CN107172052B - Authentication method and device for conference system - Google Patents
Authentication method and device for conference system Download PDFInfo
- Publication number
- CN107172052B CN107172052B CN201710381761.XA CN201710381761A CN107172052B CN 107172052 B CN107172052 B CN 107172052B CN 201710381761 A CN201710381761 A CN 201710381761A CN 107172052 B CN107172052 B CN 107172052B
- Authority
- CN
- China
- Prior art keywords
- conference
- conference terminal
- authentication
- terminal
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012790 confirmation Methods 0.000 claims abstract description 85
- 238000010586 diagram Methods 0.000 description 12
- 230000005540 biological transmission Effects 0.000 description 4
- 230000011664 signaling Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/14—Systems for two-way working
- H04N7/15—Conference systems
- H04N7/155—Conference systems involving storage of or access to video conference sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an authentication method and device for a conference system, wherein the conference system comprises: the conference system comprises a conference server, a first conference terminal and a second conference terminal, and the method comprises the following steps: the conference server receives a link confirmation request of the first conference terminal, wherein the link confirmation request carries identification information of the second conference terminal; the conference server forwards the link confirmation request to the second conference terminal; the conference server judges whether the identity information sent by the second conference terminal is received or not; when the identity information is received, the conference server authenticates the second conference terminal according to the identity information; and the conference server sends the authentication result of the second conference terminal to the first conference terminal. By the invention, when the first conference terminal does not establish a data link with other conference terminals or the conference terminal establishing the data link with the first conference terminal is not the target conference terminal, the first conference terminal can confirm that the data link is wrong.
Description
Technical Field
The invention relates to the technical field of audio and video conference systems, in particular to an authentication method and device for a conference system.
Background
In the audio and video conference system, each conference terminal is connected to a conference server, and the switching of code streams between two conference terminals is realized through the conference server. When each conference terminal is connected to the conference server, the conference server can authenticate and authenticate the conference terminal so as to confirm whether the conference terminal has the authority to be connected to the conference server.
And before the first conference terminal wants to send the code stream to the target conference terminal, the conference server establishes a data link between the first conference terminal and the target conference terminal. However, if the conference server makes a mistake, the first conference terminal sends the code stream to the wrong conference terminal, so that the conference information is leaked, and the audio and video conference has potential safety hazards. For example, as shown in fig. 1, conference terminal A, B, D connected to the conference server belongs to a first conference, conference terminals C and E belong to a second conference, and it is apparent that B and E do not belong to the same conference. If the conference server mistakenly sends the code stream of the conference terminal A to the conference terminal E, the conference terminal E can acquire the content of the first conference, and information of the first conference is leaked.
In the existing method, when a data link between a first conference terminal and a target conference terminal is confirmed, the first conference terminal firstly sends a confirmation request to the target conference terminal, and when the target conference terminal responds to the confirmation request, a terminal identifier is returned. And if the first conference terminal does not receive the response message or the received terminal identification is not the target conference terminal, judging that the data link between the first conference terminal and the target conference terminal has errors and cannot start to send the code stream. However, as shown in fig. 1, if another conference terminal F obtains the terminal identifier of the conference terminal D in advance, the conference terminal F may masquerade as the conference terminal D responding to the confirmation request of the conference terminal a, so as to steal the content of the first conference, thereby causing the first conference information to be leaked.
Therefore, the existing method can only confirm whether the first conference terminal establishes the data link with other conference terminals, but cannot confirm whether the conference terminal establishing the data link with the first conference terminal is the target conference terminal.
Disclosure of Invention
In view of this, embodiments of the present invention provide an authentication method and apparatus for a conference system, so as to confirm the identity of a target conference terminal in a data link while confirming connectivity of the data link.
According to a first aspect, an embodiment of the present invention provides an authentication method for a conference system, where the conference system includes: the authentication method comprises the following steps of: the conference server receives a link confirmation request of the first conference terminal, wherein the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference; the conference server forwards the link confirmation request to the second conference terminal based on the identification information of the second conference terminal; the conference server judges whether identity information sent by the second conference terminal is received or not, wherein the identity information is used for authenticating the second conference terminal; when the identity information is received, the conference server authenticates the second conference terminal according to the identity information; and the conference server sends the authentication result of the second conference terminal to the first conference terminal.
Optionally, the conference server is a plurality of cascaded conference servers, and the plurality of conference servers form a data link between the first conference terminal and the second conference terminal, and are configured to forward a code stream between the first conference terminal and the second conference terminal; the authentication method further comprises: and authenticating the data link between the first conference terminal and the second conference terminal.
Optionally, authenticating the data link between the first conference terminal and the second conference terminal includes: when the current conference server receives the message forwarded by the previous conference server, the identity authentication is carried out on the previous conference server; the message includes the link confirmation request or the authentication result. And when the last conference server passes the authentication, the current conference server sends the message to the next device in the data link.
Optionally, the step of authenticating, by the conference server, the second conference terminal according to the identity information includes: the conference server sends the identity information and the identification information of the second conference terminal to an authentication server, and the authentication server authenticates the second conference terminal according to the identity information; the authentication server is connected with the conference server and is positioned outside a data link between the first conference terminal and the second conference terminal; and receiving an authentication result sent by the authentication server.
Optionally, before the step of receiving the link confirmation request of the first conference terminal, the conference server further includes: the first conference terminal judges whether the current conference belongs to a preset security level; and when the current conference belongs to a preset security level, the first conference terminal sends the link confirmation request to the conference server.
Optionally, before the step of receiving the link confirmation request of the first conference terminal, the conference server further includes: the conference server carries out identity authentication on the first conference terminal; when the identity authentication of the first conference terminal passes, the first conference terminal sends the link confirmation request to the conference server; the authentication method further comprises: and after the second conference terminal passes the authentication, the conference server sends the authentication result of the first conference terminal to the second conference terminal.
According to a second aspect, an embodiment of the present invention provides an authentication apparatus for a conference system, the conference system including: conference server, first meeting terminal and second meeting terminal, authentication device includes: a first receiving unit, configured to receive a link confirmation request of the first conference terminal, where the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference; a forwarding unit, configured to forward the link confirmation request to the second conference terminal based on the identification information of the second conference terminal; the first judging unit is used for judging whether identity information sent by the second conference terminal is received or not, and the identity information is used for authenticating the second conference terminal; the first authentication unit is used for authenticating the second conference terminal according to the identity information when the identity information is received; and the first sending unit is used for sending the authentication result of the second conference terminal to the first conference terminal.
Optionally, the conference server is a plurality of cascaded conference servers, and the plurality of conference servers form a data link between the first conference terminal and the second conference terminal, and are configured to forward a code stream between the first conference terminal and the second conference terminal; the authentication apparatus further includes: and the second authentication unit is used for authenticating the data link between the first conference terminal and the second conference terminal.
Optionally, the second authentication unit includes: the first authentication subunit is used for performing identity authentication on the previous conference server when receiving the message forwarded by the previous conference server; the message includes the link confirmation request or the authentication result. And the sending subunit is configured to send the message to the next device in the data link when the last conference server passes the authentication.
Optionally, the first authentication unit comprises: the second authentication subunit is used for sending the identity information and the identification information of the second conference terminal to an authentication server, and the authentication server authenticates the second conference terminal according to the identity information; the authentication server is connected with the conference server and is positioned outside a data link between the first conference terminal and the second conference terminal; and the receiving subunit is used for receiving the authentication result sent by the authentication server.
Optionally, the apparatus further comprises: the second judgment unit is used for judging whether the current conference belongs to a preset security level; and the second sending unit is used for sending the link confirmation request to the conference server when the current conference belongs to a preset security level.
Optionally, the apparatus further comprises: the third authentication unit is used for sending the link confirmation request to the conference server by the first conference terminal when the identity authentication of the first conference terminal passes; the device further comprises: and the third sending unit is used for sending the authentication result of the first conference terminal to the second conference terminal after the second conference terminal passes the authentication.
According to the authentication method and the authentication device for the conference system, provided by the embodiment of the invention, the conference server receives the link confirmation request of the first conference terminal and the authentication result of the first conference terminal, and sends the identification information of the second conference terminal to the second conference terminal according to the identification information of the second conference terminal carried in the link confirmation request of the first conference terminal. If the sending is correctly sent to the second conference terminal, the second conference terminal sends the identity information to the conference server, and if the conference server receives the identity information of the second conference terminal, the identity information of the second conference terminal is authenticated; otherwise, other operations are executed, and finally the first conference terminal cannot receive the information that the identity authentication of the second conference terminal passes, so that the first conference terminal can confirm that the data link is wrong. When the conference server passes the identity authentication of the second conference terminal, the conference server sends the authentication result of the second conference terminal to the first conference terminal, so that the first conference terminal can confirm that a data link is established with the second conference terminal, the second conference terminal is a credible second conference terminal passing the identity authentication, the data link is correct, and the first conference terminal can further send a code stream to the second conference terminal. When the conference server fails to authenticate the identity of the second conference terminal (i.e. the identity of the second conference terminal is not trusted, for example, another conference terminal F pretends to be the second conference terminal), finally, the first conference terminal cannot receive the information that the identity of the second conference terminal passes, so that the first conference terminal can confirm that the data link is faulty. If the conference server makes an error, the link confirmation request is mistakenly sent to the E, the E sends the identity information to the conference server, even if the conference server receives the identity information of the E, the authentication cannot pass when the E is subjected to identity authentication (namely whether the E is authenticated as a second conference terminal or not), and finally the first conference terminal cannot receive the information that the identity authentication of the second conference terminal passes, so that the first conference terminal can confirm that the data link makes an error. It can be seen that the first conference terminal can confirm that the data link is in error when the first conference terminal does not establish a data link with other conference terminals or the conference terminal establishing the data link with the first conference terminal is not its target conference terminal.
Drawings
The features and advantages of the present invention will be more clearly understood by reference to the accompanying drawings, which are illustrative and not to be construed as limiting the invention in any way, and in which:
FIG. 1 shows a schematic diagram of a conferencing system;
fig. 2 is a schematic diagram illustrating an implementation environment of an authentication method of a conference system according to an embodiment of the present invention;
FIG. 3 shows a flow diagram of an authentication method for a conferencing system, according to an embodiment of the invention;
FIG. 4 shows a flow diagram of another authentication method for a conferencing system, according to an embodiment of the invention;
fig. 5 is a schematic diagram illustrating another implementation environment of the authentication method of the conference system according to the embodiment of the present invention;
FIG. 6 is a flow chart illustrating a further authentication method for a conferencing system according to an embodiment of the present invention
Fig. 7 is a schematic diagram illustrating another implementation environment of the authentication method of the conference system according to the embodiment of the present invention;
FIG. 8 illustrates a flow diagram of yet another authentication method for a conferencing system in accordance with an embodiment of the present invention;
fig. 9 shows a flowchart of yet another authentication method for a conference system according to an embodiment of the present invention;
fig. 10 is a flowchart illustrating still another authentication method for a conference system according to an embodiment of the present invention;
FIG. 11 shows a functional block diagram of an authentication device for a conferencing system, according to an embodiment of the present invention;
fig. 12 shows a schematic block diagram of another authentication apparatus for a conference system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
Fig. 2 is a schematic diagram illustrating an implementation environment of the authentication method of the conference system according to the embodiment of the present invention. As shown in fig. 2, the conference system includes a conference server, a first conference terminal, and a second conference terminal, and the first conference terminal forwards information to the second conference terminal via the conference server. Optionally, information is transmitted between the first conference terminal, the second conference terminal, and the conference server through an SSL (Secure Sockets Layer), so as to prevent information such as identification information or an authentication result of the conference terminal from being modified.
Fig. 3 is a flowchart of an authentication method for a conference system according to an embodiment of the present invention, which is used for the conference system shown in fig. 2. As shown in fig. 3, the method comprises the steps of:
s101: the conference server receives a link confirmation request of the first conference terminal, the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference. The link confirmation request is used for the first conference terminal to confirm whether the data link with the second conference terminal is correct.
S102: the conference server forwards the link confirmation request to the second conference terminal based on the identification information of the second conference terminal. And the second conference terminal sends the identity information to the conference server after receiving the link confirmation request.
S103: and the conference server judges whether the identity information sent by the second conference terminal is received or not, wherein the identity information is used for authenticating the second conference terminal. When the identity information is received, executing step S104; otherwise, executing step S105; otherwise, other operations are performed.
Here, the identity information may be a dynamic password of the second conference terminal, and may also be a certificate of the second conference terminal.
S104: and the conference server authenticates the second conference terminal according to the identity information.
Here, the identity authentication of the second conference terminal means that the conference server authenticates whether the conference terminal that sends the identity information is the conference terminal corresponding to the identification information of the second conference terminal in the link confirmation request, that is, whether the identity of the second conference terminal is trusted. If the identity of the second conference terminal is credible, the authentication is passed; otherwise, the authentication is not passed.
The mode of the conference server for performing identity authentication on the second conference terminal can be a dynamic password acquired by the second conference terminal, and the dynamic password is a password displayed on a dynamic token held by a user; the second conference terminal may also perform identity authentication through a certificate sent by the second conference terminal, and the application is not particularly limited.
The conference server may perform identity authentication on the first conference terminal and the second conference terminal in the same manner or in different manners.
S105: and the conference server sends the authentication result of the second conference terminal to the first conference terminal.
In the authentication method of the conference system, as shown in fig. 1, it is assumed that a is a first conference terminal and D is a second conference terminal, and the conference server receives the link confirmation request of a and the authentication result of a, and sends the identification information of D to D according to the identification information of D carried in the link confirmation request of a.
If the ID information is correctly sent to the D, the D sends the ID information to a conference server, and if the conference server receives the ID information of the D, the ID information of the D is authenticated; otherwise, other operations are executed, and finally A cannot receive the information that the identity authentication of D passes, so that A can confirm that the data link is in error.
When the conference server passes the identity authentication of the D, the conference server sends the authentication result of the D to the A, so that the A can confirm that a data link is established with the D, the D is the credible D passing the identity authentication, the data link is correct, and the A can further send a code stream to the D. When the identity authentication of the conference server to D is not passed (i.e. the identity of D is not trusted, e.g. another conference terminal F pretends to be D), eventually a cannot receive the information that the identity authentication of D is passed, so that a can confirm that the data link is in error.
If the conference server makes a mistake and the link confirmation request is mistakenly sent to the E, the E sends the identity information to the conference server, even if the conference server receives the identity information of the E, the authentication cannot pass when the E is subjected to identity authentication (namely whether the E is authenticated to be D or not), and finally the A cannot receive the information that the D is subjected to the identity authentication, so that the A can confirm that the data link makes a mistake.
Therefore, through the authentication method of the conference system, when the first conference terminal does not establish a data link with other conference terminals, or the conference terminal establishing the data link with the first conference terminal is not the target conference terminal, the first conference terminal can confirm that the data link is wrong.
Example two
Fig. 4 is a flowchart of another authentication method for a conference system according to an embodiment of the present invention, which is used in the conference system shown in fig. 5, and is different from the conference system shown in fig. 2 in that a conference server in the conference system is a plurality of cascaded conferences, and the plurality of cascaded conference servers form a data link between a first conference terminal and a second conference terminal for forwarding a codestream between the first conference terminal and the second conference terminal, for example, the first conference server and the second conference server in fig. 5. Optionally, information is transmitted between the first conference terminal and the first conference server, and between the second conference terminal and the second conference server through an SSL (Secure Sockets Layer), so as to prevent information such as the identification information or the authentication result of the conference terminal from being modified. The first conference server and the second conference server transmit information through a Transport Layer Security (TLS) protocol.
Correspondingly, the authentication method of the conference system further comprises the step of authenticating the data link between the first conference terminal and the second conference terminal. Specifically, as shown in fig. 4, the method includes the steps of:
s201: and the first conference server receives a link confirmation request of the first conference terminal, wherein the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference.
S202: the first conference server sends a link confirmation request to the second conference server. Wherein the second conference server is a device behind the first conference server in the pre-established data link.
S203: and the second conference server performs identity authentication on the first conference server. When the authentication is passed, step S204 is executed; otherwise, other operations are performed.
S204: and when the identity authentication of the first conference server passes, the second conference server sends the link confirmation request to the second conference terminal, namely to the next device in the data link. And after receiving the link confirmation request, the second conference terminal sends the identity information to a second conference server, and the second conference server or the first conference server authenticates the second conference terminal according to the identity information. Steps S205 to S209 in this embodiment are used for the case where the first conference server authenticates the second conference terminal; steps S210 to S214 are used in the case where the first conference server authenticates the second conference terminal.
S205: and when receiving the identity information sent by the second conference terminal, the second conference server sends the identity information of the second conference terminal (namely the identity information sent by the second conference terminal) to the first conference server.
S206: the first conference server determines whether identity information is received. When the identity information is received, step S207 is executed; otherwise, other operations are performed.
S207: and the first conference server performs identity authentication on the second conference server.
S208: and after the identity authentication of the second conference server is passed, the first conference server authenticates the second conference terminal according to the identity information.
S209: and the first conference server sends the authentication result of the second conference terminal to the first conference terminal.
S210: the second conference server determines whether the identity information is received. When the identity information is received, step S211 is performed; otherwise, other operations are performed.
S211: and the second conference server authenticates the second conference terminal according to the identity information.
S212: and the second conference server sends the authentication result to the first conference server.
S213: and when the first conference server receives the authentication result sent by the second conference server, the first conference server performs identity authentication on the second conference server.
S214: and after the identity authentication of the second conference server is passed, the first conference server sends the authentication result to the first conference terminal.
According to the authentication method of the conference system, when the identity authentication of the first conference server or the second conference server in the data link fails, the link confirmation request or the authentication result cannot be sent to the next device in the data link, and finally the first conference terminal cannot receive the information that the identity authentication of the second conference terminal passes, so that the first conference terminal can confirm that the data link is in error.
Therefore, through the authentication method of the conference system, whether the identities of the devices (such as the first conference server and the second conference server) in the data link are real or not can be confirmed, and the data link devices are prevented from being disguised by other devices, so that the security of the conference system is threatened.
EXAMPLE III
Fig. 6 is a flowchart of another authentication method for a conference system according to an embodiment of the present invention, which is used in the conference system shown in fig. 7, and is different from the conference system shown in fig. 2 in that the conference system further includes an authentication server connected to the conference server and located outside a data link between the first conference terminal and the second conference terminal. Optionally, information is transmitted between the first conference terminal, the second conference terminal, and the conference server through an SSL (Secure socket layer), so as to prevent information such as identification information or an authentication result of the conference terminal from being modified. The conference server and the authentication server transmit information via the Radius protocol, a remote authentication protocol.
As shown in fig. 6, the method includes the steps of:
s301: the conference server receives a link confirmation request of the first conference terminal, the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference.
S302: the conference server forwards the link confirmation request to the second conference terminal based on the identification information of the second conference terminal.
S303: and the conference server judges whether the identity information sent by the second conference terminal is received or not, wherein the identity information is used for authenticating the second conference terminal. When the identity information is received, executing step S304; otherwise, other operations are performed.
S304: and the conference server sends the identity information and the identification information of the second conference terminal to the authentication server, and the authentication server authenticates the second conference terminal according to the identity information.
And the authentication server authenticates whether the identity of the second conference terminal is credible according to the identity information and the identification information of the second conference terminal.
S305: and the conference server receives the authentication result sent by the authentication server.
When the authentication server authenticates that the identity of the second conference terminal is credible, the authentication result is passed; if the authentication result is not reliable, the authentication result is not passed.
S306: and the conference server sends the authentication result of the second conference terminal to the first conference terminal.
It should be added that the authentication server may be an authentication server entity that is different from the conference server entity and is dedicated to identity authentication, or the function of the authentication server may be implemented by the conference server entity.
Example four
Fig. 8 is a flowchart illustrating a further authentication method for a conference system according to an embodiment of the present invention, which is applied to the conference system shown in fig. 2. As shown in fig. 8, the method includes the steps of:
s401: and the first conference terminal judges whether the current conference belongs to a preset security level. When the current conference belongs to the preset security level, executing step S402; otherwise, no operation is performed.
S402: the first conference terminal sends a link confirmation request to the conference server.
S403: the conference server receives a link confirmation request of the first conference terminal, the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference.
S404: the conference server forwards the link confirmation request to the second conference terminal based on the identification information of the second conference terminal.
S405: and the conference server judges whether the identity information sent by the second conference terminal is received or not, wherein the identity information is used for authenticating the second conference terminal. When the identity information is received, executing step S406; otherwise, executing step S407; otherwise, other operations are performed.
S406: and the conference server authenticates the second conference terminal according to the identity information.
S407: and the conference server sends the authentication result of the second conference terminal to the first conference terminal.
The authentication method of the conference system realizes the hierarchical control of the identity authentication, namely: when the current conference belongs to the preset security level, the first conference terminal sends a link confirmation request to the conference server, and identity authentication is performed on each device in the link confirmation process, so that the conference security can be ensured; when the current conference does not reach the preset security level, identity authentication is not performed on each device in the link confirmation process, so that the transmission quantity of network information can be reduced, and network congestion is prevented.
EXAMPLE five
Fig. 9 is a flowchart illustrating a further authentication method for a conference system according to an embodiment of the present invention, which is applied to the conference system shown in fig. 2. As shown in fig. 9, the method includes the steps of:
s501: and the conference server performs identity authentication on the first conference terminal.
S502: and after the identity authentication of the first conference terminal is passed, the conference server receives a link confirmation request of the first conference terminal, wherein the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference.
S503: the conference server forwards the link confirmation request and the authentication result of the first conference terminal to the second conference terminal based on the identification information of the second conference terminal.
S504: and the conference server judges whether the identity information sent by the second conference terminal is received or not, wherein the identity information is used for authenticating the second conference terminal. When receiving the identity information, executing step S505; otherwise, executing step S506; otherwise, other operations are performed.
S505: and the conference server authenticates the second conference terminal according to the identity information.
S506: and the conference server sends the authentication result of the second conference terminal to the first conference terminal.
It should be added that, the step of sending the authentication result of the first conference terminal to the second conference terminal in step S503 may be executed before any step after the authentication of the first conference terminal passes, and is not limited to be executed in step S503.
According to the authentication method of the conference system, on one hand, the conference server performs identity authentication on the first conference terminal, and after the authentication is passed, the authentication result of the first conference terminal is sent to the second conference terminal through the conference server, so that the second conference terminal can confirm whether the first conference terminal is a target conference terminal for sending the code stream. On the other hand, the conference server receives a link confirmation request of the first conference terminal, wherein the link confirmation request carries the identifier of the second conference terminal; then the conference server sends a link confirmation request to the second conference terminal based on the identifier of the second conference terminal; the conference terminal responds to the link confirmation request and sends the identity information to the conference server; the conference server performs identity authentication on the second conference terminal and sends the authentication result of the second conference terminal to the first conference terminal, so that the first conference terminal can determine whether the second conference terminal is a target conference terminal for sending the code stream. Therefore, the authentication method of the conference system provided by the embodiment of the invention can realize the bidirectional authentication of the first conference terminal and the second conference terminal on the data link, so as to ensure the security of the mutual transmission code stream of the two parties.
EXAMPLE six
Fig. 10 is a flowchart illustrating a further authentication method for a conference system according to an embodiment of the present invention, which is applied to the conference system shown in fig. 2. The method specifically implements the method shown in fig. 9 using INVITE and INFO messages in the SIP protocol. As shown in fig. 10, the method includes the steps of:
s601: and the first conference terminal sends a first INVITE message to the first conference server, wherein the first INVITE message comprises a link confirmation request, the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference.
Optionally, before the step, the first conference terminal sends a REGISTER message to the conference server, where the REGISTER message carries a login account and a password, and when the conference server verifies the login account and the password. After the verification is passed, step S601 is executed again.
S602: and after receiving the first INVITE message, the conference server sends a second INVITE message to the second conference terminal according to the identification information of the second conference terminal, wherein the second INVITE message comprises the link confirmation request.
S603: and after acquiring the link confirmation request in the second INVITE message, the second conference terminal sends a first 200OK message to the conference server, wherein the first 200OK message carries the second link confirmation request, and the second link confirmation request carries the identification information of the first conference terminal.
S604: and after receiving the first 200OK message, the conference server sends a second 200OK message to the first conference terminal according to the identification information of the first conference terminal, wherein the second 200OK message comprises a second link confirmation request.
After the above step S603, the second conference terminal further performs the following step S605.
S605: and after acquiring the link confirmation request in the second INVITE message, the second conference terminal sends a first INFO message to the conference server, wherein the first INFO message comprises the identity information of the second conference terminal, and the identity information is used for authentication of the second conference terminal.
S606: the conference server determines whether the first INFO message is received. When receiving the first INFO message, execute step S607; otherwise, other operations are performed.
S607: and the conference server carries out identity authentication on the second conference terminal according to the identity information in the first INFO message.
S608: and the conference server sends a second INFO message to the first conference terminal, wherein the second INFO message comprises an authentication result of the second conference terminal.
After acquiring the second link request in the second 200OK message, the first conference terminal further performs the following step S609.
S609: the first conferencing terminal sends a third INFO message to the conferencing server, the third INFO message including the identity information of the first conferencing terminal.
S610: and the conference server carries out identity authentication on the first conference terminal according to the identity information of the first conference terminal in the third INFO message.
S611: and the conference server sends a fourth INFO message to the second conference terminal, wherein the fourth INFO message comprises the authentication result of the first conference terminal.
The authentication method of the conference system sets the information to be sent in the INVITE message signaling and the INFO message signaling of the SIP protocol for transmission, thereby additionally setting a special message signaling for transmitting the information, thereby reducing the transmission quantity of network information and preventing network congestion.
EXAMPLE seven
Fig. 11 is a schematic block diagram of an authentication apparatus for a conference system according to an embodiment of the present invention, which is used for the conference system shown in fig. 2. As shown in fig. 11, the apparatus includes a first receiving unit 10, a forwarding unit 20, a first judging unit 30, a first authenticating unit 40, and a first transmitting unit 50.
The first receiving unit 10 is configured to receive a link confirmation request of a first conference terminal, where the link confirmation request carries identification information of a second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference.
A forwarding unit 20, configured to forward the link confirmation request to the second conference terminal based on the identification information of the second conference terminal.
The first determining unit 30 is configured to determine whether identity information sent by the second conference terminal is received, where the identity information is used to authenticate the second conference terminal.
And the first authentication unit 40 is configured to authenticate the second conference terminal according to the identity information when receiving the identity information.
And a first sending unit 50, configured to send the authentication result of the second conference terminal to the first conference terminal.
By the authentication device of the conference system, the conference server receives the link confirmation request of the first conference terminal and the authentication result of the first conference terminal, and sends the identification information of the second conference terminal to the second conference terminal according to the identification information of the second conference terminal carried in the link confirmation request of the first conference terminal. If the sending is correctly sent to the second conference terminal, the second conference terminal sends the identity information to the conference server, and if the conference server receives the identity information of the second conference terminal, the identity information of the second conference terminal is authenticated; otherwise, other operations are executed, and finally the first conference terminal cannot receive the information that the identity authentication of the second conference terminal passes, so that the first conference terminal can confirm that the data link is wrong. When the conference server passes the identity authentication of the second conference terminal, the conference server sends the authentication result of the second conference terminal to the first conference terminal, so that the first conference terminal can confirm that a data link is established with the second conference terminal, the second conference terminal is a credible second conference terminal passing the identity authentication, the data link is correct, and the first conference terminal can further send a code stream to the second conference terminal. When the conference server fails to authenticate the identity of the second conference terminal (i.e. the identity of the second conference terminal is not trusted, for example, another conference terminal F pretends to be the second conference terminal), finally, the first conference terminal cannot receive the information that the identity of the second conference terminal passes, so that the first conference terminal can confirm that the data link is faulty. If the conference server makes an error, the link confirmation request is mistakenly sent to the E, the E sends the identity information to the conference server, even if the conference server receives the identity information of the E, the authentication cannot pass when the E is subjected to identity authentication (namely whether the E is authenticated as a second conference terminal or not), and finally the first conference terminal cannot receive the information that the identity authentication of the second conference terminal passes, so that the first conference terminal can confirm that the data link makes an error. It can be seen that the first conference terminal can confirm that the data link is in error when the first conference terminal does not establish a data link with other conference terminals or the conference terminal establishing the data link with the first conference terminal is not its target conference terminal.
Please refer to the first to sixth embodiments for the specific steps executed by the units.
Example eight
Fig. 12 shows a schematic block diagram of another authentication apparatus for a conference system according to an embodiment of the present invention. As shown in fig. 12, the apparatus includes a first receiving unit 10, a forwarding unit 20, a first judging unit 30, a first authenticating unit 40, and a first transmitting unit 50.
The first receiving unit 10 is configured to receive a link confirmation request of a first conference terminal, where the link confirmation request carries identification information of a second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference.
A forwarding unit 20, configured to forward the link confirmation request to the second conference terminal based on the identification information of the second conference terminal.
The first determining unit 30 is configured to determine whether identity information sent by the second conference terminal is received, where the identity information is used to authenticate the second conference terminal.
And the first authentication unit 40 is configured to authenticate the second conference terminal according to the identity information when receiving the identity information.
And a first sending unit 50, configured to send the authentication result of the second conference terminal to the first conference terminal.
As an optional implementation manner of this embodiment, the conference server is a plurality of cascaded conference servers, and the plurality of conference servers form a data link between the first conference terminal and the second conference terminal, which is used to forward a code stream between the first conference terminal and the second conference terminal. The authentication apparatus further comprises a second authentication unit 60 for authenticating the data link between the first conference terminal and the second conference terminal.
Optionally, the second authentication unit 60 comprises a first authentication subunit 61 and a sending subunit 62.
And the first authentication subunit 61 is configured to perform identity authentication on the previous conference server when receiving the message forwarded by the previous conference server. The message includes a link confirmation request or an authentication result.
A sending subunit 62, configured to send the message to the next device in the data link when the last conference server passes the authentication.
As an optional implementation manner of the present embodiment, the first authentication unit 40 includes a second authentication subunit 41 and a receiving subunit 42.
And a second authentication subunit 41, configured to send the identity information and the identification information of the second conference terminal to an authentication server, where the authentication server authenticates the second conference terminal according to the identity information. The authentication server is connected to the conference server and is located outside the data link between the first conference terminal and the second conference terminal.
And a receiving subunit 42, configured to receive the authentication result sent by the authentication server.
As an optional implementation manner of this embodiment, the authentication apparatus further includes a second judging unit 70 and a second transmitting unit 80.
And a second judging unit 70, configured to judge whether the current conference belongs to a preset security level.
And a second sending unit 80, configured to send a link confirmation request to the conference server when the current conference belongs to the preset security level.
As an optional implementation manner of this embodiment, the authentication apparatus further includes: a third authentication unit 90, configured to perform identity authentication on the first conference terminal; and when the first conference terminal passes the identity authentication, the first conference terminal sends the link confirmation request to the conference server. The apparatus further includes a third sending unit 100, configured to send an authentication result of the first conference terminal to the second conference terminal after the second conference terminal passes authentication.
Please refer to the first to sixth embodiments for the specific steps executed by the units and sub-units.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (8)
1. An authentication method for a conference system, the conference system comprising: the authentication method comprises the following steps of:
the conference server receives a link confirmation request of the first conference terminal, wherein the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference;
the conference server forwards the link confirmation request to the second conference terminal based on the identification information of the second conference terminal;
the conference server judges whether identity information sent by the second conference terminal is received or not, wherein the identity information is used for authenticating the second conference terminal, and is a dynamic password or certificate of the second conference terminal;
when the identity information is received, the conference server authenticates the second conference terminal according to the identity information;
the conference server sends the authentication result of the second conference terminal to the first conference terminal;
and the conference server performs identity authentication on the first conference terminal, and after the identity authentication of the first conference terminal passes, the conference server sends an authentication result of the first conference terminal to the second conference terminal.
2. The authentication method according to claim 1, wherein the conference server is a plurality of cascaded conference servers, and the plurality of conference servers form a data link between the first conference terminal and the second conference terminal for forwarding a code stream between the first conference terminal and the second conference terminal; the authentication method further comprises:
and authenticating the data link between the first conference terminal and the second conference terminal.
3. The authentication method of claim 2, wherein authenticating the data link between the first conference terminal and the second conference terminal comprises:
when the current conference server receives the message forwarded by the previous conference server, the identity authentication is carried out on the previous conference server; the message comprises the link confirmation request or the authentication result;
and when the last conference server passes the authentication, the current conference server sends the message to the next device in the data link.
4. The authentication method according to any one of claims 1 to 3, wherein the step of the conference server authenticating the second conference terminal according to the identity information comprises:
the conference server sends the identity information and the identification information of the second conference terminal to an authentication server, and the authentication server authenticates the second conference terminal according to the identity information; the authentication server is connected with the conference server and is positioned outside a data link between the first conference terminal and the second conference terminal;
and the conference server receives the authentication result sent by the authentication server.
5. The authentication method according to claim 4, wherein the step of the conference server receiving the link confirmation request of the first conference terminal is preceded by the step of:
the first conference terminal judges whether the current conference belongs to a preset security level;
and when the current conference belongs to a preset security level, the first conference terminal sends the link confirmation request to the conference server.
6. An authentication apparatus for a conference system, the conference system comprising: conference server, first meeting terminal and second meeting terminal, authentication device includes:
a first receiving unit, configured to receive a link confirmation request of the first conference terminal, where the link confirmation request carries identification information of the second conference terminal, and the first conference terminal and the second conference terminal are conference terminals participating in the same conference;
a forwarding unit, configured to forward the link confirmation request to the second conference terminal based on the identification information of the second conference terminal;
the first judging unit is used for judging whether identity information sent by the second conference terminal is received or not, the identity information is used for authenticating the second conference terminal, and the identity information is a dynamic password or a certificate of the second conference terminal;
the first authentication unit is used for authenticating the second conference terminal according to the identity information when the identity information is received;
the first sending unit is used for sending the authentication result of the second conference terminal to the first conference terminal;
and the third authentication unit is used for performing identity authentication on the first conference terminal, and after the identity authentication of the first conference terminal passes, the authentication result of the first conference terminal is sent to the second conference terminal.
7. The authentication device according to claim 6, wherein the conference server is a plurality of cascaded conference servers, and the plurality of conference servers form a data link between the first conference terminal and the second conference terminal for forwarding a code stream between the first conference terminal and the second conference terminal; the authentication apparatus further includes:
the second authentication unit is used for authenticating the data link between the first conference terminal and the second conference terminal;
the second authentication unit includes:
the first authentication subunit is used for performing identity authentication on the previous conference server when receiving the message forwarded by the previous conference server; the message comprises the link confirmation request or the authentication result;
and the sending subunit is configured to send the message to the next device in the data link when the last conference server passes the authentication.
8. The authentication apparatus according to claim 6, wherein the first authentication unit includes:
the second authentication subunit is used for sending the identity information and the identification information of the second conference terminal to an authentication server, and the authentication server authenticates the second conference terminal according to the identity information; the authentication server is connected with the conference server and is positioned outside a data link between the first conference terminal and the second conference terminal;
and the receiving subunit is used for receiving the authentication result sent by the authentication server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710381761.XA CN107172052B (en) | 2017-05-25 | 2017-05-25 | Authentication method and device for conference system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710381761.XA CN107172052B (en) | 2017-05-25 | 2017-05-25 | Authentication method and device for conference system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107172052A CN107172052A (en) | 2017-09-15 |
| CN107172052B true CN107172052B (en) | 2020-10-09 |
Family
ID=59820886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710381761.XA Active CN107172052B (en) | 2017-05-25 | 2017-05-25 | Authentication method and device for conference system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107172052B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109379202A (en) * | 2018-09-30 | 2019-02-22 | 联想(北京)有限公司 | Information processing method, first terminal and system |
| CN109379203A (en) * | 2018-09-30 | 2019-02-22 | 联想(北京)有限公司 | Conference status switching method, device, equipment and system |
| CN112954259B (en) * | 2021-02-09 | 2023-03-17 | 北京神州视翰科技有限公司 | Audio and video channel confirmation method and terminal suitable for multi-party teleconference system |
| CN115604021A (en) * | 2022-11-07 | 2023-01-13 | 中铁第四勘察设计院集团有限公司(Cn) | Identity authentication method and system based on Merckel tree structure |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588253A (en) * | 2009-06-22 | 2009-11-25 | 杭州华三通信技术有限公司 | Conference cascading method, system and apparatus |
| CN101640668A (en) * | 2008-07-29 | 2010-02-03 | 华为技术有限公司 | Method, system and device for authenticating user identity |
| CN103051621A (en) * | 2012-12-20 | 2013-04-17 | 苏州亿倍信息技术有限公司 | Method and system for authenticating and processing network conference |
| CN103475791A (en) * | 2005-02-25 | 2013-12-25 | 西门子通讯公司 | Systems and methods for routing a communications link |
| CN103812844A (en) * | 2012-11-15 | 2014-05-21 | 中兴通讯股份有限公司 | Method and device for security access of conference |
| CN106302329A (en) * | 2015-05-21 | 2017-01-04 | 中兴通讯股份有限公司 | Teleconference identity identifying method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101547096B (en) * | 2009-02-11 | 2012-02-15 | 广州杰赛科技股份有限公司 | Net-meeting system and management method thereof based on digital certificate |
| WO2016154660A1 (en) * | 2015-03-27 | 2016-10-06 | Inkerz Pty Ltd | Improved systems and methods for sharing physical writing actions |
-
2017
- 2017-05-25 CN CN201710381761.XA patent/CN107172052B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103475791A (en) * | 2005-02-25 | 2013-12-25 | 西门子通讯公司 | Systems and methods for routing a communications link |
| CN101640668A (en) * | 2008-07-29 | 2010-02-03 | 华为技术有限公司 | Method, system and device for authenticating user identity |
| CN101588253A (en) * | 2009-06-22 | 2009-11-25 | 杭州华三通信技术有限公司 | Conference cascading method, system and apparatus |
| CN103812844A (en) * | 2012-11-15 | 2014-05-21 | 中兴通讯股份有限公司 | Method and device for security access of conference |
| CN103051621A (en) * | 2012-12-20 | 2013-04-17 | 苏州亿倍信息技术有限公司 | Method and system for authenticating and processing network conference |
| CN106302329A (en) * | 2015-05-21 | 2017-01-04 | 中兴通讯股份有限公司 | Teleconference identity identifying method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107172052A (en) | 2017-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109905405B (en) | Security method for lawful interception | |
| CN107172052B (en) | Authentication method and device for conference system | |
| EP2563001B1 (en) | Method, system and apparatus for implementing secure call forwarding | |
| US11736492B2 (en) | Signed contact lists for user authentication in video conferences | |
| Lennox et al. | A protocol for reliable decentralized conferencing | |
| EP2981022B1 (en) | Method and system for transmitting and receiving data, method and device for processing message | |
| EP4184821A1 (en) | Ims data channel-based communication method and device | |
| US11882215B2 (en) | Handling joining and leaving of participants in videoconferencing with end-to-end encryption | |
| CN109302411B (en) | Video conference authentication system, method, device and storage medium | |
| Barnes et al. | Browser-to-browser security assurances for WebRTC | |
| CN111131641A (en) | Conference cascading method, device, server and readable storage medium | |
| US20240396895A1 (en) | Signed contact lists for user authentication in video conferences | |
| CN108235111B (en) | Information sharing method and intelligent set-top box | |
| CN104283681A (en) | A method, device and system for verifying user's legitimacy | |
| KR20210091310A (en) | Carrier Integration via User Network Interface Proxy | |
| CN117640172A (en) | Remote control method, system, electronic device and computer readable storage medium | |
| US12021715B2 (en) | Integrated network testing for virtual conferencing | |
| CN110971426A (en) | Method for constructing group session, client and storage medium | |
| KR101730403B1 (en) | Method of managing network route and network entity enabling the method | |
| CN108270717B (en) | VoIP communication method, equipment and communication system | |
| CN112235320B (en) | A password-based video networking multicast communication method and device | |
| CN112333088B (en) | Compatible instant messaging transmission method | |
| US20230131795A1 (en) | Method for coupling a medical device with a network | |
| CN116074469B (en) | Method and device for joining conference, storage medium and electronic device | |
| EP3907967A1 (en) | Method for preventing sip device from being attacked, calling device, and called device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |