,如SIP:18X/200。终端UE-O收到后向MCS服务器发送呼叫二次握手应答消息,MCS服务器也分别给每个组内成员被叫终端发送呼叫二次握手应答消息。Terminals UE-Ts each send a call response (including acceptance/rejection/progress) to MCS-Server, such as call signaling SIP: 18X/200, and the MCS server will process it after receiving it, and send a call response to terminal UE-O, such as SIP : 18X/200. After receiving it, the terminal UE-O sends a call second handshake response message to the MCS server, and the MCS server also sends a call second handshake response message to the called terminal of each group member.
步骤13-16:Steps 13-16:
监听终端UE-DL1/UE-DL2各自向MCS服务器发送呼叫应答(包括接受/拒绝/进展),如呼叫信令SIP:18X/200,MCS服务器分别发送呼叫二次握手应答消息至终端UE-DL1/UE-DL2。The monitoring terminals UE-DL1/UE-DL2 each send a call response (including acceptance/rejection/progress) to the MCS server, such as call signaling SIP: 18X/200, and the MCS server sends a second call handshake response message to the terminal UE-DL1 respectively /UE-DL2.
步骤17-20:Steps 17-20:
讲话方在讲话时(可能是UE-O或UE-Ts,本实施例以UE-O为例),MCS服务器转发SRTP加密媒体给组内收话方,MCS服务器也转发SRTP加密媒体给监听终端UE-DL1/UE-DL2,监听终端收到加密媒体后,使用GMK进行解密播放。When the speaking party is speaking (may be UE-O or UE-Ts, this embodiment takes UE-O as an example), the MCS server forwards the SRTP encrypted media to the receiver in the group, and the MCS server also forwards the SRTP encrypted media to the listening terminal For UE-DL1/UE-DL2, after receiving the encrypted media, the monitoring terminal uses GMK to decrypt and play.
本实施例中,经过系统授权的MCX客户端可以对端到端加密呼叫如两个终端之间单呼、或多个终端组呼实施有效监听。在保证高安全性的情况下,也能够提供监听功能,优化用户体验。In this embodiment, an MCX client authorized by the system can effectively monitor an end-to-end encrypted call, such as a single call between two terminals, or a group call between multiple terminals. In the case of ensuring high security, it can also provide monitoring function to optimize user experience.
可选地,在上述数据监听方法的实施例的基础上,本发明的另一实施例提供了一种数据监听装置,应用于服务器,参照图5,所述数据监听装置包括:Optionally, on the basis of the above embodiment of the data monitoring method, another embodiment of the present invention provides a data monitoring device, which is applied to a server. Referring to FIG. 5, the data monitoring device includes:
信息获取模块11,用于在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息;An information acquisition module 11, configured to acquire user information of a client subscribed to monitor the target call when the target call is detected;
数据加密模块12,用于将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器;A data encryption module 12, configured to send the user information to the call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information , and sent to the server;
数据转发模块13,用于接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;A data forwarding module 13, configured to receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information , get the calling key;
呼叫监听模块14,用于获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。A call monitoring module 14, configured to obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call The key decrypts the encrypted call content data to obtain the call content data.
进一步,还包括:Further, it also includes:
订阅信息接收模块,用于接收客户端发送的加密呼叫订阅监听消息;所述加密呼叫订阅监听消息包括目标呼叫标识;A subscription information receiving module, configured to receive an encrypted call subscription monitoring message sent by the client; the encrypted call subscription monitoring message includes a target call identifier;
权限确定模块,用于确定所述客户端是否具有监听所述目标呼叫标识对应的目标呼叫的权限;An authority determining module, configured to determine whether the client has the authority to monitor the target call corresponding to the target call identifier;
订阅消息下发模块,用于若是,则发送成功订阅响应消息至所述客户端,并记录所述客户端及所述加密呼叫订阅监听消息。A subscription message sending module, configured to send a successful subscription response message to the client if yes, and record the client and the encrypted call subscription monitoring message.
进一步,信息获取模块11具体用于:Further, the information acquisition module 11 is specifically used for:
查询具有所述目标呼叫的监听权限的客户端,发送用户信息获取请求至所述客户端,并接收所述客户端返回的所述客户端的用户信息。Querying the client with the interception authority of the target call, sending a user information acquisition request to the client, and receiving the user information of the client returned by the client.
进一步,所述目标呼叫包括目标组呼或目标单呼。Further, the target call includes a target group call or a target individual call.
本实施例中,在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器,接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥,获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。即通过本发明,服务器将进行 特殊加密之后的在呼叫过程中加密数据使用的呼叫密钥发送客户端,进而客户端能够使用该呼叫密钥对呼叫过程中加密的呼叫内容数据进行解密,得到实际传输的呼叫内容数据,特殊加密保证了仅该客户端能解密所述加密密钥,即实现了加密数据传输过程中的监控,又提高了数据传输的可靠性。In this embodiment, when it is detected that there is a target call, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call The control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data. That is to say, through the present invention, the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual The transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
需要说明的是,本实施例中的各个模块的具体工作过程,请参照上述实施例中的相应说明,在此不再赘述。It should be noted that, for the specific working process of each module in this embodiment, please refer to the corresponding description in the above embodiment, and details will not be repeated here.
可选地,在上述数据监听方法的实施例的基础上,本发明的另一实施例提供了一种数据监听装置,应用客户端,参照图6,所述数据监听装置包括:Optionally, on the basis of the above embodiment of the data monitoring method, another embodiment of the present invention provides a data monitoring device, an application client, referring to FIG. 6, the data monitoring device includes:
解密模块21,用于接收服务器发送的呼叫密钥信息,并基于所述客户端的用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;所述呼叫密钥信息为所述服务器在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的所述客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密后发送给所述服务器得到的;The decryption module 21 is configured to receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key; the call key information is the When there is a target call, obtain the user information of the client subscribed to listen to the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can based on the The user information is obtained by encrypting the call key and sending it to the server;
监听模块22,用于接收所述服务器发送的所述目标呼叫过程中传输的加密后的呼叫内容数据,并使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。The monitoring module 22 is configured to receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain the call content data .
进一步,还包括:Further, it also includes:
监听订阅模块,用于发送加密呼叫订阅监听消息至服务器;接收所述服务器在确定出所述客户端具有监听所述目标呼叫标识对应的目标呼叫权限的情况下,发送的成功订阅响应信息;所述加密呼叫订阅监听消息包括目标呼叫标识。The monitoring subscription module is configured to send an encrypted call subscription monitoring message to the server; receive the successful subscription response information sent by the server when it is determined that the client has the right to monitor the target call corresponding to the target call identifier; The encrypted call subscription monitoring message includes the target call identifier.
进一步,还包括:Further, it also includes:
请求接收模块,用于接收服务器在确定出所述客户端具有所述目标呼叫的监听权限的情况下发送的用户信息获取请求;A request receiving module, configured to receive a user information acquisition request sent by the server when it is determined that the client has the monitoring authority of the target call;
信息发送模块,用于发送所述客户端的用户信息至所述服务器,以使所述服务器在监听到存在所述目标呼叫的情况下,将所述客户端的用户信息发送至所述目标呼叫对应的呼叫控制端,所述呼叫控制端基于所述用户 信息对呼叫密钥进行加密得到加密后的呼叫密钥信息并发送给所述服务器。an information sending module, configured to send the user information of the client to the server, so that the server sends the user information of the client to the corresponding The call control terminal encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
本实施例中,在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器,接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥,获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。即通过本发明,服务器将进行特殊加密之后的在呼叫过程中加密数据使用的呼叫密钥发送客户端,进而客户端能够使用该呼叫密钥对呼叫过程中加密的呼叫内容数据进行解密,得到实际传输的呼叫内容数据,特殊加密保证了仅该客户端能解密所述加密密钥,即实现了加密数据传输过程中的监控,又提高了数据传输的可靠性。In this embodiment, when it is detected that there is a target call, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call The control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data. That is to say, through the present invention, the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual The transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
需要说明的是,本实施例中的各个模块的具体工作过程,请参照上述实施例中的相应说明,在此不再赘述。It should be noted that, for the specific working process of each module in this embodiment, please refer to the corresponding description in the above embodiment, and details will not be repeated here.
可选地,在上述数据监听方法及装置的实施例的基础上,本发明的另一实施例提供了一种数据监听设备,其特征在于,包括:存储器和处理器;Optionally, on the basis of the above embodiments of the data monitoring method and device, another embodiment of the present invention provides a data monitoring device, which is characterized in that it includes: a memory and a processor;
其中,所述存储器用于存储程序;Wherein, the memory is used to store programs;
处理器调用程序并用于执行上述的数据监听方法。The processor invokes the program and is used to execute the above data monitoring method.
可选地,在上述数据监听方法、装置及数据监听设备的实施例的基础上,本发明的另一实施例提供了一种数据监听系统,包括用于执行上述的应用于服务器的数据监听方法的服务器、以及上述应用于客户端的数据监听方法的客户端。Optionally, on the basis of the embodiments of the above-mentioned data monitoring method, device and data monitoring equipment, another embodiment of the present invention provides a data monitoring system, including a system for executing the above-mentioned data monitoring method applied to a server The server, and the client of the above-mentioned data monitoring method applied to the client.
可选地,在上述数据监听方法、装置、数据监听设备及数据监听系统的实施例的基础上,本发明的另一实施例提供了一种存储介质,所述存储介质包括存储的程序,其中,在所述程序运行时控制所述存储介质所在设备执行上述的数据监听方法。Optionally, on the basis of the above embodiments of the data monitoring method, device, data monitoring device, and data monitoring system, another embodiment of the present invention provides a storage medium, the storage medium includes a stored program, wherein When the program is running, control the device where the storage medium is located to execute the above data monitoring method.
本实施例中,在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器,接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥,获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。即通过本发明,服务器将进行特殊加密之后的在呼叫过程中加密数据使用的呼叫密钥发送客户端,进而客户端能够使用该呼叫密钥对呼叫过程中加密的呼叫内容数据进行解密,得到实际传输的呼叫内容数据,特殊加密保证了仅该客户端能解密所述加密密钥,即实现了加密数据传输过程中的监控,又提高了数据传输的可靠性。In this embodiment, when it is detected that there is a target call, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call The control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data. That is to say, through the present invention, the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual The transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下,在其它实施例中实现。因此,本发明将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (12)

  1. 一种数据监听方法,其特征在于,应用于服务器,所述数据监听方法包括:A data monitoring method, characterized in that it is applied to a server, and the data monitoring method includes:
    在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息;In the case where the target call is monitored, obtain user information of a client subscribed to monitor the target call;
    将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息,并发送给所述服务器;sending the user information to the call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server ;
    接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;receiving the call key information, and sending the call key information to the client, so that the client decrypts the call key information based on the user information to obtain a call key;
    获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。Obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call key to encrypt the encrypted The call content data is decrypted to obtain the call content data.
  2. 根据权利要求1所述的数据监听方法,其特征在于,在监听到存在目标呼叫之前,还包括:The data monitoring method according to claim 1, wherein, before monitoring that there is a target call, further comprising:
    接收客户端发送的加密呼叫订阅监听消息;所述加密呼叫订阅监听消息包括目标呼叫标识;receiving an encrypted call subscription monitoring message sent by the client; the encrypted call subscription monitoring message includes a target call identifier;
    确定所述客户端是否具有监听所述目标呼叫标识对应的目标呼叫的权限;Determine whether the client has the authority to monitor the target call corresponding to the target call identifier;
    若是,则发送成功订阅响应消息至所述客户端,并记录所述客户端及所述加密呼叫订阅监听消息。If yes, send a successful subscription response message to the client, and record the client and the encrypted call subscription monitoring message.
  3. 根据权利要求1所述的数据监听方法,其特征在于,获取订阅监听所述目标呼叫的客户端的用户信息,包括:The data monitoring method according to claim 1, wherein obtaining user information of a client that subscribes to monitor the target call includes:
    查询具有所述目标呼叫的监听权限的客户端,发送用户信息获取请求至所述客户端,并接收所述客户端返回的所述客户端的用户信息。Querying the client with the interception authority of the target call, sending a user information acquisition request to the client, and receiving the user information of the client returned by the client.
  4. 根据权利要求1所述的数据监听方法,其特征在于,所述目标呼叫包括目标组呼或目标单呼。The data monitoring method according to claim 1, wherein the target call includes a target group call or a target individual call.
  5. 一种数据监听方法,其特征在于,应用于客户端,所述数据监听方 法包括:A data monitoring method is characterized in that it is applied to a client, and the data monitoring method comprises:
    接收服务器发送的呼叫密钥信息,并基于所述客户端的用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;所述呼叫密钥信息为所述服务器在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的所述客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密后发送给所述服务器得到的;receiving the call key information sent by the server, and decrypting the call key information based on the user information of the client to obtain the call key; the call key information is when the server monitors that there is a target call Next, obtain the user information of the client that subscribes to monitor the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can configure the call key based on the user information obtained after being encrypted and sent to the server;
    接收所述服务器发送的所述目标呼叫过程中传输的加密后的呼叫内容数据,并使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。receiving the encrypted call content data transmitted during the target call sent by the server, and using the call key to decrypt the encrypted call content data to obtain the call content data.
  6. 根据权利要求5所述的数据监听方法,其特征在于,所述接收服务器发送的呼叫密钥信息之前,还包括:The data monitoring method according to claim 5, wherein, before the call key information sent by the receiving server, further comprising:
    发送加密呼叫订阅监听消息至服务器;所述加密呼叫订阅监听消息包括目标呼叫标识;Send an encrypted call subscription monitoring message to the server; the encrypted call subscription monitoring message includes a target call identifier;
    接收所述服务器在确定出所述客户端具有监听所述目标呼叫标识对应的目标呼叫权限的情况下,发送的成功订阅响应信息。Receive the successful subscription response information sent by the server when it is determined that the client has the authority to monitor the target call corresponding to the target call identifier.
  7. 根据权利要求5所述的数据监听方法,其特征在于,所述数据监听方法还包括:The data monitoring method according to claim 5, wherein the data monitoring method further comprises:
    接收服务器在确定出所述客户端具有所述目标呼叫的监听权限的情况下发送的用户信息获取请求;receiving the user information acquisition request sent by the server after determining that the client has the interception authority of the target call;
    发送所述客户端的用户信息至所述服务器,以使所述服务器在监听到存在所述目标呼叫的情况下,将所述客户端的用户信息发送至所述目标呼叫对应的呼叫控制端,所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到加密后的呼叫密钥信息并发送给所述服务器。sending the user information of the client to the server, so that the server sends the user information of the client to the call control terminal corresponding to the target call when the server detects that the target call exists, the The call control end encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
  8. 一种数据监听装置,其特征在于,应用于服务器,所述数据监听装置包括:A data monitoring device is characterized in that it is applied to a server, and the data monitoring device includes:
    信息获取模块,用于在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的客户端的用户信息;An information acquisition module, configured to acquire user information of a client subscribed to monitor the target call when the target call is detected;
    数据加密模块,用于将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密得到 加密后的呼叫密钥信息,并发送给所述服务器;a data encryption module, configured to send the user information to a call control terminal corresponding to the target call, so that the call control terminal encrypts a call key based on the user information to obtain encrypted call key information, and sent to said server;
    数据转发模块,用于接收所述呼叫密钥信息,并将所述呼叫密钥信息发送至所述客户端,以使所述客户端基于所述用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;a data forwarding module, configured to receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information, get call key;
    呼叫监听模块,用于获取所述目标呼叫过程中传输的加密后的呼叫内容数据,并将所述加密后的呼叫内容数据发送至所述客户端,以使所述客户端使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。A call monitoring module, configured to obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call encryption The encryption key is used to decrypt the encrypted call content data to obtain the call content data.
  9. 一种数据监听装置,其特征在于,应用客户端,所述数据监听装置包括:A data monitoring device, characterized in that, as an application client, the data monitoring device includes:
    解密模块,用于接收服务器发送的呼叫密钥信息,并基于所述客户端的用户信息对所述呼叫密钥信息进行解密,得到呼叫密钥;所述呼叫密钥信息为所述服务器在监听到存在目标呼叫的情况下,获取订阅监听所述目标呼叫的所述客户端的用户信息,将所述用户信息发送至所述目标呼叫对应的呼叫控制端,以使所述呼叫控制端基于所述用户信息对呼叫密钥进行加密后发送给所述服务器得到的;The decryption module is configured to receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key; the call key information is the In the case of a target call, obtain user information of the client subscribed to monitor the target call, and send the user information to a call control terminal corresponding to the target call, so that the call control terminal is based on the user The information is obtained by encrypting the call key and sending it to the server;
    监听模块,用于接收所述服务器发送的所述目标呼叫过程中传输的加密后的呼叫内容数据,并使用所述呼叫密钥对所述加密后的呼叫内容数据进行解密,得到呼叫内容数据。The monitoring module is configured to receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain the call content data.
  10. 一种数据监听设备,其特征在于,包括:存储器和处理器;A data monitoring device, characterized in that it includes: a memory and a processor;
    其中,所述存储器用于存储程序;Wherein, the memory is used to store programs;
    处理器调用程序并用于执行如权利要求1-4任一项所述的数据监听方法,或,执行如权利要求5-7任一项所述的数据监听方法。The processor invokes the program and is used for executing the data monitoring method according to any one of claims 1-4, or executing the data monitoring method according to any one of claims 5-7.
  11. 一种数据监听系统,其特征在于,包括用于执行如权利要求1-4任一项所述的数据监听方法的服务器、以及用于执行如权利要求5-7任一项所述的数据监听方法的客户端。A data monitoring system, characterized in that it includes a server for performing the data monitoring method according to any one of claims 1-4, and a server for performing the data monitoring method according to any one of claims 5-7 method client.
  12. 一种存储介质,所述存储介质包括存储的程序,其中,在所述程序运行时控制所述存储介质所在设备执行如权利要求1-4任一项所述的数据监听方法,或,执行如权利要求5-7任一项所述的数据监听方法。A storage medium, the storage medium includes a stored program, wherein, when the program is running, the device where the storage medium is located is controlled to execute the data monitoring method according to any one of claims 1-4, or, to execute the method as described in any one of claims 1-4 The data monitoring method according to any one of claims 5-7.
PCT/CN2021/119269 2021-09-18 2021-09-18 Data monitoring method, apparatus, device and system WO2023039871A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/119269 WO2023039871A1 (en) 2021-09-18 2021-09-18 Data monitoring method, apparatus, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/119269 WO2023039871A1 (en) 2021-09-18 2021-09-18 Data monitoring method, apparatus, device and system

Publications (1)

Publication Number Publication Date
WO2023039871A1 true WO2023039871A1 (en) 2023-03-23

Family

ID=85602350

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/119269 WO2023039871A1 (en) 2021-09-18 2021-09-18 Data monitoring method, apparatus, device and system

Country Status (1)

Country Link
WO (1) WO2023039871A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102026174A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Method and device for maintaining secrecy of user identification in paging procedure
CN102025485A (en) * 2009-09-14 2011-04-20 中兴通讯股份有限公司 Key negotiation method, key management server and terminal
CN102843675A (en) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 Cluster call voice encryption method, terminal and system
CN103987037A (en) * 2014-05-28 2014-08-13 大唐移动通信设备有限公司 Secret communication implementation method and device
CN106982419A (en) * 2016-01-18 2017-07-25 普天信息技术有限公司 A kind of broadband cluster system individual calling End to End Encryption method and system
CN107959655A (en) * 2016-10-14 2018-04-24 北京信威通信技术股份有限公司 A kind of calling and called correlating method of end-to-end enciphoring voice telecommunication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025485A (en) * 2009-09-14 2011-04-20 中兴通讯股份有限公司 Key negotiation method, key management server and terminal
CN102026174A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Method and device for maintaining secrecy of user identification in paging procedure
CN102843675A (en) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 Cluster call voice encryption method, terminal and system
CN103987037A (en) * 2014-05-28 2014-08-13 大唐移动通信设备有限公司 Secret communication implementation method and device
CN106982419A (en) * 2016-01-18 2017-07-25 普天信息技术有限公司 A kind of broadband cluster system individual calling End to End Encryption method and system
CN107959655A (en) * 2016-10-14 2018-04-24 北京信威通信技术股份有限公司 A kind of calling and called correlating method of end-to-end enciphoring voice telecommunication

Similar Documents

Publication Publication Date Title
US7975140B2 (en) Key negotiation and management for third party access to a secure communication session
US8364772B1 (en) System, device and method for dynamically securing instant messages
US9167422B2 (en) Method for ensuring media stream security in IP multimedia sub-system
US8495363B2 (en) Securing messages associated with a multicast communication session within a wireless communications system
JP5775210B2 (en) How to find security associations
EP1717986B1 (en) Key distribution method
US8583809B2 (en) Destroying a secure session maintained by a server on behalf of a connection owner
EP2426852B1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
KR20130140873A (en) Discovery of security associations for key management relying on public keys
CN101420413A (en) Session cipher negotiating method, network system, authentication server and network appliance
US11637818B2 (en) Securely recording and retrieving encrypted video conferences
CN108833943B (en) Code stream encryption negotiation method and device and conference terminal
US20110135093A1 (en) Secure telephone devices, systems and methods
US8693686B2 (en) Secure telephone devices, systems and methods
CN111756726A (en) SIP security authentication method supporting State cipher algorithm
US20240031345A1 (en) Securing Videoconferencing Meetings
CN112332986A (en) Private encryption communication method and system based on authority control
WO2011040847A1 (en) Sending protected data in a communication network
EP2448172A1 (en) Method and system for delaying transmission of media information in internet protocol (ip) multimedia subsystem
WO2023039871A1 (en) Data monitoring method, apparatus, device and system
US10848471B2 (en) Communication apparatus, communication method, and program
CN115842643A (en) Data monitoring method, device, equipment and system
EP3624393B1 (en) Key distribution system and method, key generation device, representative user terminal, server device, user terminal and program
CN108616494B (en) Safe call method, device and terminal based on multiple PDN connections
WO2024041498A1 (en) Secret communication processing method, first terminal, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21957150

Country of ref document: EP

Kind code of ref document: A1