[go: up one dir, main page]

WO2016070685A1 - Method and system for implementing sip session transmission - Google Patents

Method and system for implementing sip session transmission Download PDF

Info

Publication number
WO2016070685A1
WO2016070685A1 PCT/CN2015/090010 CN2015090010W WO2016070685A1 WO 2016070685 A1 WO2016070685 A1 WO 2016070685A1 CN 2015090010 W CN2015090010 W CN 2015090010W WO 2016070685 A1 WO2016070685 A1 WO 2016070685A1
Authority
WO
WIPO (PCT)
Prior art keywords
sip
client
server
certificate
tls connection
Prior art date
Application number
PCT/CN2015/090010
Other languages
French (fr)
Chinese (zh)
Inventor
张强
杨扬
肖绮丽
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016070685A1 publication Critical patent/WO2016070685A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the embodiments of the present invention relate to a remote communication technology, and in particular, to a method and system for implementing SIP session transmission.
  • FIG. 1 shows the implementation of the Secure Sockets Layer protocol (SSL) between the server and the client in the related art.
  • SSL Secure Sockets Layer
  • Step 100 The handshake message sent by the client is a client hello message, which carries the encryption parameter recommended by the client, such as an encryption algorithm that the client is ready to use, and carries a key generation process. A random value used in .
  • Step 101 to Step 103 The server replies to the client with a server hello message that selects an encryption and compression algorithm, and carries a random value generated by the server.
  • the server sends a certificate message to the client, where the server sends a certificate (Certificate) message to the client.
  • the RSA encryption algorithm is an asymmetric encryption algorithm.
  • RSA is widely used in public key encryption standards and electronic commerce.
  • the RSA was proposed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.
  • Steps 104 to 106 The client sends a client key exchange (Client_Key_Exchange) message to the server, where the message carries a randomly generated key encrypted by the server's RSA key. Next, all messages sent to instruct the client to send after this will be sent A modified Key Description (Change_Cipher_Spec) message that is encrypted using the above agreed key. Finally, the client sends a Finished message to the server carrying a check for the entire connection process. In this way, the server can determine whether the encryption algorithm to be used is securely agreed.
  • Client_Key_Exchange Client Key exchange
  • Steps 107 to 108 Once the server receives the Finished message from the client, the server sends its own Change_Cipher_Spec message and Finished message. At this point, the connection between the client and the server is ready for the transfer of application data.
  • Steps 109 to 110 The client and the server send the application data by using the negotiated key to implement the SIP session.
  • the client first sends a close_notify alter message to the server to indicate that the connection is about to close.
  • each terminal and multipoint control unit may be both a server and a client at the same time.
  • MCU multipoint control unit
  • the MCU plays The client role
  • the MCU plays the server role.
  • the MCU needs to import two certificates, one client certificate and one server certificate respectively, which is quite complicated.
  • a certificate is required, and when the MCU is used as the calling/called terminal, the MCU and the terminal apply for a different certificate; when the MCU is used as the calling terminal, the MCU needs to apply for a client certificate, corresponding to The terminal needs to apply for a server certificate.
  • the MCU needs to apply for a server certificate
  • the terminal needs to apply for a client certificate.
  • certificate generation and import verification operations are cumbersome, and the server certificate is more complicated than the client's certificate. And it takes a lot of cumbersome to manage so many certificates for a device.
  • Embodiments of the present invention provide a method and system for implementing SIP session transmission, which can simplify certificate generation and verification operations, and ensure SIP encrypted transmission.
  • an embodiment of the present invention provides an initial session protocol SIP.
  • the method of session transmission importing the server certificate in the SIP server, and importing the client certificate in the SIP client;
  • the SIP client encrypts and transmits the SIP session through the SIP server through the established TLS connection and the exchanged key.
  • the method before the performing the SIP session encryption transmission, the method further includes:
  • the SIP client implements registration on the SIP server, and establishes a secure transport layer protocol TLS connection between the SIP client and the SIP server.
  • the SIP client includes an MCU and a terminal
  • the SIP server is configured to forward the encrypted SIP information between the SIP clients.
  • the SIP client includes a first SIP client and a second SIP client; and the performing SIP session encrypted transmission includes:
  • the first SIP client encrypts the invitation INVITE signaling by the first TLS connection between itself and the SIP server, and sends the INVITE signaling to the SIP server; the SIP server forwards the received encrypted INVITE message. And decrypting the encrypted signaling by using a second TLS connection between the second SIP client and the SIP server, and sending the encrypted signaling to the second SIP client;
  • the second SIP client sends the response 100Trying signaling, the ringing 180 Ringing signaling, and the 200 OK signaling to the SIP server by using the second TLS connection; the SIP server forwards the received encrypted letter. And decrypted by the first TLS connection and sent to the first SIP client respectively;
  • the first SIP client encrypts and sends the response ACK signaling to the SIP server by using the first TLS connection; the SIP server forwards the encrypted INVITE signaling, and decrypts the second TLS connection and sends the packet The second SIP client.
  • the method further includes: releasing, by the logout process, the first TLS connection between the first SIP client and the SIP server, and releasing the second SIP client and the SIP server Said second TLS connection.
  • the invention also discloses a system for implementing SIP session transmission, which comprises at least a SIP client and a SIP server; wherein
  • a client certificate is imported into the SIP client, and is set to perform key exchange with the SIP server, and the SIP session is encrypted and transmitted through the SIP server through the established TLS connection and the exchanged key;
  • a server certificate is imported into the SIP server, and is set to perform key exchange with the SIP client to forward encrypted SIP information exchanged between SIP clients.
  • the SIP client is further configured to implement registration on the SIP server, and establish a secure transport layer protocol TLS connection between the SIP client and the SIP server.
  • the SIP client includes an MCU, and a terminal.
  • the embodiment of the invention further provides a computer readable storage medium storing computer executable instructions for performing any of the above methods.
  • the technical solution of the present application includes importing a server certificate in a SIP server, importing a client certificate in a SIP client, and performing key exchange between the SIP client and the SIP server;
  • the SIP session encrypted transmission is performed via the SIP server through the established TLS connection and the exchanged key.
  • the SIP server that is determined as the server (that is, only as the server) and the SIP client that is determined to be the client (that is, only the client) are implemented.
  • the static pre-importing certificate simplifies the process of certificate verification, improves work efficiency, facilitates certificate generation, and solves the cumbersome problem of existing import certificates. That is to say, the technical solution provided by the present invention not only simplifies the certificate generation and verification operations, but also ensures the SIP encrypted transmission.
  • FIG. 1 is a schematic flowchart of implementing an SSL handshake interaction between a server and a client in the related art
  • FIG. 2 is a flowchart of a method for implementing SIP session transmission according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a specific embodiment of implementing SIP session processing according to the present invention.
  • FIG. 4 is a schematic structural diagram of a system for implementing SIP session transmission according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for implementing SIP session transmission according to an embodiment of the present invention. As shown in FIG. 2, the method includes the following steps:
  • Step 200 Import the server certificate in the SIP server, and import the client certificate in the SIP client.
  • the specific implementation of this step belongs to the technical means of the person skilled in the art. How to import the certificate itself is not used to limit the scope of protection of the present invention, and details are not described herein again.
  • the SIP client includes the MCU and the terminal; the SIP server (SIPSERVER) serves as the server in the embodiment of the present invention, and the SIP information exchange between the SIP clients after the imported certificate is verified. , will be forwarded by the SIPSERVER in the embodiment of the present invention.
  • SIPSERVER SIP server
  • This step emphasizes that only the server certificate is imported in the SIP server; only the client certificate is imported in the SIP client.
  • the static pre-import certificate is implemented. It also simplifies the process of certificate verification, improves work efficiency, facilitates the generation of certificates, and solves the cumbersome problem of existing import certificates.
  • Step 201 Perform a key exchange between the SIP client and the SIP server.
  • the MCU or the terminal and the SIP server perform the interaction of the key according to the flow shown in FIG. 1 to determine the key used in the subsequent SIP session.
  • Step 202 The SIP client encrypts and transmits the SIP session through the SIP server through the established TLS connection and the exchanged key.
  • This step also includes: SIP client implementation registration on the SIP server, how to register a well-known technology belongs to those skilled in the art, and is not intended to limit the scope of the present invention, here No longer. It is emphasized here that both the MCU and the terminal acting as SIP clients are registered on the SIP server as the server. Through the registration process, a first secure transport layer protocol (TLS) connection is established between the MCU and the SIP server, and a second TLS connection is established between the terminal and the SIP server.
  • TLS secure transport layer protocol
  • the SIP resource is released, and the established TLS connection and the like are deleted.
  • the SIP server acts as a server in the SIP encrypted transmission process, and forwards the encrypted user data between the MCU and the terminal.
  • the SIP server that is determined as the server (that is, only as the server) and the SIP client that is determined to be the client (that is, only the client) are both
  • the static pre-import certificate is realized, the certificate verification process is simplified, the work efficiency is improved, the certificate generation is facilitated, and the problem of the existing import certificate is solved. That is to say, the technical solution provided by the embodiment of the present invention not only simplifies the certificate generation and verification operations, but also ensures the SIP encrypted transmission.
  • FIG. 3 is a schematic flowchart of a specific embodiment of implementing SIP session processing according to the present invention. As shown in FIG. 3, in this embodiment, it is assumed that a server certificate has been imported in the SIPSERVER, and a client certificate has been imported in both the MCU and the terminal. And assume that the MCU and the terminal both complete the key interaction with the SIPSERVER; the following steps are included:
  • Step 300 Establish a TLS connection 1 between the MCU and the SIPSERVER through a registration process; establish a TLS connection 2 between the terminal and the SIPSERVER through a registration process.
  • Step 301 The MCU encrypts and sends the INVITE signaling to the SIP SERVER through the TLS connection.
  • the SIPSERVER forwards the received encrypted INVITE signaling, and decrypts the encrypted signaling through the TLS connection 2 and sends the encrypted signaling to the terminal. .
  • Step 302 The terminal encrypts and sends the response 100 Trying signaling to the SIP SERVER through the TLS connection 2; the SIP SERVER forwards the received encrypted 100 Trying signaling, and decrypts it through the TLS connection 1 and sends it to the MCU.
  • Step 303 The terminal encrypts and sends the ringing (180 Ringing) signaling to the SIP SERVER through the TLS connection 2; the SIP SERVER forwards the received encrypted 180 Ringing signaling, and passes the The TLS connection 1 is decrypted and sent to the MCU.
  • ringing 180 Ringing
  • Step 304 The terminal encrypts and sends the 200 OK signaling to the SIP SERVER through the TLS connection 2; the SIP SERVER forwards the received encrypted 200 OK signaling, decrypts it through the TLS connection 1, and sends it to the MCU.
  • Step 305 The MCU encrypts and sends the response (ACK) signaling to the SIP SERVER through the TLS connection 1; the SIP SERVER forwards the encrypted INVITE signaling, and decrypts the TLS connection 2 and sends it to the terminal.
  • ACK response
  • the SIP SERVER forwards the encrypted INVITE signaling, and decrypts the TLS connection 2 and sends it to the terminal.
  • TLS connection 1 is released between the MCU and the SIPSERVER through the logout process, and the TLS connection 2 is released between the terminal and the SIPSERVER.
  • FIG. 4 is a schematic structural diagram of a system for implementing a SIP session transmission according to the present invention. As shown in FIG. 4, the method includes at least a SIP client and a SIP server.
  • a client certificate is imported into the SIP client, and is set to perform key exchange with the SIP server, and the SIP session is encrypted and transmitted through the SIP server through the established TLS connection and the exchanged key;
  • a server certificate is imported into the SIP server, and is set to perform key exchange with the SIP client to forward encrypted SIP information exchanged between SIP clients.
  • the SIP client is further configured to implement registration on the SIP server, and establish a secure transport layer protocol TLS connection between the SIP client and the SIP server.
  • the SIP client of the present invention includes an MCU, and a terminal.
  • the method and system for implementing SIP session transmission include: importing a server certificate in a SIP server, importing a client certificate in a SIP client; and performing key exchange between the SIP client and the SIP server; The SIP client encrypts and transmits the SIP session through the SIP server through the established TLS connection and the exchanged key.
  • the SIP server that is determined as the server (that is, only as the server) and the SIP client that is determined to be the client (that is, only as the client) implement both static pre-importing certificates and simplify
  • the process of certificate verification improves work efficiency, facilitates the generation of certificates, and solves the cumbersome problem of existing import certificates. That is to say, the technical solution provided by the embodiment of the present invention not only simplifies the certificate generation and verification operations, but also ensures the SIP encrypted transmission.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method and system for implementing SIP session transmission. The method comprises: importing a server certificate in a SIP server, and importing a client certificate in a SIP client; implementing key exchange between the SIP client and the SIP server; and implementing encrypted transmission of a SIP session between the SIP clients through the SIP server and by using an established TLS connection and exchanged keys. In the method for implementing a SIP session of the present invention, by means of a SIP server determined to be used as a server (that is, the SIP server can only be used as a server) and a SIP client determined to be used as a client (that is, the SIP client can only be used as a client), static certificate pre-importing can be realized, the certificate verification process is simplified, the working efficiency is improved, the certificate generation is facilitated, and the problem of complexity in the existing certificate importing is solved. That is, the technical solution provided by the present invention simplifies the certificate generation and verification operation and ensures the SIP encrypted transmission.

Description

一种实现SIP会话传输的方法及系统Method and system for realizing SIP session transmission 技术领域Technical field

本发明实施例涉及远程通讯技术,尤指一种实现SIP会话传输的方法及系统。The embodiments of the present invention relate to a remote communication technology, and in particular, to a method and system for implementing SIP session transmission.

背景技术Background technique

针对技术机密的重要性,越来越多的企业希望远程通讯时能加密传输,使用对数据加密的需求也是越来越大。In view of the importance of technology secrets, more and more enterprises hope to encrypt and transmit when communicating remotely, and the demand for data encryption is increasing.

会议电视走向运营之后,初始会话协议(SIP)的应用也越来越广,SIP的加密传输必然会成为重要的关注点。相关的SIP加密传输都是通过客户端和服务端的证书和密钥来实现的,大致处理流程如图1所示,图1为相关技术中服务端与客户端之间实现安全套接层协议(SSL,Secure Sockets Layer)握手交互的流程示意图,包括:After the conference TV goes into operation, the application of the initial session protocol (SIP) is also becoming wider and wider, and the encrypted transmission of SIP will inevitably become an important concern. The related SIP encryption transmission is implemented by the certificate and key of the client and the server. The general processing flow is shown in Figure 1. Figure 1 shows the implementation of the Secure Sockets Layer protocol (SSL) between the server and the client in the related art. , Secure Sockets Layer) Schematic diagram of the handshake interaction process, including:

步骤100:客户端发送的握手消息为客户端问候(Client Hello)消息,其中携带有客户端所推荐的加密参数,比如客户端准备使用的加密算法,此外,还携带有一个在密钥产生过程中使用的随机值。Step 100: The handshake message sent by the client is a client hello message, which carries the encryption parameter recommended by the client, such as an encryption algorithm that the client is ready to use, and carries a key generation process. A random value used in .

步骤101~步骤103:服务端向客户端回复选择加密与压缩算法的服务器问候(Server Hello)消息,其中携带有一个服务端产生的随机值;服务端向客户端发送证书(Certificate)消息,其中携带有服务端的公用密钥,比如RSA密钥;服务端向客户端发送表示握手阶段不再有任何消息的服务器问候结束(Server Hello Done)消息。Step 101 to Step 103: The server replies to the client with a server hello message that selects an encryption and compression algorithm, and carries a random value generated by the server. The server sends a certificate message to the client, where the server sends a certificate (Certificate) message to the client. Carrying a public key of the server, such as an RSA key; the server sends a server Hello Done message to the client indicating that there is no more message in the handshake phase.

其中,RSA加密算法是一种非对称加密算法。在公钥加密标准和电子商业中RSA被广泛使用。RSA是1977年由罗纳德·李维斯特(Ron Rivest)、阿迪·萨莫尔(Adi Shamir)和伦纳德·阿德曼(Leonard Adleman)一起提出的。Among them, the RSA encryption algorithm is an asymmetric encryption algorithm. RSA is widely used in public key encryption standards and electronic commerce. The RSA was proposed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.

步骤104~步骤106:客户端向服务器发送客户端密钥交换(Client_Key_Exchange)消息,其中携带有一个随机产生的用服务端的RSA密钥加密的密钥。接着,发送用于指示客户端在此之后发送的所有消息都将 使用上述商定的密钥进行加密的修改密钥说明(Change_Cipher_Spec)消息。最后客户端向服务器发送完成(Finished)消息,其中携带有对整个连接过程的校验。这样,服务端就能够判断要使用的加密算法是否是安全商定的了。Steps 104 to 106: The client sends a client key exchange (Client_Key_Exchange) message to the server, where the message carries a randomly generated key encrypted by the server's RSA key. Next, all messages sent to instruct the client to send after this will be sent A modified Key Description (Change_Cipher_Spec) message that is encrypted using the above agreed key. Finally, the client sends a Finished message to the server carrying a check for the entire connection process. In this way, the server can determine whether the encryption algorithm to be used is securely agreed.

步骤107~步骤108:一旦服务端接收到来自客户端的Finished消息,服务端就会发送自身的Change_Cipher_Spec消息和Finished消息。至此,客户端与服务端之间的连接就准备好进行应用数据的传输了。Steps 107 to 108: Once the server receives the Finished message from the client, the server sends its own Change_Cipher_Spec message and Finished message. At this point, the connection between the client and the server is ready for the transfer of application data.

步骤109~步骤110:客户端和服务端利用协商好的密钥发送应用数据,以实现SIP会话。Steps 109 to 110: The client and the server send the application data by using the negotiated key to implement the SIP session.

如果客户端关闭连接,客户端会先向服务端发送关闭通知(close_notify alter)消息来表示连接即将关闭。If the client closes the connection, the client first sends a close_notify alter message to the server to indicate that the connection is about to close.

在相关技术实现SIP会话加密传输中,每个终端和多点控制单元(MCU)都可能同时既是服务端,又是客户端,比如,对于MCU来讲,当MCU主叫某终端时,MCU扮演客户端角色,而当MCU作为被叫时,MCU扮演服务端角色。也就是说,MCU需要分别导入两个证书,一个客户端证书,一个服务端证书,这样的操作就已相当复杂。对于每次呼叫MCU和终端都需要申请证书,而且MCU作为主叫/被叫终端时,MCU和终端申请的证书还不一样;当MCU作为主叫终端时,MCU需要申请客户端证书,相对应的终端需要申请服务端证书;当MCU作为被叫时,即终端主叫MCU时,MCU需要申请服务端证书,终端则需要申请客户端证书。In the related art implementation of SIP session encryption transmission, each terminal and multipoint control unit (MCU) may be both a server and a client at the same time. For example, for an MCU, when the MCU calls a terminal, the MCU plays The client role, and when the MCU is called, the MCU plays the server role. In other words, the MCU needs to import two certificates, one client certificate and one server certificate respectively, which is quite complicated. For each call to the MCU and the terminal, a certificate is required, and when the MCU is used as the calling/called terminal, the MCU and the terminal apply for a different certificate; when the MCU is used as the calling terminal, the MCU needs to apply for a client certificate, corresponding to The terminal needs to apply for a server certificate. When the MCU is called, that is, the terminal calls the MCU, the MCU needs to apply for a server certificate, and the terminal needs to apply for a client certificate.

此外,证书的生成和导入验证操作都比较麻烦,而服务端证书相对于客户端的证书来说,更复杂。而且对于一个设备需要管理那么多的证书也是一件很繁琐的事情。In addition, certificate generation and import verification operations are cumbersome, and the server certificate is more complicated than the client's certificate. And it takes a lot of cumbersome to manage so many certificates for a device.

发明内容Summary of the invention

以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.

本发明实施例提供一种实现SIP会话传输的方法及系统,能够简化证书生成和验证操作,同时确保SIP加密传输。Embodiments of the present invention provide a method and system for implementing SIP session transmission, which can simplify certificate generation and verification operations, and ensure SIP encrypted transmission.

为了达到本发明目的,本发明实施例提供了一种实现初始会话协议SIP 会话传输的方法,在SIP服务端中导入服务端证书,在SIP客户端中导入客户端证书;还包括:In order to achieve the object of the present invention, an embodiment of the present invention provides an initial session protocol SIP. The method of session transmission, importing the server certificate in the SIP server, and importing the client certificate in the SIP client;

SIP客户端与SIP服务端之间进行密钥交换;Key exchange between the SIP client and the SIP server;

SIP客户端之间通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输。The SIP client encrypts and transmits the SIP session through the SIP server through the established TLS connection and the exchanged key.

可选地,所述进行SIP会话加密传输之前,该方法还包括:Optionally, before the performing the SIP session encryption transmission, the method further includes:

所述SIP客户端实现在SIP服务端上的注册,并在所述SIP客户端与SIP服务端之间建立起安全传输层协议TLS连接。The SIP client implements registration on the SIP server, and establishes a secure transport layer protocol TLS connection between the SIP client and the SIP server.

可选地,所述SIP客户端包括MCU,及终端;所述SIP服务端用于转发所述SIP客户端之间加密后的SIP信息。Optionally, the SIP client includes an MCU and a terminal, and the SIP server is configured to forward the encrypted SIP information between the SIP clients.

可选地,所述SIP客户端包括第一SIP客户端和第二SIP客户端;所述进行SIP会话加密传输包括:Optionally, the SIP client includes a first SIP client and a second SIP client; and the performing SIP session encrypted transmission includes:

第一SIP客户端通过自身与所述SIP服务端之间的第一TLS连接对邀请INVITE信令进行加密并发送给所述SIP服务端;所述SIP服务端转发收到的加密后的INVITE信令,并通过第二SIP客户端与所述SIP服务端之间的第二TLS连接将加密后的信令解密后发给第二SIP客户端;The first SIP client encrypts the invitation INVITE signaling by the first TLS connection between itself and the SIP server, and sends the INVITE signaling to the SIP server; the SIP server forwards the received encrypted INVITE message. And decrypting the encrypted signaling by using a second TLS connection between the second SIP client and the SIP server, and sending the encrypted signaling to the second SIP client;

第二SIP客户端通过第二TLS连接先后对应答100Trying信令、响铃180Ringing信令、200OK信令加密后分别发送给所述SIP服务端;所述SIP服务端转发收到的加密后的信令并通过第一TLS连接进行解密后分别发给第一SIP客户端;The second SIP client sends the response 100Trying signaling, the ringing 180 Ringing signaling, and the 200 OK signaling to the SIP server by using the second TLS connection; the SIP server forwards the received encrypted letter. And decrypted by the first TLS connection and sent to the first SIP client respectively;

第一SIP客户端通过第一TLS连接对响应ACK信令进行加密并发送给所述SIP服务端;所述SIP服务端转发该加密后的INVITE信令,并通过第二TLS连接解密后发给第二SIP客户端。The first SIP client encrypts and sends the response ACK signaling to the SIP server by using the first TLS connection; the SIP server forwards the encrypted INVITE signaling, and decrypts the second TLS connection and sends the packet The second SIP client.

可选地,该方法还包括:所述第一SIP客户端与所述SIP服务端之间通过注销过程释放所述第一TLS连接,所述第二SIP客户端与SIP服务端之间释放所述第二TLS连接。Optionally, the method further includes: releasing, by the logout process, the first TLS connection between the first SIP client and the SIP server, and releasing the second SIP client and the SIP server Said second TLS connection.

本发明还公开了一种实现SIP会话传输的系统,至少包括SIP客户端和SIP服务端;其中, The invention also discloses a system for implementing SIP session transmission, which comprises at least a SIP client and a SIP server; wherein

SIP客户端中导入有客户端证书,设置为与SIP服务端之间进行密钥交换,通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输;A client certificate is imported into the SIP client, and is set to perform key exchange with the SIP server, and the SIP session is encrypted and transmitted through the SIP server through the established TLS connection and the exchanged key;

SIP服务端中导入有服务端证书,设置为与SIP客户端之间进行密钥交换,转发SIP客户端之间交互的加密SIP信息。A server certificate is imported into the SIP server, and is set to perform key exchange with the SIP client to forward encrypted SIP information exchanged between SIP clients.

可选地,所述SIP客户端,还设置为实现在所述SIP服务端上的注册,并在所述SIP客户端与SIP服务端之间建立起安全传输层协议TLS连接。Optionally, the SIP client is further configured to implement registration on the SIP server, and establish a secure transport layer protocol TLS connection between the SIP client and the SIP server.

可选地,所述SIP客户端包括MCU,及终端。Optionally, the SIP client includes an MCU, and a terminal.

本发明实施例还提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述任一方法。The embodiment of the invention further provides a computer readable storage medium storing computer executable instructions for performing any of the above methods.

与相关技术相比,本申请技术方案包括在SIP服务端中导入服务端证书,在SIP客户端中导入客户端证书;SIP客户端与SIP服务端之间进行密钥交换;SIP客户端之间通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输。本发明实施例提供的技术方案中,由于确定的作为服务端(即只能作为服务端)的SIP服务端,和确定的作为客户端(即只能作为客户端)的SIP客户端,既实现了静态的预先导入证书,又简化了证书验证的流程,提高了工作效率,方便了证书的生成,解决了现有导入证书繁琐的问题。也就是说,本发明提供的技术方案既简化了证书生成和验证操作,同时又确保了SIP加密传输。Compared with the related art, the technical solution of the present application includes importing a server certificate in a SIP server, importing a client certificate in a SIP client, and performing key exchange between the SIP client and the SIP server; The SIP session encrypted transmission is performed via the SIP server through the established TLS connection and the exchanged key. In the technical solution provided by the embodiment of the present invention, the SIP server that is determined as the server (that is, only as the server) and the SIP client that is determined to be the client (that is, only the client) are implemented. The static pre-importing certificate simplifies the process of certificate verification, improves work efficiency, facilitates certificate generation, and solves the cumbersome problem of existing import certificates. That is to say, the technical solution provided by the present invention not only simplifies the certificate generation and verification operations, but also ensures the SIP encrypted transmission.

在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.

附图概述BRIEF abstract

下面对本发明实施例中的附图进行说明,实施例中的附图是用于对本发明的进一步理解,与说明书一起用于解释本发明,并不构成对本发明保护范围的限制。The drawings in the following description of the embodiments of the present invention are intended to illustrate the invention, and are not intended to limit the scope of the invention.

图1为相关技术中服务端与客户端之间实现SSL握手交互的流程示意图;FIG. 1 is a schematic flowchart of implementing an SSL handshake interaction between a server and a client in the related art;

图2为本发明实施例实现SIP会话传输的方法的流程图;2 is a flowchart of a method for implementing SIP session transmission according to an embodiment of the present invention;

图3为本发明实现SIP会话处理的具体实施例的流程示意图; 3 is a schematic flowchart of a specific embodiment of implementing SIP session processing according to the present invention;

图4为本发明实施例实现SIP会话传输的系统的组成结构示意图。FIG. 4 is a schematic structural diagram of a system for implementing SIP session transmission according to an embodiment of the present invention.

本发明的较佳实施方式Preferred embodiment of the invention

为使本发明的目的、技术方案和优点更加清楚明白,下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。The embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.

图2为本发明实施例实现SIP会话传输的方法的流程图,如图2所示,包括以下步骤:2 is a flowchart of a method for implementing SIP session transmission according to an embodiment of the present invention. As shown in FIG. 2, the method includes the following steps:

步骤200:在SIP服务端中导入服务端证书,在SIP客户端中导入客户端证书。本步骤的具体实现属于本领域技术人员的惯用技术手段,具体如何导入证书本身并不用于限定本发明的保护范围,这里不再赘述。Step 200: Import the server certificate in the SIP server, and import the client certificate in the SIP client. The specific implementation of this step belongs to the technical means of the person skilled in the art. How to import the certificate itself is not used to limit the scope of protection of the present invention, and details are not described herein again.

本发明实施例中,SIP客户端包括MCU,及终端;SIP服务端(SIPSERVER)是在本发明实施例中就充当服务端,在导入的证书验证通过后,SIP客户端之间的SIP信息交互,都将由本发明实施例中的SIPSERVER进行转发。In the embodiment of the present invention, the SIP client includes the MCU and the terminal; the SIP server (SIPSERVER) serves as the server in the embodiment of the present invention, and the SIP information exchange between the SIP clients after the imported certificate is verified. , will be forwarded by the SIPSERVER in the embodiment of the present invention.

本步骤强调的是,在SIP服务端中仅仅导入服务端证书;在SIP客户端中仅仅导入客户端证书。This step emphasizes that only the server certificate is imported in the SIP server; only the client certificate is imported in the SIP client.

通过本步骤中确定的作为服务端(即只能作为服务端)的SIP服务端,和确定的作为客户端(即只能作为客户端)的SIP客户端,既实现了静态的预先导入证书,又简化了证书验证的流程,提高了工作效率,方便了证书的生成,解决了现有导入证书繁琐的问题。Through the SIP server determined as the server (that is, only as the server) determined in this step, and the SIP client determined as the client (that is, only as the client), the static pre-import certificate is implemented. It also simplifies the process of certificate verification, improves work efficiency, facilitates the generation of certificates, and solves the cumbersome problem of existing import certificates.

步骤201:SIP客户端与SIP服务端之间进行密钥交换。Step 201: Perform a key exchange between the SIP client and the SIP server.

本步骤中,MCU或终端与SIP服务端之间,均按照图1所示的流程及逆行那个密钥的交互,以确定后续SIP会话中采用的密钥。In this step, the MCU or the terminal and the SIP server perform the interaction of the key according to the flow shown in FIG. 1 to determine the key used in the subsequent SIP session.

步骤202:SIP客户端之间通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输。Step 202: The SIP client encrypts and transmits the SIP session through the SIP server through the established TLS connection and the exchanged key.

本步骤之前还包括:SIP客户端实现在SIP服务端上的注册,具体如何注册属于本领域技术人员的公知技术,并不用于限定本发明的保护范围,这里 不再赘述。这里强调的是,作为SIP客户端的MCU和终端均会在作为服务端的SIP服务端上进行注册。通过注册过程,会在MCU与SIP服务端之间建立起第一安全传输层协议(TLS)连接,在终端与SIP服务端之间建立起第二TLS连接。This step also includes: SIP client implementation registration on the SIP server, how to register a well-known technology belongs to those skilled in the art, and is not intended to limit the scope of the present invention, here No longer. It is emphasized here that both the MCU and the terminal acting as SIP clients are registered on the SIP server as the server. Through the registration process, a first secure transport layer protocol (TLS) connection is established between the MCU and the SIP server, and a second TLS connection is established between the terminal and the SIP server.

进一步地,在注销过程中,会释放SIP资源,删除上述建立起的TLS连接等。Further, during the logout process, the SIP resource is released, and the established TLS connection and the like are deleted.

本步骤中,SIP服务端在SIP加密传输过程中,就是充当服务端的角色,转发MCU与终端之间的经过加密后的用户数据。In this step, the SIP server acts as a server in the SIP encrypted transmission process, and forwards the encrypted user data between the MCU and the terminal.

本发明实施例实现SIP会话的方法中,由于确定的作为服务端(即只能作为服务端)的SIP服务端,和确定的作为客户端(即只能作为客户端)的SIP客户端,既实现了静态的预先导入证书,又简化了证书验证的流程,提高了工作效率,方便了证书的生成,解决了现有导入证书繁琐的问题。也就是说,本发明实施例提供的技术方案既简化了证书生成和验证操作,同时又确保了SIP加密传输。In the method for implementing a SIP session in the embodiment of the present invention, the SIP server that is determined as the server (that is, only as the server) and the SIP client that is determined to be the client (that is, only the client) are both The static pre-import certificate is realized, the certificate verification process is simplified, the work efficiency is improved, the certificate generation is facilitated, and the problem of the existing import certificate is solved. That is to say, the technical solution provided by the embodiment of the present invention not only simplifies the certificate generation and verification operations, but also ensures the SIP encrypted transmission.

图3为本发明实现SIP会话处理的具体实施例的流程示意图,如图3所示,本实施例中,假设在SIPSERVER中已导入服务端证书,在MCU和终端中均已导入客户端证书,并且假设MCU和终端均与SIPSERVER之间完成密钥交互;包括以下步骤:3 is a schematic flowchart of a specific embodiment of implementing SIP session processing according to the present invention. As shown in FIG. 3, in this embodiment, it is assumed that a server certificate has been imported in the SIPSERVER, and a client certificate has been imported in both the MCU and the terminal. And assume that the MCU and the terminal both complete the key interaction with the SIPSERVER; the following steps are included:

步骤300:MCU与SIPSERVER之间通过注册过程中建立TLS连接1;终端与SIPSERVER之间通过注册过程建立TLS连接2。Step 300: Establish a TLS connection 1 between the MCU and the SIPSERVER through a registration process; establish a TLS connection 2 between the terminal and the SIPSERVER through a registration process.

步骤301:MCU通过TLS连接1对邀请(INVITE)信令进行加密并发送给SIPSERVER;SIPSERVER转发收到的加密后的INVITE信令,并通过TLS连接2将加密后的信令解密后发给终端。Step 301: The MCU encrypts and sends the INVITE signaling to the SIP SERVER through the TLS connection. The SIPSERVER forwards the received encrypted INVITE signaling, and decrypts the encrypted signaling through the TLS connection 2 and sends the encrypted signaling to the terminal. .

步骤302:终端通过TLS连接2对应答100Trying信令加密并发送给SIPSERVER;SIPSERVER转发收到的加密后的100Trying信令,并通过TLS连接1进行解密后发给MCU。Step 302: The terminal encrypts and sends the response 100 Trying signaling to the SIP SERVER through the TLS connection 2; the SIP SERVER forwards the received encrypted 100 Trying signaling, and decrypts it through the TLS connection 1 and sends it to the MCU.

步骤303:终端通过TLS连接2对响铃(180Ringing)信令加密并发送给SIPSERVER;SIPSERVER转发收到的加密后的180Ringing信令,并通过 TLS连接1进行解密后发给MCU。Step 303: The terminal encrypts and sends the ringing (180 Ringing) signaling to the SIP SERVER through the TLS connection 2; the SIP SERVER forwards the received encrypted 180 Ringing signaling, and passes the The TLS connection 1 is decrypted and sent to the MCU.

步骤304:终端通过TLS连接2对200OK信令加密并发送给SIPSERVER;SIPSERVER转发收到的加密后的200OK信令,通过TLS连接1进行解密后发送给MCU。Step 304: The terminal encrypts and sends the 200 OK signaling to the SIP SERVER through the TLS connection 2; the SIP SERVER forwards the received encrypted 200 OK signaling, decrypts it through the TLS connection 1, and sends it to the MCU.

步骤305:MCU通过TLS连接1对响应(ACK)信令进行加密并发送给SIPSERVER;SIPSERVER转发该加密后的INVITE信令,并通过TLS连接2解密后发给终端。Step 305: The MCU encrypts and sends the response (ACK) signaling to the SIP SERVER through the TLS connection 1; the SIP SERVER forwards the encrypted INVITE signaling, and decrypts the TLS connection 2 and sends it to the terminal.

进一步地,MCU与SIPSERVER之间通过注销过程释放TLS连接1,终端与SIPSERVER之间释放TLS连接2。Further, the TLS connection 1 is released between the MCU and the SIPSERVER through the logout process, and the TLS connection 2 is released between the terminal and the SIPSERVER.

图4为本发明实现SIP会话传输的系统的组成结构示意图,如图4所示,至少包括SIP客户端和SIP服务端;其中,4 is a schematic structural diagram of a system for implementing a SIP session transmission according to the present invention. As shown in FIG. 4, the method includes at least a SIP client and a SIP server.

SIP客户端中导入有客户端证书,设置为与SIP服务端之间进行密钥交换,通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输;A client certificate is imported into the SIP client, and is set to perform key exchange with the SIP server, and the SIP session is encrypted and transmitted through the SIP server through the established TLS connection and the exchanged key;

SIP服务端中导入有服务端证书,设置为与SIP客户端之间进行密钥交换,转发SIP客户端之间交互的加密SIP信息。A server certificate is imported into the SIP server, and is set to perform key exchange with the SIP client to forward encrypted SIP information exchanged between SIP clients.

其中,SIP客户端,还设置为实现在SIP服务端上的注册,并在SIP客户端与SIP服务端之间建立起安全传输层协议TLS连接。The SIP client is further configured to implement registration on the SIP server, and establish a secure transport layer protocol TLS connection between the SIP client and the SIP server.

本发明SIP客户端包括MCU,及终端。The SIP client of the present invention includes an MCU, and a terminal.

以上所述,仅为本发明的较佳实例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above is only a preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

工业实用性Industrial applicability

本发明实施例提出的实现SIP会话传输的方法及系统,包括在SIP服务端中导入服务端证书,在SIP客户端中导入客户端证书;SIP客户端与SIP服务端之间进行密钥交换;SIP客户端之间通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输。本发明实施例提供的技术方案中,由 于确定的作为服务端(即只能作为服务端)的SIP服务端,和确定的作为客户端(即只能作为客户端)的SIP客户端,既实现了静态的预先导入证书,又简化了证书验证的流程,提高了工作效率,方便了证书的生成,解决了现有导入证书繁琐的问题。也就是说,本发明实施例提供的技术方案既简化了证书生成和验证操作,同时又确保了SIP加密传输。 The method and system for implementing SIP session transmission according to the embodiment of the present invention include: importing a server certificate in a SIP server, importing a client certificate in a SIP client; and performing key exchange between the SIP client and the SIP server; The SIP client encrypts and transmits the SIP session through the SIP server through the established TLS connection and the exchanged key. In the technical solution provided by the embodiment of the present invention, The SIP server that is determined as the server (that is, only as the server) and the SIP client that is determined to be the client (that is, only as the client) implement both static pre-importing certificates and simplify The process of certificate verification improves work efficiency, facilitates the generation of certificates, and solves the cumbersome problem of existing import certificates. That is to say, the technical solution provided by the embodiment of the present invention not only simplifies the certificate generation and verification operations, but also ensures the SIP encrypted transmission.

Claims (9)

一种实现初始会话协议SIP会话传输的方法,包括:在SIP服务端中导入服务端证书,在SIP客户端中导入客户端证书;A method for implementing an initial session protocol SIP session transmission includes: importing a server certificate in a SIP server, and importing a client certificate in a SIP client; SIP客户端与SIP服务端之间进行密钥交换;Key exchange between the SIP client and the SIP server; SIP客户端之间通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输。The SIP client encrypts and transmits the SIP session through the SIP server through the established TLS connection and the exchanged key. 根据权利要求1所述的方法,所述进行SIP会话加密传输之前,还包括:The method of claim 1, before the performing SIP session encryption transmission, further comprising: 所述SIP客户端实现在SIP服务端上的注册,并在所述SIP客户端与SIP服务端之间建立起安全传输层协议TLS连接。The SIP client implements registration on the SIP server, and establishes a secure transport layer protocol TLS connection between the SIP client and the SIP server. 根据权利要求1或2所述的方法,其中,所述SIP客户端包括多点控制单元MCU,及终端;The method according to claim 1 or 2, wherein the SIP client comprises a multipoint control unit MCU, and a terminal; 所述SIP服务端用于转发所述SIP客户端之间加密后的SIP信息。The SIP server is configured to forward the encrypted SIP information between the SIP clients. 根据权利要求1所述的方法,其中,所述SIP客户端包括第一SIP客户端和第二SIP客户端;所述进行SIP会话加密传输包括:The method of claim 1, wherein the SIP client comprises a first SIP client and a second SIP client; the performing SIP session encrypted transmission comprises: 第一SIP客户端通过自身与所述SIP服务端之间的第一TLS连接对邀请INVITE信令进行加密并发送给所述SIP服务端;所述SIP服务端转发收到的加密后的INVITE信令,并通过第二SIP客户端与所述SIP服务端之间的第二TLS连接将加密后的信令解密后发给第二SIP客户端;The first SIP client encrypts the invitation INVITE signaling by the first TLS connection between itself and the SIP server, and sends the INVITE signaling to the SIP server; the SIP server forwards the received encrypted INVITE message. And decrypting the encrypted signaling by using a second TLS connection between the second SIP client and the SIP server, and sending the encrypted signaling to the second SIP client; 第二SIP客户端通过第二TLS连接先后对应答100Trying信令、响铃180Ringing信令、200OK信令加密后分别发送给所述SIP服务端;所述SIP服务端转发收到的加密后的信令并通过第一TLS连接进行解密后分别发给第一SIP客户端;The second SIP client sends the response 100Trying signaling, the ringing 180 Ringing signaling, and the 200 OK signaling to the SIP server by using the second TLS connection; the SIP server forwards the received encrypted letter. And decrypted by the first TLS connection and sent to the first SIP client respectively; 第一SIP客户端通过第一TLS连接对响应ACK信令进行加密并发送给所述SIP服务端;所述SIP服务端转发该加密后的INVITE信令,并通过第二TLS连接解密后发给第二SIP客户端。The first SIP client encrypts and sends the response ACK signaling to the SIP server by using the first TLS connection; the SIP server forwards the encrypted INVITE signaling, and decrypts the second TLS connection and sends the packet The second SIP client. 根据权利要求4所述的方法,还包括:所述第一SIP客户端与所述 SIP服务端之间通过注销过程释放所述第一TLS连接,所述第二SIP客户端与SIP服务端之间释放所述第二TLS连接。The method of claim 4, further comprising: said first SIP client and said The first TLS connection is released by the SIP server through a logout process, and the second TLS connection is released between the second SIP client and the SIP server. 一种实现SIP会话传输的系统,至少包括SIP客户端和SIP服务端;其中,A system for implementing SIP session transmission, comprising at least a SIP client and a SIP server; wherein SIP客户端中导入有客户端证书,设置为与SIP服务端之间进行密钥交换,通过建立的TLS连接和交换的密钥经由SIP服务端进行SIP会话加密传输;A client certificate is imported into the SIP client, and is set to perform key exchange with the SIP server, and the SIP session is encrypted and transmitted through the SIP server through the established TLS connection and the exchanged key; SIP服务端中导入有服务端证书,设置为与SIP客户端之间进行密钥交换,转发SIP客户端之间交互的加密SIP信息。A server certificate is imported into the SIP server, and is set to perform key exchange with the SIP client to forward encrypted SIP information exchanged between SIP clients. 根据权利要求6所述的系统,其中,所述SIP客户端,还设置为实现在所述SIP服务端上的注册,并在所述SIP客户端与SIP服务端之间建立起安全传输层协议TLS连接。The system of claim 6, wherein the SIP client is further configured to implement registration on the SIP server and establish a secure transport layer protocol between the SIP client and the SIP server. TLS connection. 根据权利要求6或7所述的系统,其中,所述SIP客户端包括MCU,及终端。The system of claim 6 or 7, wherein the SIP client comprises an MCU, and a terminal. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1-5任一项的方法。 A computer readable storage medium storing computer executable instructions for performing the method of any of claims 1-5.
PCT/CN2015/090010 2014-11-07 2015-09-18 Method and system for implementing sip session transmission WO2016070685A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410625783.2 2014-11-07
CN201410625783.2A CN105635078A (en) 2014-11-07 2014-11-07 Method and system of realizing session initiation protocol (SIP) session transmission

Publications (1)

Publication Number Publication Date
WO2016070685A1 true WO2016070685A1 (en) 2016-05-12

Family

ID=55908537

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/090010 WO2016070685A1 (en) 2014-11-07 2015-09-18 Method and system for implementing sip session transmission

Country Status (2)

Country Link
CN (1) CN105635078A (en)
WO (1) WO2016070685A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107612931A (en) * 2017-10-20 2018-01-19 苏州科达科技股份有限公司 Multipoint session method and multipoint session system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112543164B (en) * 2019-09-20 2023-05-09 中国移动通信有限公司研究院 Message authentication method, device and equipment
CN116208484A (en) * 2021-11-30 2023-06-02 维沃移动通信有限公司 Information interaction method and device and communication equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011040847A1 (en) * 2009-10-01 2011-04-07 Telefonaktiebolaget L M Ericsson (Publ) Sending protected data in a communication network
CN102378982A (en) * 2009-03-30 2012-03-14 西科姆株式会社 Monitoring system and communication management device
CN102523217A (en) * 2011-12-16 2012-06-27 淮安信息职业技术学院 Secure communication method based on JAIN SIP (Session Initiation Protocol)
CN103813309A (en) * 2012-11-15 2014-05-21 中兴通讯股份有限公司 SIP (session initiate protocol)-based inter-MIC (Multimedia Telephone Communication) device secure communication method, device and system
CN104113547A (en) * 2014-07-23 2014-10-22 中国科学院信息工程研究所 SIP (session initiation protocol) security protection video monitoring network access control system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113409B (en) * 2014-07-23 2017-09-05 中国科学院信息工程研究所 A key management method and system for a SIP video surveillance networking system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378982A (en) * 2009-03-30 2012-03-14 西科姆株式会社 Monitoring system and communication management device
WO2011040847A1 (en) * 2009-10-01 2011-04-07 Telefonaktiebolaget L M Ericsson (Publ) Sending protected data in a communication network
CN102523217A (en) * 2011-12-16 2012-06-27 淮安信息职业技术学院 Secure communication method based on JAIN SIP (Session Initiation Protocol)
CN103813309A (en) * 2012-11-15 2014-05-21 中兴通讯股份有限公司 SIP (session initiate protocol)-based inter-MIC (Multimedia Telephone Communication) device secure communication method, device and system
CN104113547A (en) * 2014-07-23 2014-10-22 中国科学院信息工程研究所 SIP (session initiation protocol) security protection video monitoring network access control system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107612931A (en) * 2017-10-20 2018-01-19 苏州科达科技股份有限公司 Multipoint session method and multipoint session system
CN107612931B (en) * 2017-10-20 2020-04-28 苏州科达科技股份有限公司 Multipoint conversation method and multipoint conversation system

Also Published As

Publication number Publication date
CN105635078A (en) 2016-06-01

Similar Documents

Publication Publication Date Title
CN104683304B (en) A kind of processing method of secure traffic, equipment and system
CN104486077B (en) A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission
US8644510B2 (en) Discovery of security associations for key management relying on public keys
CN103036872B (en) The encryption and decryption method of transfer of data, equipment and system
US20150281185A1 (en) Cloud Collaboration System With External Cryptographic Key Management
WO2015127789A1 (en) Communication method, apparatus and system based on combined public key cryptosystem
JP6145806B2 (en) Immediate communication method and system
CN106936788B (en) A key distribution method suitable for VOIP voice encryption
CN104219041A (en) Data transmission encryption method applicable for mobile internet
WO2010124482A1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
CN107483505A (en) A method and system for protecting user privacy in video chat
CN101958907A (en) Method, system and device for transmitting key
CN108833943B (en) Code stream encryption negotiation method and device and conference terminal
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN103401872B (en) The method prevented and detect man-in-the-middle attack based on RDP improved protocol
JP5466764B2 (en) Sending protected data over a communication network
WO2017215443A1 (en) Message transmission method, apparatus and system
WO2023231817A1 (en) Data processing method and apparatus, and computer device and storage medium
WO2016070685A1 (en) Method and system for implementing sip session transmission
US10673629B2 (en) Data transmission and reception method and system
CN112217862B (en) A data communication method, device, terminal equipment and storage medium
JP2013513268A5 (en)
KR101210938B1 (en) Encrypted Communication Method and Encrypted Communication System Using the Same
WO2016180180A1 (en) Voice call encryption method and device
US10848471B2 (en) Communication apparatus, communication method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15857552

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15857552

Country of ref document: EP

Kind code of ref document: A1