CN1491002A - IP video frequency terminal apparatus and interaction of signalling network - Google Patents
IP video frequency terminal apparatus and interaction of signalling network Download PDFInfo
- Publication number
- CN1491002A CN1491002A CNA021374309A CN02137430A CN1491002A CN 1491002 A CN1491002 A CN 1491002A CN A021374309 A CNA021374309 A CN A021374309A CN 02137430 A CN02137430 A CN 02137430A CN 1491002 A CN1491002 A CN 1491002A
- Authority
- CN
- China
- Prior art keywords
- signaling network
- network
- signaling
- data
- video
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An interactive method used specially in security unified communication network between the IP video terminal device and signaling network, includes following parts: a signaling network used in public channel and based on security special network, a data network used in transferring sound, image and data, at least two IP video terminal equipment connected with signaling network and data network, a data base connected with signaling network. After the users connect its terminal with signaling networks, the signaling module in the terminal will run a login program, to set up the users identity, service right, security status. In the procedure of call, the users identity and public key will be sent mutually. After both side all confirm the other side identity , both side negotiate to produce a share cipher, the sound ,image and data can be enciphered by this cipher and transferred through data network..
Description
Technical field
The present invention relates to public safety and unify communication network, the transmission of its sound, image, data is based on Internet protocol (IP).The present invention also is particularly related to the common signal channel based on true or VPN (virtual private network).
Background technology
Though the internet can make full use of resource, but the principle of " doing one's best ", to lack reliable user authen method, lack the reliable control of Internet resources etc. all be the shortcoming of existing internet, becomes a reliable and safe communication instrument thereby limit it.The transmission of its sound, image and data is based on the algorithm of " doing one's best " and is controlled by Internet protocol.The IP address is set by user oneself, so they can not be discerned as reliable physical address.At traditional PSTN (PSTN), the user is distinguished by the physical circuit port address of being determined by telephone number in advance, and its talk channel is controlled by the SS7 signaling network.Therefore, the safety of internet is compared with the PSTN net and is greatly differed from each other.Yet in the ecommerce society of now develop rapidly, the PSTN technology does not possess some required key characters of Business survival.And divide packet network is specially for data transmission scheme, has remedied PSTN great deficiency in this regard.
The safety problem of internet obtains users' concern for a long time.We can enumerate the problem of some internet security aspects, as: can not discern unwarranted user's false identity, password and information may be by intercepting midway, can not stop behavior that hacker's attack, the propagation of internet worm, unwarranted user do with keeper's identity as the change web site contents, can not come up with assault source or the like.With regard to existing internet, if there is not the significant improvement of network infrastructure function, all these safety problems all are difficult to overcome, and cost is very expensive.
For overcoming the problems referred to above, can make up a security and unity public network, as shown in Figure 1, this network is made up of signaling network 101, data network 102, user terminal 103 and database 104.The user earlier by between terminal 103 and the signaling network 101 alternately logining and to be provided with bandwidth, Service Privileges etc., the message transmission after finishing alternately between the user can be carried out and controlled by signaling network 101 via data network 102.
But, also there is not special method at present to realize mutual between terminal and the signaling network because this security and unity communication network is a brand-new technology.
Summary of the invention
The object of the present invention is to provide a kind of IP video frequency terminal apparatus and signaling network that is specifically designed to the security and unity communication network to carry out mutual method, unify communication network to make up a public safety.
For reaching above-mentioned purpose, public safety involved in the present invention is unified communication network by forming as the lower part: a terminal equipment and a database that links to each other with signaling network that is used for common signal channel and is connected with data network based on the signaling network of secure private network, data network in order to transmission sound, image and data, at least two whiles and signaling network.Signaling network can be based upon one independently on the physical network, also can be based upon on the VPN (virtual private network) with the shared same physical medium of data network, also can be based upon on the two combine of independently physical network and VPN (virtual private network).The information of lane database store user preset can also provide the data signature service.After certain user went up signaling network with its terminal connection, the signalling module of lane terminal can move a logging program.This logging program is to serve desired state etc. in order to the identity of setting up the user, Service Privileges, safe condition and other.When calling party was called out the called party, its identity and its PKI will be by database transmissions to signaling networks and be sent to the called party, and the called party can send its PKI to calling party via signaling network too.These PKIs that exchange between calling party and called party produce in the time of can conversing at every turn at random, in order to the maximum security of guaranteeing to converse.All confirmed the other side's identity both sides after, both sides consult to produce a shared password, and sound, image and data just can be transmitted with this password encryption and via data network.
Following detailed description and embodiment can better help to understand other purposes of the present invention, advantage and feature that some are new.
Description of drawings
Can better understand the present invention and advantage thereof with reference to the following drawings:
Fig. 1 is the security and unity communication network architecture figure of transmission sound, image and data;
Fig. 2 is an IP video frequency terminal apparatus structure chart;
Fig. 3 is login process figure;
Fig. 4 is for calling, exchange of public keys and share key generative process figure.
Embodiment
Fig. 1 unifies communication network architecture figure for the public safety of transmission sound, image and data.Whole network comprises following part: one is used for common signal channel and is used to transmit the data network 102 of sound, image and data, at least two IP video terminals 103 that can move signalling module and data module and one based on the signaling network 101 of secure private network, one being used to the database 104 storing and handle each user's prestored information and PKI and messaging parameter are provided for the user simultaneously.
Signaling network 101 designs as common signal channel.For reaching the purpose of safety, it all is unique that each between signaling network 101 and the user terminal 103 is connected, and based on the cipher key shared.
Signaling network 101 can be an independently physical network, also can be a VPN (virtual private network) with data network 102 shared same physical mediums.
Database 104 links to each other with signaling network 101.The key that has each user in database 104, different users has different keys.These keys are used to confirm user's identity, and establish its authority and enjoy the right of serving.
Database 104 also can be in communication process provides the digital signature service for calling party and called party.This is a kind of additional safety approach, in order to guarantee using correct public keys in ciphering process.Database 104 can also be used to establishing the right of the service of enjoyment.
User terminal 103 links to each other with signaling network 101 by wired passage, radio channel or with network that other users share.Its connected mode is a physical connection.This physical connection mode can be shared with other users or be shared with other physical mediums of sharing by data network 102.
IP video terminal 103 or by one independently physical media link to each other with signaling network 101, or link to each other with signaling network 101 by virtual private connection.This virtual private connected mode and data network 102 or other IP video terminals 103 are shared same physical connection.
Each IP video terminal 103 all has two connections, and one connects signaling network 101, and another then connects data network 102, and this two connection can be independently, also can shared same physical medium or network.
Fig. 2 is an IP video frequency terminal apparatus structure chart.As shown in the figure, IP video frequency terminal apparatus 103 is made up of like the dialing phone 201 of PSTN terminal, communication and vision processor 202, video camera 203, a display 204 category.Dialing phone 201, video camera 203 are connected with vision processor 202 with communication respectively with display 204.In communication and vision processor 202 operation have the signalling module of communicate by letter based on the signaling network of secure private network and in order to gather, compression, transmit, the data module of sound, image and the data of decompression and broadcast.Dialing phone 201 is used to import log-on message and voice data is provided.Video camera 203 is used for gathering video information and is handled to input to communication and vision processor 202.204 of displays in conversation in real time in order to displayed image information.Communication is connected with data network 102 with signaling network 101 with 202 of vision processors.
Fig. 3 is login process figure.After IP video terminal 103 was connected to signaling network 101, the login module in the IP video terminal 103 brought into operation.IP video terminal 103 can send a logging request to signaling network 101.Signaling network 101 is received and can be returned a PKI KEY1 after this logging request and based on a digital signature of ca authentication.User terminal 103 uses KEY1 to encrypt its global identity accession number UID in the errorless back of confirmer digital signature.This global identity accession number UID is unique 16 figure places (also can be other long numbers), so that the user is discerned.The also available cipher key shared KEY2 of user encrypts its log-on message.The UID that this encrypted with KEY1 and will be sent to signaling network 101 with the form of IP packet with the user login information that KEY1 and KEY2 encrypted together.Signaling network 101 begins to handle these information then, and itself and the information that is stored in 104 li of signaling network databases are in advance compared.
The signaling network database stores for 104 li shares key K EY2 and log-on message.Receive user's log-on message when signaling network 101 after, KEY2 will be used to identity, authority, COS, messaging parameter and the servicing rights etc. to log-on message deciphering and affirmation user.If login successfully, signaling network 101 will return to IP video terminal 103 a confirmation forms, inform that it has logined success.
Above-mentioned cipher key shared KEY2 is consulted to produce by IP video terminal 103 and signaling network 101.It also can be produced separately by signaling network 101.And each time the login all can have a different shared key K EY2,
After logging program was finished, state of user was recorded as " reaching the standard grade " in database 104, and the user gets ready this moment, and it can call out other users, or by other customer calls.Corresponding login successful information also can be presented on the display 204 of IP video terminal 103.
After the user login, the connection between IP video terminal 103 and the signaling network 101 is based on cipher key shared KEY2 and the safety set up connects.From then on, all signalings all will be encrypted by KEY2.
Fig. 4 is calling, exchange of public keys and shared key generative process figure.When certain IP video terminal 103 (below be referred to as terminal 1) was called out another IP video terminal 103 (below be referred to as terminal 2 103), it at first generated a PKI KEY3 so that the other side is used for encrypting.It can send a call request to signaling network 101, submits a series of messaging parameter and key K EY3 simultaneously to.Signaling network 101 can be sent to terminal 2 103 with KEY3 and its request.Here, terminal 1 and terminal 2 103 must all have been logined to signaling network 101.
After terminal 2 103 was received the call request of terminal 1, it can determine whether reply terminal 1.If terminal 2 103 is agreed and terminal one 103 conversations, it can be sent to signaling network 101 with PKI KEY4 of oneself and other messaging parameter, forwards it to terminal 1 by signaling network 101 again and notifies terminal one 103 conversations to begin.
The each conversation of KEY3 and KEY4 all regenerates once, in the hope of obtaining safety to greatest extent.The user also can once generate the back with regard to all conversations after being applied to always.
Behind the exchange PKI, both sides generate the part of a shared key K EY5 separately, and then send this part to the other side by signaling network 101 after with the other side's public key encryption, and so complete shared key K EY5 has just produced.
After both sides obtained this shared key K EY5, the escape way between them had just been set up.Data module in IP video terminal 103 brings into operation.Video terminal 103 is gathered video from video camera 203, gather audio frequency from the microphone of dialing phone 201, audio and video stream is compressed, according to shared password encryption, then data flow is sent to the other side with the form that IP wraps via data network 102, after the other side receives the IP bag, use and share password KEY5 deciphering, the audio and video stream that decompresses then, display 204 display video images, the receiver of dialing phone 201 is heard the other side's sound.
This shared password KEY5 is time conversation generation thus only, and each conversation all can produce a new shared password.
After calling party and called party establish the identity of oneself by signaling network 101 and based on the information that prestores in the signaling network database 104, when calling party was wanted to converse with certain parameter, it must affirm earlier that these parameters can the two can both be accepted by signaling network 101 and called party.Calling party sends a parameter list earlier to signaling network 101, and COS, bandwidth and priority etc. are shown in the inside.Signaling network 101 will be checked the parameter that the called party registers and accept the ability of service at present from network on network, a cover new network messaging parameter that can provide is provided then and sends it to the called party, by the called party these parameters are done last decisions and this decision is sent to calling party via signaling network 101 again.If calling party is agreed this decision, messaging parameter has just been determined.
When calling party sent out a selectable parameter list, it put on priority level so that signaling network 101 and called party can have a clearer understanding to its call request can for each option.The option that priority level is the highest can be met usually at first.
In the communication process, when certain side only needs to have only audio stream, and do not need video flowing or when having only audio stream to increase video flowing, he can be by dialing phone 201 input solicited messages.Processor 202 sends to the other side with it via signaling network 101 after the solicited message of process user.If the other side agrees, can be adjusted accordingly by signaling network 101.
In communication process, if certain side wishes to hang up, put down microphone, just have corresponding hang-up request and be sent to processor 202 by dialing phone 201 places, 202 of processors stop communication with this information notice signaling net 101.101 of signaling networks are notified the other user to serve and are stopped, discharge corresponding resource simultaneously.
When both sides in talking state, carry out on data network 102 because both sides are transmitted data, if video terminal 103 broke down with being connected of 101 of signaling networks, video terminal 103 will keep conversation unimpeded, simultaneously reconnect signaling network 101 automatically, fully guaranteed the redundancy of system.
If video terminal 103 is not in the talking state, when it is connected with signaling network 101 when breaking down, will reconnect signaling network automatically, keep signaling network unimpeded, can call out other people, also can receipt of call.
In sum,, can between terminal 103, set up the safety connection, make public safety unify the possibility that is configured to of communication network by as above mutual between IP video terminal 103 and the signaling network 101.
Claims (13)
1. one kind is used for public safety and unifies the IP video frequency terminal apparatus and the signaling network of communication network and carry out mutual method, public safety is unified communication network by signaling network, data network, compositions such as IP video frequency terminal apparatus and database, it is characterized in that: public safety is unified communication network by forming as the lower part: one is used for common signal channel and based on the signaling network (101) of secure private network, one in order to transmission sound, the data network (102) of image and data, at least two whiles and signaling network (101) and data network (the 102 IP video frequency terminal apparatus (103) that are connected and a database (104) that links to each other with signaling network (101), operation has login module and data module in IP video frequency terminal apparatus (103), and being included in alternately between IP video frequency terminal apparatus (103) and the signaling network set up the method for escape way and set up the method for secure communication by using public-key between calling party and called party between user terminal (103) and the signaling network (101).
2. IP video frequency terminal apparatus as claimed in claim 1 and signaling network carry out mutual method, it is characterized in that: its mentioned signaling network (101) and data network (102) are networks independently mutually physically.
3. IP video frequency terminal apparatus as claimed in claim 1 and signaling network carry out mutual method, it is characterized in that: the method for setting up escape way between user terminal (103) and signaling network (101) comprises the steps:
(a) user terminal (103) login module that brings into operation;
(b) log-on message that will encrypt of user terminal (103) sends signaling network (101) to the form of IP packet;
(c) signaling network (101) with in this encrypted login information and the signaling network (101) in advance canned data make comparisons and handle;
(d) user's identity, authority, messaging parameter and servicing rights etc. are established in the information that prestores in digital signature in the log-on message and signaling network database (104) of signaling network (101) back of making comparisons;
(e) set up escape way between signaling network (101) and the user terminal (103).
4. the method for setting up escape way between user terminal and signaling network as claimed in claim 3 is characterized in that: be based on PKI that signaling network (101) provides and the shared key in the enciphered message of transmission between user terminal (103) and the signaling network (101).
5. the method for setting up escape way between user terminal and signaling network as claimed in claim 3 is characterized in that: the mentioned shared key of claim 4 is to be produced or produced separately by signaling network (101) through consulting by user terminal (103) and signaling network (101).
6. the method for setting up escape way between user terminal and signaling network as claimed in claim 3 is characterized in that: information transmitted is all used a unique safe key between each user terminal (103) and signaling network (101).
7. IP video frequency terminal apparatus as claimed in claim 1 and signaling network carry out mutual method, it is characterized in that: the method for setting up secure communication between calling party and called party by using public-key comprises the steps:
(a) calling party and called party establish the identity of oneself by signaling network (101) based on the information that prestores in the signaling network database (104);
(b) calling party and called party exchange PKI mutually by the digital signature of using signaling network (101);
(c) all each generates a part of sharing key to calling both sides;
(d) calling both sides all uses the other side's PKI to give the shared secret key encryption of the own part that generates and (thereby 101 send it to the other side and generate a complete shared key via signaling network;
(e) calling both sides all uses this shared key to give sound, image and data encryption and (101 send it to the other side via signaling network;
(f) calling both sides is all used sound, image and the data decryption that this cipher key shared sends to the other side.
8. the method for between calling party and called party, setting up secure communication as claimed in claim 7 by using public-key, it is characterized in that: its mentioned shared key is that a communication process generates once, and each new conversation can generate a new shared key.
9. IP video frequency terminal apparatus as claimed in claim 1 and signaling network carry out mutual method, it is characterized in that: it also can comprise and a kind ofly (method of messaging parameter is set between 101 threes, comprises the steps: at calling party, called party and signaling network
(a) calling party and called party establish the identity of oneself by signaling network (101) and based on the information that prestores in the signaling network database (104);
(b) call direction signaling network (101) transmits a pick list;
(c) signaling network (101) is checked parameter that the called party registers and is accepted the ability of service from network on network, generates the messaging parameter that the new network of a cover can provide then and sends it to the called party;
(d) called party does a last decision and this decision is sent to calling party via signaling network (101) these parameters;
(e) if calling party is agreed this decision, signaling network (101) then distributes corresponding resource.
10. the method that messaging parameter is set by the messaging parameter pick list that includes the priority setting between calling party, called party and signaling network three as claimed in claim 9 is characterized in that: include COS, bandwidth and priority etc. in the mentioned pick list in the step (b).
11. IP video frequency terminal apparatus as claimed in claim 1 and signaling network carry out mutual method, it is characterized in that: in the communication process, when certain side only needs to have only audio stream, and do not need video flowing or having only audio stream need increase video flowing, can adjust.
12. IP video frequency terminal apparatus as claimed in claim 1 and signaling network carry out mutual method, it is characterized in that: in talking state, as breaking down being connected between video terminal (103) and signaling network (101), video terminal (103) will keep conversation unimpeded, reconnect signaling network (101) simultaneously automatically.
13. IP video frequency terminal apparatus as claimed in claim 1 and signaling network carry out mutual method, it is characterized in that: if video terminal (103) is not in the talking state, when it is connected with signaling network (101) when breaking down, video terminal (103) will reconnect signaling network (101) automatically.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021374309A CN100521643C (en) | 2002-10-15 | 2002-10-15 | Interaction of IP video frequency terminal apparatus and signalling network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021374309A CN100521643C (en) | 2002-10-15 | 2002-10-15 | Interaction of IP video frequency terminal apparatus and signalling network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1491002A true CN1491002A (en) | 2004-04-21 |
| CN100521643C CN100521643C (en) | 2009-07-29 |
Family
ID=34147016
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021374309A Expired - Lifetime CN100521643C (en) | 2002-10-15 | 2002-10-15 | Interaction of IP video frequency terminal apparatus and signalling network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100521643C (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007124671A1 (en) * | 2006-04-30 | 2007-11-08 | Huawei Technologies Co., Ltd. | A method, device and system of negotiating the encrypting algorithm between the user equipment and the network |
| CN1889706B (en) * | 2005-09-28 | 2010-05-12 | 华为技术有限公司 | Method for raising interoffice transfer content security in soft exchange |
| CN105372674A (en) * | 2008-03-07 | 2016-03-02 | 沈玮仑 | Device and method for communicating with GPS device |
-
2002
- 2002-10-15 CN CNB021374309A patent/CN100521643C/en not_active Expired - Lifetime
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889706B (en) * | 2005-09-28 | 2010-05-12 | 华为技术有限公司 | Method for raising interoffice transfer content security in soft exchange |
| WO2007124671A1 (en) * | 2006-04-30 | 2007-11-08 | Huawei Technologies Co., Ltd. | A method, device and system of negotiating the encrypting algorithm between the user equipment and the network |
| CN101064921B (en) * | 2006-04-30 | 2011-12-21 | 华为技术有限公司 | Method for realizing encrypted negotiation for user equipment and network side |
| CN105372674A (en) * | 2008-03-07 | 2016-03-02 | 沈玮仑 | Device and method for communicating with GPS device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100521643C (en) | 2009-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8290871B1 (en) | Systems and methods for a secure recording environment | |
| KR101013427B1 (en) | End-to-End Protection of Media Stream Encryption Keys for Voice-Over-IP Systems | |
| US7848524B2 (en) | Systems and methods for a secure recording environment | |
| EP1161806B1 (en) | Key management for telephone calls to protect signaling and call packets between cta's | |
| US7853800B2 (en) | Systems and methods for a secure recording environment | |
| EP1471708A2 (en) | System and method for establishing secondary channels | |
| EP1374533B1 (en) | Facilitating legal interception of ip connections | |
| EP1145521A2 (en) | SYSTEM AND METHOD FOR ENABLING SECURE CONNECTIONS FOR H.323 VoIP CALLS | |
| US7266682B2 (en) | Method and system for transmitting data from a transmitter to a receiver and transmitter and receiver therefor | |
| WO2011111842A1 (en) | Confidential communication method using vpn, a system and program for the same, and memory media for program therefor | |
| CN102202299A (en) | Realization method of end-to-end voice encryption system based on 3G/B3G | |
| US20240106981A1 (en) | Hiding private user data in public signature chains for user authentication in video conferences | |
| CN112929339A (en) | Message transmitting method for protecting privacy | |
| CN103546442B (en) | The communication monitoring method and device of browser | |
| CN100521643C (en) | Interaction of IP video frequency terminal apparatus and signalling network | |
| KR101210938B1 (en) | Encrypted Communication Method and Encrypted Communication System Using the Same | |
| CN112865975B (en) | Message security interaction method and system and signaling security gateway device | |
| CN100463438C (en) | IP video terminal device for public security uniform communication network | |
| WO2012106528A2 (en) | A method of providing lawful interception of data in a secure communication system | |
| US20230292113A1 (en) | Method for managing encryption by a transmitting entity in a 3gpp mcs network | |
| CA2563960C (en) | Systems and methods for a secure recording environment | |
| CN117254906A (en) | Public key encryption method supporting bidirectional access control and capable of being obligated | |
| Liu et al. | Security considerations on pervasive real-time collaboration | |
| Sailer et al. | Integrating authentication into existing protocols | |
| Dandekar | Facsimile intrusion systems over IP networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C52 | Restoration of the patent application or patent right (restoration of the patent application) | ||
| RA01 | Restoration of patent right |
Former decision: The invention shall be deemed to be withdrawn after the publication of the application for patent |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20090729 |