CN112383392A - Video conference alternate encryption method and device and computer readable storage medium - Google Patents
Video conference alternate encryption method and device and computer readable storage medium Download PDFInfo
- Publication number
- CN112383392A CN112383392A CN202011265541.9A CN202011265541A CN112383392A CN 112383392 A CN112383392 A CN 112383392A CN 202011265541 A CN202011265541 A CN 202011265541A CN 112383392 A CN112383392 A CN 112383392A
- Authority
- CN
- China
- Prior art keywords
- conference
- client
- key
- encrypted
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000003860 storage Methods 0.000 title claims description 7
- 238000013475 authorization Methods 0.000 claims description 26
- 230000008520 organization Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 3
- 238000005304 joining Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006854 communication Effects 0.000 description 2
- 230000001788 irregular Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Telephonic Communication Services (AREA)
Abstract
A video conference alternate encryption method comprises the following steps: 1) the client requests an encrypted conference from the conference control server; 2) the conference control server sends key encryption information to the client; 3) the client generates an encrypted conference key according to the key encryption information; 4) the encrypted conference keys are rotated. According to the video conference alternate encryption method, the client generates the key of the encrypted conference according to the key encryption information of the conference control server and changes the key at any time, so that the security of the encrypted conference is greatly improved, the possibility of being cracked is reduced, and the leakage risk is reduced.
Description
Technical Field
The invention relates to the technical field of network multimedia, in particular to a video conference encryption method.
Background
In the communication process of various video conferences in the current market, in a meeting system, when a network video conference is carried out, communication is generally carried out through a network, and various network security problems, such as leakage of account passwords, easy loss in the key transmission process and easy cracking after long-time use exist. Even if an asymmetric encryption mode is adopted, the possibility of loss exists in the processes of initial password generation and downloading and transmission of a public key and a private key.
Therefore, for the video conference, a more secure encryption method is also needed to solve the security problem of the video conference.
Disclosure of Invention
In order to solve the defects of the prior art, the invention aims to provide a video conference alternate encryption method, equipment and a computer readable storage medium, which are used for producing an encrypted conference key of a control client and are used for controlling the generation of the encrypted conference key of the client
In order to achieve the above object, the present invention provides a video conference alternate encryption method, which comprises the following steps:
1) the client requests an encrypted conference from the conference control server;
2) the conference control server sends key encryption information to the client;
3) the client generates an encrypted conference key according to the key encryption information;
4) the encrypted conference keys are rotated.
Further, before the step 1), the method further includes the step that the client registers and logs in on an identity authentication server.
Further, the method also comprises the following steps of,
31) the client sends the identity identification and registration information of the client to the identity authentication server for registration;
32) the identity authentication server generates an identity authorization code corresponding to the client according to the registration information of the client;
33) the client sends the identity identification and the password of the client to the identity authentication server for logging in;
the registration information includes the name of the organization where the client is located, the name of the group where the client is located, the device id of the conference, and the device type.
Further, the step 1) further comprises the step of,
41) the client sends an identity of the client and a security level request of the encrypted conference to the conference control server to start the encrypted conference;
42) the conference control server acquires an identity authorization code corresponding to the client identity from an identity authentication server to judge the client and determine whether the client is allowed to start an encrypted conference;
43) and the conference control server distributes a conference number according to the conference type and the security level of the encrypted conference and sends the conference number to the client-side conference starting success message.
Further, said step 42) further comprises,
51) comparing the identity identification and the corresponding password of the client with the corresponding identity identification and the corresponding password in the identity authorization code;
52) comparing the name of the organization where the client is located with the name of the organization in the identity authorization code
53) Comparing the group name of the client with the group name in the identity authorization code;
54) comparing the device id and the device type of the client with the device id and the device type in the identity authorization code;
55) and the conference control server judges whether the client is allowed to start an encrypted conference or not according to the security level of the conference and the comparison result.
Further, the key encrypts information including, a random number used, and an algorithm used, wherein,
the random numbers are 3 groups or more than 3 groups of random numbers;
the random number used: for which sets of said random numbers are used;
the algorithm used is as follows: the algorithm used to generate the conference key.
Further, each group of the random numbers comprises 16 bytes of random numbers; the algorithm used includes, but is not limited to, one or more of a squaring operation, a factorial operation, a logarithmic operation, an exponential operation, and a fourier transform.
Further, the step 4) further comprises,
81) the client generates an encrypted conference key according to the key encryption information sent by the conference control server;
82) the client side utilizes the encrypted conference key to encrypt and decrypt the media stream and starts an encrypted conference;
83) the conference control server receives the key alternation information sent by the encryption server and sends new key encryption information to the client;
84) the client generates a new encrypted conference key according to the new key encryption information;
85) and the client side utilizes the new encrypted conference key to encrypt and decrypt the media stream and continue to carry out the encrypted conference.
To achieve the above object, the present invention also provides an electronic device, comprising a processor; and a memory arranged to store a computer executable program which when executed causes the processor to perform the steps of the videoconference rolling encryption method as described above.
To achieve the above object, the present invention further provides a computer readable storage medium having stored thereon computer instructions which, when executed, perform the steps of the video conference alternate encryption method as described above.
The video conference alternate encryption method, the video conference alternate encryption equipment and the computer readable storage medium have the following beneficial effects:
the client generates the key of the encrypted conference according to the key encryption information of the conference control server and changes the key at any time, because the transmitted key is not the generated password but a string of algorithms or formulas, the key can be obtained according to the specified parameters, the parameters can not be obtained even if the key is intercepted, the key can not be known, and further the key is combined with a rotation mechanism based on the special key generation mode, so that the safety is further improved, the possibility of being cracked is greatly reduced, and the leakage risk is reduced.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart of a video conference alternate encryption method according to the present invention;
FIG. 2 is a flow chart of client registration and login according to the present invention;
FIG. 3 is a flow chart of a client requesting encrypted conferences and conferences according to the present invention;
FIG. 4 is a key rotation flow diagram according to the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Example 1
Fig. 1 is a flowchart of a video conference alternate encryption method according to the present invention, and the video conference alternate encryption method of the present invention will be described in detail with reference to fig. 1.
First, in step 101, a client registers and logs on to an authentication server.
In the embodiment of the invention, the client sends the identity identification and the registration information to the identity authentication server for registration, and logs in by using the identity identification and the corresponding password.
In the embodiment of the invention, the client sends the registration information to the identity authentication server, wherein the registration information comprises the name of the organization where the client is located, the name of the group, the unique equipment id of the client participating in the conference and the equipment type.
In step 102, the client sends encrypted conference request information to the conference control server to request to create and join an encrypted conference.
In the embodiment of the invention, the encrypted conference request information sent by the client to the conference control server comprises the identity of the client and the security level of the encrypted conference.
In step 103, the director server sends key generation information to the client.
In the embodiment of the invention, the key generation information sent by the conference control server to the client comprises,
random array: 3 or more random numbers;
group number using random number: specifically using which groups of random numbers as input parameters for generating a conference key algorithm;
the algorithm used was: which algorithm is used to generate the final conference key.
In the embodiment of the present invention, the algorithms used include, but are not limited to, square operation, factorial operation, logarithmic operation, exponential operation, fourier transform, etc., and these algorithms may be operations between random numbers in a single group in the random array, or may be operations that all participate in some 2 or 3 groups in the random array.
In step 104, the client generates a key for the conference according to the key generation information.
In the embodiment of the invention, the client receives the key generation information sent by the conference control server, and generates the key of the conference according to the random numbers, the groups of random numbers and the algorithm.
In step 105, key rotation information of the encryption server is received, and a new conference key is generated to perform encrypted conference key rotation.
In the embodiment of the invention, the conference control server receives the key alternation information sent by the encryption server, the conference control server sends new key generation information to the client, and the client generates a new key of the encrypted conference by using the new key generation information to encrypt and decrypt the media stream.
Example 2
Fig. 2 is a flow chart of client registration and login according to the present invention, and the flow of client registration and login according to the present invention will be described in detail with reference to fig. 2.
In step 201, the client sends an identity and registration information to the authentication server.
In the embodiment of the invention, the client A sends the registration information of the identity identification, the name of the mechanism, the group name of the client, the unique equipment id and the equipment type of the client participating in the conference and the like to the identity authentication server for registration.
In step 202, the authentication server generates a unique authentication code corresponding to the client and sends the unique authentication code to the client.
In the embodiment of the invention, the identity authentication server generates the unique identity authorization code corresponding to the client according to the registration information of the client and sends the unique identity authorization code to the client.
In step 203, the client sends an identity and a password to the authentication server for login.
In the embodiment of the invention, after the client finishes registration and login, the identity authentication server prompts successful login, and the client can apply to the conference control server to create and join an encrypted conference.
Example 3
Fig. 3 is a flow chart of the client request encrypted conference and conference joining according to the present invention, and the flow of the client request encrypted conference and conference joining according to the present invention will be described in detail with reference to fig. 3.
In step 301, the client sends encrypted conference request information to the conference control server, requesting to create and join an encrypted conference.
In the embodiment of the invention, the encrypted conference request information sent by the client to the conference control server comprises the identity of the client and the security level of the encrypted conference.
In step 302, the conference control server identifies the client and determines whether the client is allowed to create and join the encrypted conference. If the client is allowed to create and join the encrypted conference, the next step is carried out; otherwise, prompting the client not to allow the encrypted conference to be created and joined.
In the embodiment of the present invention, the conference control server identifies the client, and the conference control server obtains the unique identity authorization code corresponding to the identity identifier of the client from the identity authentication server and performs a comparison operation, which specifically includes:
(1) comparing the identity identification and the corresponding password of the client with the identity identification and the corresponding password in the identity authorization code, if the identity identification and the corresponding password are consistent, the password passes, and if the password is wrong, the password does not pass;
(2) comparing the mechanism name of the client with the mechanism name in the authorization code corresponding to the client identity in the identity authentication server; this step ensures that clients not at the same organization or a disallowed organization cannot participate in the secure conference;
(3) comparing the group name of the client with the group name in the authorization code corresponding to the client identity in the identity authentication server; ensuring that even in the same organization, groups which are not in the same group or not allowed cannot join the encrypted conference;
(4) comparing the device id and the device type of the client with the device id and the device type in the authorization code corresponding to the client identity in the identity authentication server; the conference system and the conference method ensure that if some conferences with higher security level are added, the conferences can only be carried out on specific equipment of a specific organization, and other equipment is not allowed to participate in the conferences, thereby further ensuring the security of the conferences.
(5) The conference control server judges whether the client is allowed to establish and join the encrypted conference (start the encrypted conference) according to the security level of the conference and the comparison result; when the conference level is normal and meets the condition (1), the encrypted conference can be added; when the conference level is higher, the encrypted conference can be added when meeting the conditions (1), (2) and (3); when the conference level is the highest, all the clients need to meet the conditions, and the clients can join the encrypted conference.
In step 303, after the conference control server successfully compares the conference session number with the conference security level, the conference session number (CONF _ SEC) is assigned according to the conference session type and the conference security level, and a conference session start success message is sent to the client.
Example 4
Fig. 4 is a key rotation flow chart according to the present invention, and the key rotation flow of the present invention will be described in detail with reference to fig. 4.
In step 401, the affiliate server sends key generation information to the client.
In the embodiment of the invention, the key generation information sent by the conference control server to the client comprises,
random number: 3 or more random numbers;
group number using random number: specifically using which groups of random numbers as input parameters for generating a conference key algorithm;
the algorithm used was: which algorithm is used to generate the final conference key.
In the embodiment of the present invention, the algorithms used include, but are not limited to, square operation, factorial operation, logarithmic operation, exponential operation, fourier transform, etc., and these algorithms may be operations between random numbers in a single group in the random array, or may be operations that all participate in some 2 or 3 groups in the random array.
In step 402, the client generates a key for the encrypted conference according to the key generation information.
In the embodiment of the invention, the client receives the key generation information sent by the conference control server, and generates the key of the encrypted conference according to the random numbers, the groups of the random numbers and the algorithm.
In step 403, the client encrypts and decrypts the streaming media by using the key of the encrypted conference, so as to perform the encrypted conference.
In step 404, the conference control server judges whether the encrypted conference is subjected to key alternation; if so, go to the next step, if not go to step 407.
In the embodiment of the invention, the encryption server sends the key alternation information to the conference control server, and after receiving the key alternation information, the conference control server considers that the encryption conference needs key alternation.
In step 405, the escrow server sends key generation information to the client.
In the embodiment of the invention, the new key generation information sent by the conference control server to the client comprises,
random number: 3 or more random numbers;
group number using random number: specifically using which groups of random numbers as input parameters for generating a conference key algorithm;
the algorithm used was: which algorithm is used to generate the final conference key.
In step 406, the client generates a new key for the encrypted conference according to the new key generation information.
In the embodiment of the invention, the client receives the new key generation information sent by the conference control server, and generates the new key of the encrypted conference according to the random numbers, the groups of the random numbers and the algorithm.
In step 407, the client determines whether to leave the encrypted conference; if not, the process returns to step 403 to encrypt and decrypt the streaming media by using the new key, and the encrypted conference is continued.
In the embodiment of the invention, when a client enters a meeting for the first time, the meeting control server sends two messages to the client, wherein the first message comprises 3 or more groups of random numbers, and each group comprises 16 bytes of random numbers; the second message contains 2 parts: (1) specifically, which set of random numbers is used as an input parameter of an algorithm for generating the encrypted conference key, and (2) which algorithm is used for generating the final conference key, where the algorithms include, but are not limited to, square operation, factorial operation, logarithmic operation, exponential operation, fourier transform, and the like, and the algorithms may be operations between random numbers in a single set of the random number sets, or may be operations that all participate in some 2 sets or 3 sets of the random number sets. For example, three groups of random numbers of the key of the current conference are respectively:
when a client enters a meeting for the first time, the meeting control server sends two messages to the client, wherein the first message comprises 3 groups of random numbers, and each group of random numbers comprises 16 bytes; the second message contains 2 parts: (1) specifically, which random number in 3 groups is used as an input parameter of the algorithm for generating the conference key, and (2) which algorithm is used for generating the final conference key, where the algorithms include, but are not limited to, square operation, factorial operation, logarithmic operation, exponential operation, fourier transform, and the like, and the algorithms may be operations between random numbers in a single group of the 3 groups of random numbers, or operations involving all of 2 or 3 groups of the 3 groups of random numbers. For example, the following steps are carried out: the three groups of random numbers of the key of the conference are respectively as follows:
a group:
b group:
and c, group:
the key generation algorithm adopts all elements of the 1 st group (a group) and the third group (c group) to perform square operation, corresponding sequence number elements are added, and then the square is opened to obtain an integer value part in the result, and then the conference key generated after operation is as follows:
when the second client applies for a meeting, the conferencing server sends the same 2 messages (the message containing the three sets of random numbers and the message of which algorithm) to the second client.
In the embodiment of the invention, in order to ensure that the conference key is not leaked in the long-time use, a key rotation mechanism is added: during the encrypted conference, the encryption server sends a notification of key rotation to the conference control server, and after receiving the notification of key rotation, the conference control server randomly generates a random array again as an element (input parameter) for generating a new encrypted conference key and which new algorithm is adopted for the key rotation to generate a new key. For example, if the key is permuted for a new 3 sets of random numbers as follows:
and p groups:
q groups:
r group:
in the key alternation, corresponding elements (random numbers) of a 2 nd group (q group) and a 3 rd group (r group) are used as input elements for generating a new key, corresponding elements of the q group are used as base numbers, corresponding elements of the r group are used as indexes, logarithm operation with e as a base is obtained, and then the logarithm operation is divided by 4 to obtain an integer. The specific key algorithm is as follows:
then the key newly generated in this round is:
messages sent by the control server to each client are subjected to asymmetric encryption by using the public key of each client. After receiving the asymmetric encrypted message, the client decrypts the message by using the private keys thereof respectively, analyzes the message after acquiring the original message, acquires 3 groups of random numbers and a new algorithm, and then performs the operation of a new key of key alternation.
The security of the conference is further improved by a key rotation mechanism, the conference key can adopt different modes such as irregular time or linear rotation, and the encryption server determines whether to perform key rotation.
In the embodiment of the invention, if other clients apply for joining the encrypted conference created by one client, the other clients can join the conference only after being allowed by the conference control server by registering and logging in the identity authentication server as required.
The video conference alternate encryption method comprises the steps that a client A needs to be registered on an identity authentication server at first, during registration, the client A needs to send information such as an identity of the client A, a mechanism name of a mechanism where the client is located, group names of all client sides, a unique device id of a using machine of the client A, a device type and the like to the identity authentication server, the identity authentication server generates a unique authorization code corresponding to the client according to the information, the client needs to log in before meeting, the identity and a password of the client A are sent to the identity authentication server during logging in, and the logging in is successful after the identity authentication server passes verification.
The client A starts an encrypted conference, sends the identity of the client A and the security level of the conference to the conference control server, the conference control server obtains the identity authorization code corresponding to the identity of the client from the identity authentication server, and after the identity authorization code is successfully compared one by one, the conference control server allows the client to enter the conference; if the client B in the same mechanism logs in the system and joins the encrypted conference started by the client A, the conference control server acquires the unique authorization code corresponding to the identity identification of the client B from the identity authentication server, and the unique authorization code is compared with the unique authorization code:
in order to further improve the security of the conference, the conference key adopts an irregular alternation mode, the encryption server determines whether to perform key alternation, and when the key alternation is performed, the encryption server sends a notice to the identity authentication server and informs the encryption server of which alternation algorithm is adopted for the key alternation; the identity authentication server receives the key alternation notice and then sends the key alternation notice to the client; meanwhile, the identity authentication server generates a key exchange code corresponding to each client according to the exchange algorithm notified by the encryption server this time and in combination with the authorization code of each client, and sends the key exchange code to the client after asymmetric encryption.
Each client uses the own identity, the located organization code, the located group code, the equipment id, the equipment type and other information to carry out asymmetric decryption, obtains the key exchange code, and calculates a new conference key by using the key exchange code and combining with the notified new key generation algorithm.
Example 5
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device includes, on a hardware level, a processor, and optionally an internal bus, a network interface, and a memory 504. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program, and forms a shared resource access control device on a logic level. And a processor executing the program stored in the memory and specifically configured to perform the steps of the videoconference alternate encryption method as described above.
Example 6
In an embodiment of the present invention, a computer-readable storage medium is further provided, on which a computer program is stored, where the computer program executes the steps of the video conference alternate encryption method as described above.
Those of ordinary skill in the art will understand that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A video conference alternate encryption method is characterized by comprising the following steps:
1) the client requests an encrypted conference from the conference control server;
2) the conference control server sends key encryption information to the client;
3) the client generates an encrypted conference key according to the key encryption information;
4) the encrypted conference keys are rotated.
2. The video conference rotation encryption method according to claim 1, further comprising, before the step 1), a step of registering and logging in the client on an identity authentication server.
3. The video conference rotational encryption method of claim 2, further comprising,
31) the client sends the identity identification and registration information of the client to the identity authentication server for registration;
32) the identity authentication server generates an identity authorization code corresponding to the client according to the registration information of the client;
33) the client sends the identity identification and the password of the client to the identity authentication server for logging in;
the registration information includes the name of the organization where the client is located, the name of the group where the client is located, the device id of the conference, and the device type.
4. The video conference alternate encryption method according to claim 1, wherein said step 1) further comprises,
41) the client sends an identity of the client and a security level request of the encrypted conference to the conference control server to start the encrypted conference;
42) the conference control server acquires an identity authorization code corresponding to the client identity from an identity authentication server to judge the client and determine whether the client is allowed to start an encrypted conference;
43) and the conference control server distributes a conference number according to the conference type and the security level of the encrypted conference and sends the conference number to the client-side conference starting success message.
5. The video conference rotational encryption method of claim 4, wherein said step 42) further comprises,
51) comparing the identity identification and the corresponding password of the client with the corresponding identity identification and the corresponding password in the identity authorization code;
52) comparing the name of the organization where the client is located with the name of the organization in the identity authorization code
53) Comparing the group name of the client with the group name in the identity authorization code;
54) comparing the device id and the device type of the client with the device id and the device type in the identity authorization code;
55) and the conference control server judges whether the client is allowed to start an encrypted conference or not according to the security level of the conference and the comparison result.
6. The video conference alternate encryption method of claim 1 wherein the key encrypts information including, a random number used, and an algorithm used, wherein,
the random numbers are 3 groups or more than 3 groups of random numbers;
the random number used: for which sets of said random numbers are used;
the algorithm used is as follows: the algorithm used to generate the conference key.
7. The video conference alternate encryption method of claim 6 wherein each set of said random numbers comprises a random number of 16 bytes; the algorithm used includes, but is not limited to, one or more of a squaring operation, a factorial operation, a logarithmic operation, an exponential operation, and a fourier transform.
8. The video conference alternate encryption method according to claim 1, wherein said step 4) further comprises,
81) the client generates an encrypted conference key according to the key encryption information sent by the conference control server;
82) the client side utilizes the encrypted conference key to encrypt and decrypt the media stream and starts an encrypted conference;
83) the conference control server receives the key alternation information sent by the encryption server and sends new key encryption information to the client;
84) the client generates a new encrypted conference key according to the new key encryption information;
85) and the client side utilizes the new encrypted conference key to encrypt and decrypt the media stream and continue to carry out the encrypted conference.
9. An electronic device comprising, a processor; and a memory arranged to store a computer executable program which when executed causes the processor to perform the steps of the videoconference rotating encryption method of any of claims 1 to 8.
10. A computer-readable storage medium, on which a computer program is stored, which when executed performs the steps of the video conference alternate encryption method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011265541.9A CN112383392B (en) | 2020-11-13 | 2020-11-13 | Video conference rotation encryption method, video conference rotation encryption equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011265541.9A CN112383392B (en) | 2020-11-13 | 2020-11-13 | Video conference rotation encryption method, video conference rotation encryption equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112383392A true CN112383392A (en) | 2021-02-19 |
| CN112383392B CN112383392B (en) | 2024-03-15 |
Family
ID=74583596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011265541.9A Active CN112383392B (en) | 2020-11-13 | 2020-11-13 | Video conference rotation encryption method, video conference rotation encryption equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112383392B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804058A (en) * | 2021-03-17 | 2021-05-14 | 浙江华创视讯科技有限公司 | Conference data encryption and decryption method and device, storage medium and electronic equipment |
| CN119788808A (en) * | 2025-03-11 | 2025-04-08 | 联城科技(河北)股份有限公司 | Video conference data security encryption method, system, device, and storage medium |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594794A (en) * | 2011-12-24 | 2012-07-18 | 华为技术有限公司 | Access method and device of media encryption conference |
| WO2012126872A1 (en) * | 2011-03-22 | 2012-09-27 | Smals Vzw | Method and devices for secure data access and exchange |
| CN104394123A (en) * | 2014-11-06 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | A data encryption transmission system and method based on an HTTP |
| CN104618110A (en) * | 2015-01-15 | 2015-05-13 | 中国科学院信息工程研究所 | VoIP safety meeting session key transmission method |
| CN106850520A (en) * | 2016-04-18 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of implementation method for encrypting voice conferencing |
| US20170366524A1 (en) * | 2016-06-16 | 2017-12-21 | International Business Machines Corporation | Synchronizing secure session keys |
| CN107566397A (en) * | 2017-09-28 | 2018-01-09 | 深圳市汉普电子技术开发有限公司 | Video conference information transferring method, terminal device, server and storage medium |
| CN107733747A (en) * | 2017-07-28 | 2018-02-23 | 国网江西省电力公司上饶供电分公司 | Towards the common communication access system of multiple service supporting |
| US20190103984A1 (en) * | 2017-09-29 | 2019-04-04 | Apple Inc. | Secure multiway calling |
| CN110190955A (en) * | 2019-05-27 | 2019-08-30 | 新华三信息安全技术有限公司 | Information processing method and device based on secure socket layer protocol certification |
| CN110351080A (en) * | 2019-07-11 | 2019-10-18 | 视联动力信息技术股份有限公司 | A kind of key exchange method and device |
| CN111666558A (en) * | 2020-04-30 | 2020-09-15 | 平安科技(深圳)有限公司 | Key alternation method, key alternation device, computer equipment and storage medium |
-
2020
- 2020-11-13 CN CN202011265541.9A patent/CN112383392B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012126872A1 (en) * | 2011-03-22 | 2012-09-27 | Smals Vzw | Method and devices for secure data access and exchange |
| CN102594794A (en) * | 2011-12-24 | 2012-07-18 | 华为技术有限公司 | Access method and device of media encryption conference |
| CN104394123A (en) * | 2014-11-06 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | A data encryption transmission system and method based on an HTTP |
| CN104618110A (en) * | 2015-01-15 | 2015-05-13 | 中国科学院信息工程研究所 | VoIP safety meeting session key transmission method |
| CN106850520A (en) * | 2016-04-18 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of implementation method for encrypting voice conferencing |
| US20170366524A1 (en) * | 2016-06-16 | 2017-12-21 | International Business Machines Corporation | Synchronizing secure session keys |
| CN107733747A (en) * | 2017-07-28 | 2018-02-23 | 国网江西省电力公司上饶供电分公司 | Towards the common communication access system of multiple service supporting |
| CN107566397A (en) * | 2017-09-28 | 2018-01-09 | 深圳市汉普电子技术开发有限公司 | Video conference information transferring method, terminal device, server and storage medium |
| US20190103984A1 (en) * | 2017-09-29 | 2019-04-04 | Apple Inc. | Secure multiway calling |
| CN110190955A (en) * | 2019-05-27 | 2019-08-30 | 新华三信息安全技术有限公司 | Information processing method and device based on secure socket layer protocol certification |
| CN110351080A (en) * | 2019-07-11 | 2019-10-18 | 视联动力信息技术股份有限公司 | A kind of key exchange method and device |
| CN111666558A (en) * | 2020-04-30 | 2020-09-15 | 平安科技(深圳)有限公司 | Key alternation method, key alternation device, computer equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 胡志言;杜学绘;曹利峰;: "会话密钥协商协议研究进展", 计算机应用与软件, no. 05 * |
| 阮鸥;王子豪;张明武;: "一种高效的匿名口令认证密钥交换协议", 中南民族大学学报(自然科学版), no. 02 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804058A (en) * | 2021-03-17 | 2021-05-14 | 浙江华创视讯科技有限公司 | Conference data encryption and decryption method and device, storage medium and electronic equipment |
| CN119788808A (en) * | 2025-03-11 | 2025-04-08 | 联城科技(河北)股份有限公司 | Video conference data security encryption method, system, device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112383392B (en) | 2024-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111327582B (en) | Authorization method, device and system based on OAuth protocol | |
| US9130935B2 (en) | System and method for providing access credentials | |
| CN110519300B (en) | Client-side secret key safe storage method based on password bidirectional authentication | |
| US20060085862A1 (en) | Method and system for authorizing multimedia multicasting | |
| US20090290715A1 (en) | Security architecture for peer-to-peer storage system | |
| CN109302412B (en) | VoIP communication processing method based on CPK, terminal, server and storage medium | |
| CN110662091B (en) | Third-party live video access method, storage medium, electronic device and system | |
| CN112312393A (en) | 5G application access authentication method and 5G application access authentication network architecture | |
| WO2011022999A1 (en) | Method and system for encrypting video conference data by terminal | |
| CN113852681B (en) | Gateway authentication method and device and security gateway equipment | |
| CN114553480B (en) | Cross-domain single sign-on method and device, electronic equipment and readable storage medium | |
| CN111355921A (en) | Video conference encryption method and system | |
| US11743035B2 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
| CN112422477A (en) | Service authentication method, server, electronic device and storage medium | |
| CN101594233B (en) | Method for uploading information, method for receiving information, equipment and communication system | |
| CN112383392B (en) | Video conference rotation encryption method, video conference rotation encryption equipment and computer readable storage medium | |
| CN109873818B (en) | Method and system for preventing illegal access to server | |
| US20240064143A1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
| CN115955320B (en) | Video conference identity authentication method | |
| US11658955B1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
| CN112235320B (en) | A password-based video networking multicast communication method and device | |
| CN106533895A (en) | Password-based instant communication method and system | |
| CN113656788B (en) | Conference participation authentication method, device and equipment for multimedia conference terminal and storage medium | |
| CN114039735B (en) | Method and device for transmitting data between devices | |
| US12278817B1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |