[go: up one dir, main page]

CN112261057A - Encryption processing system for audio and video call - Google Patents

Encryption processing system for audio and video call Download PDF

Info

Publication number
CN112261057A
CN112261057A CN202011168683.3A CN202011168683A CN112261057A CN 112261057 A CN112261057 A CN 112261057A CN 202011168683 A CN202011168683 A CN 202011168683A CN 112261057 A CN112261057 A CN 112261057A
Authority
CN
China
Prior art keywords
key
communication client
session key
audio
sending
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011168683.3A
Other languages
Chinese (zh)
Inventor
李高峰
彭东
何美晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Tianchen Information Technology Co ltd
Original Assignee
Hunan Tianchen Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Tianchen Information Technology Co ltd filed Critical Hunan Tianchen Information Technology Co ltd
Priority to CN202011168683.3A priority Critical patent/CN112261057A/en
Publication of CN112261057A publication Critical patent/CN112261057A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/14Systems for two-way working
    • H04N7/141Systems for two-way working between two video terminals, e.g. videophone
    • H04N7/147Communication arrangements, e.g. identifying the communication as a video-communication, intermediate storage of the signals

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses an encryption processing system for audio and video calls, which comprises: the system comprises a first communication client, a second communication client and a server deployed on the extranet; the server is used for respectively generating respective session keys for each communication client; sending the public key of the first session key to the second communication client, and sending the public key of the second session key to the first communication client; the session key is valid the next time; the first communication client is a call initiator and is used for encrypting the local audio/video signals by using the public key of the second session key and sending the encrypted local audio/video signals to the second communication client, and decrypting the received audio/video signals of the second communication client by using the private key of the first session key; the second communication client is a call responder; the first communication client side is used for receiving the audio and video signals of the first communication client side and decrypting the audio and video signals by using a private key of a second session key; and encrypting the local audio and video signals by using the public key of the first session key and sending the encrypted local audio and video signals to the first communication client.

Description

Encryption processing system for audio and video call
Technical Field
The invention relates to the technical field of information security and audio and video communication, in particular to an encryption processing system for audio and video calls.
Background
As shown in fig. 1, a conventional audio/video call system generally needs to use a server with an external IP network for forwarding, and uses an insecure video stream for transmission. There are problems in that: due to the fact that the public cloud server is required to transfer, if any one of the public cloud server and the user A or the public cloud server and the user B is unsmooth in network, the audio and video call is not smooth; and because the traditional audio and video conversation is not subjected to information encryption processing, if eavesdropping is carried out in the transmission process, the private data of the user can be influenced. In addition, with a layer of public servers, if an attack is made on a public cloud server, call privacy data of all relevant users, not just user A, b, may be compromised.
An audio/video call protocol commonly used in the prior art is WebRTC (abbreviation of Web Real-Time Communication), and supports a Web browser to perform Real-Time audio/video conversation. Fig. 2 shows a protocol composition schematic of WebRTC. The core technology of the WebRTC comprises the functions of audio and video acquisition, encoding and decoding, network transmission, display and the like, and also supports cross-platform: windows, linux, mac, android.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an encryption processing system for audio and video calls.
The invention provides an encryption processing system for audio and video calls, which comprises: the system comprises a first communication client, a second communication client and a server deployed on the extranet; wherein,
the server is used for generating a first session key for the first communication client and a second session key for the second communication client; sending the public key of the first session key to the second communication client, and sending the public key of the second session key to the first communication client; the first session key and the second session key are both asymmetric keys and are valid the next time;
the first communication client is an initiator of the audio and video call and is used for encrypting the local audio and video signals by using the public key of the second session key, sending the encrypted local audio and video signals to the second communication client and decrypting the received audio and video signals of the second communication client by using the private key of the local first session key;
the second communication client is a responder of audio and video calls; the private key of the second session key is used for decrypting the received audio and video signals of the first communication client; and encrypting the local audio and video signals by using the public key of the first session key, and sending the encrypted local audio and video signals to the first communication client.
As an improvement of the above system, the first communication client includes: the system comprises a registration module, a communication establishing module, an audio and video engine module, an encryption and decryption processing module and a transmission module; wherein,
the registration module is used for registering to the server to obtain a first communication client user number;
the communication establishing module is used for applying for the server and obtaining a public key and a private key of the first session key, sending an audio and video call application with the second communication client to the server, and obtaining the public key of the second session key sent by the server if the second communication client agrees to the call;
the audio and video engine module is used for encoding and packaging the collected local audio and video signals based on a WebRTC protocol, and sending packaged data to the encryption and decryption processing module; the device is also used for decoding and outputting the received audio and video signals of the second communication client based on the WebRTC protocol;
the encryption and decryption processing module is used for encrypting the group data by using the public key of the second session key to obtain the audio and video signals of the encrypted group package and sending the audio and video signals to the transmission module; the first communication client side is also used for decrypting the received audio and video signals of the second communication client side by using the private key of the first session key and sending the decrypted audio and video signals to the audio and video engine module;
the transmission module is used for carrying out point-to-point data transmission with the second communication client and sending the encrypted and packaged audio/video signals to the second communication client; and the encryption and decryption processing module is also used for sending the received audio and video signals of the second communication client to the encryption and decryption processing module.
As an improvement of the above system, the specific implementation process of the registration module is as follows:
generating an application for acquiring a first session key, encrypting the application for acquiring the first session key by using a first device key obtained in advance, and sending the encrypted application to a server;
receiving an encrypted first session key sent by a server, and decrypting the encrypted first session key by using a first equipment key to obtain a public key and a private key of the first session key;
generating registration information, encrypting the registration information by using a public key of the first session key, and sending the registration information to a server;
and receiving the user number of the first communication client distributed by the server.
As an improvement of the above system, the specific implementation process of the communication establishing module is as follows:
generating an application for acquiring a first session key, encrypting the application for acquiring the first session key by using a first equipment key, and sending the encrypted application to a server;
receiving an encrypted first session key sent by a server, and decrypting the encrypted first session key by using a first equipment key to obtain a public key and a private key of the first session key;
generating an audio and video call application with a second communication client, encrypting the audio and video call application by using a public key of the first session key, and sending the encrypted audio and video call application to a server;
and receiving the encrypted second session key sent by the server, decrypting the encrypted second session key by using the private key of the first session key to obtain the public key of the second session key, and sending the public key of the second session key to the encryption and decryption processing module.
As an improvement of the above system, the second communication client includes: the system comprises a registration module, a communication establishing module, an audio and video engine module, an encryption and decryption processing module and a transmission module; wherein,
the registration module is used for registering to the server to obtain a user number of the second communication client;
the communication establishing module is used for applying for the server and obtaining a public key and a private key of a second session key, receiving an audio and video call application of a first communication client sent by the server, and obtaining the public key of the first session key sent by the server if the call is agreed;
the audio and video engine module is used for encoding and packaging the collected local audio and video signals based on a WebRTC protocol, and sending packaged data to the encryption and decryption processing module; the first communication client side is used for receiving audio and video signals of the first communication client side and outputting the audio and video signals based on a WebRTC protocol;
the encryption and decryption processing module is used for encrypting the group data by using the public key of the first session key to obtain the audio and video signals of the encrypted group and sending the audio and video signals to the transmission module; the first communication client side is also used for decrypting the received audio and video signals of the first communication client side by using a private key of a second session key and sending the audio and video signals to the audio and video engine module;
the transmission module is used for carrying out point-to-point data transmission with the first communication client and sending the encrypted and packaged audio/video signals to the first communication client; and the encryption and decryption processing module is also used for sending the received audio and video signals of the first communication client to the encryption and decryption processing module.
As an improvement of the above system, the specific implementation process of the registration module is as follows:
generating an application for acquiring a second session key, encrypting the application for acquiring the second session key by using a second device key obtained in advance, and sending the encrypted application to a server;
receiving an encrypted second session key sent by the server, and decrypting the encrypted second session key by using a second device key to obtain a public key and a private key of the second session key;
generating registration information, encrypting the registration information by using a public key of the second session key, and sending the registration information to the server;
and receiving the user number of the second communication client distributed by the server.
As an improvement of the above system, the specific implementation process of the communication establishing module is as follows:
generating an application for acquiring a second session key, encrypting the application for acquiring the second session key by using a second equipment key, and sending the encrypted application to a server;
receiving an encrypted second session key sent by the server, and decrypting the encrypted second session key by using a second device key to obtain a public key and a private key of the second session key;
and receiving an audio and video call application of the first communication client sent by the server, sending a call agreement message if the application passes, obtaining an encrypted first session key sent by the server, decrypting the encrypted first session key by using a private key of the second session key, obtaining a public key of the first session key, and sending the public key to the encryption and decryption processing module.
As an improvement of the above system, the server comprises: the key management service module and the communication service processing service module; wherein,
the key management service module is used for generating a first session key for the first communication client and a second session key for the second communication client; the first communication client is also used for generating a first equipment key for the first communication client in advance and generating a second equipment key for the second communication client;
the communication service processing service module is used for receiving registration information of a first communication client to generate a first communication client user number, receiving registration information of a second communication client to generate a second communication client user number; and the public key of the first session key is sent to the second communication client side according to the audio and video call application of the first communication client side, and the public key of the second session key is sent to the first communication client side.
As an improvement of the above system, the first session key is generated for the first communication client, and the second session key is generated for the second communication client; the method specifically comprises the following steps:
receiving an application for acquiring a first session key sent by a first communication client, and decrypting the application for acquiring the first session key by using a first equipment key; generating and storing a public key and a private key of the first session key; sending the private key of the first session key to a communication service processing service module; encrypting the public key and the private key of the first session key by using the first equipment key and sending the encrypted public key and the private key to the first communication client;
receiving an application for acquiring a second session key sent by a second communication client, and decrypting the application for acquiring the second session key by using a second equipment key; generating and storing a public key and a private key of the second session key; sending the private key of the second session key to a communication service processing service module; and encrypting the public key and the private key of the second session key by using the second device key and sending the encrypted public key and the encrypted private key to the second communication client.
As an improvement of the above system, the specific implementation process of the communication service processing service module is as follows:
receiving a private key of a first session key and a private key of a second session key sent by a key management service module;
decrypting the registration information sent by the first communication client by using a private key of the first session key to generate a user number of the first communication client and sending the user number to the first communication client;
decrypting the registration information sent by the second communication client by using a private key of the second session key to generate a user number of the second communication client and sending the user number to the second communication client;
receiving an audio and video call application sent by a first communication client and sent by a second communication client, decrypting the audio and video call application by using a private key of a first session key, encrypting the audio and video call application by using a public key of a second session key, and sending the encrypted audio and video call application to the second communication client;
and receiving a conversation agreement message sent by the second communication client, decrypting the conversation agreement message by using a private key of a second session key, encrypting a public key of the second session key by using a public key of the first session key and sending the public key to the first communication client, and encrypting a public key of the first session key by using a public key of the second session key and sending the public key to the second communication client.
Compared with the prior art, the invention has the advantages that:
1. by using the point-to-point audio and video transmission system, the data of the users do not need to be transferred through a public cloud server, so that links among the users are reduced;
2. encryption is carried out before transmission, so that stealing in data transmission is prevented, and safe data transmission is ensured.
Drawings
Fig. 1 is a schematic diagram of a prior art audio and video call system;
FIG. 2 is a schematic representation of the WebRTC protocol used by the present system;
fig. 3 is a schematic diagram of an encryption processing system for audio/video calls provided in embodiment 1 of the present invention;
fig. 4 is a schematic diagram illustrating a first communication client according to embodiment 1 of the present invention;
fig. 5 is a schematic diagram of an audio/video engine module of a communication client according to embodiment 1 of the present invention;
FIG. 6 is a schematic diagram of a server according to embodiment 1 of the present invention;
fig. 7 is a schematic information flow diagram of an encryption processing system for audio/video calls according to embodiment 1 of the present invention;
fig. 8 is a timing chart of an audio/video call using the encryption processing system for an audio/video call of the present invention;
fig. 9 is a schematic diagram of data transmission of an audio/video call by using the encryption processing system for an audio/video call of the present invention.
Reference numerals
100. First communication client 200. Second communication client
300. Server 101. Registration module
102. Communication establishing module 103. Audio and video engine module
104. Encryption and decryption processing module 105. Transmission module
301. Key management service module 302. Communication business processing service module
Detailed Description
The invention replaces the traditional public cloud transmission scheme of audio and video communication and transmits data in a point-to-point mode. And a key management server is added to perform perfect encryption processing on the transmitted data.
The technical solution of the present invention will be described in detail below with reference to the accompanying drawings and examples.
Example 1
As shown in fig. 3, there is provided an encryption processing system for audio/video calls, including: a first communication client 100, a second communication client 200 and a server 300 deployed on an external network;
a server 300, configured to generate respective session keys for each communication client; sending the public key of the session key of the first communication client to the second communication client, and sending the public key of the session key of the second communication client to the first communication client; the session key is an asymmetric key and is valid the next time;
the first communication client 100 is an initiator of an audio/video call, and is configured to encrypt an audio/video signal of a home terminal by using a public key of a session key of a second communication client, send the encrypted audio/video signal to an opposite terminal, and decrypt a received audio/video signal of the second communication client by using a private key of the session key of the home terminal;
the second communication client 200 is a responder to the audio and video call; the system is used for receiving the audio and video signals sent by the first communication client 100 and performing decryption processing by using a private key of a local session key; and encrypting the audio and video signals of the local terminal by using the public key of the session key of the first communication client, and sending the encrypted audio and video signals to the opposite terminal.
It should be noted that, in this embodiment, two clients are taken as an example, for convenience of description, the first communication client 100 is set as an initiator, and the second communication client 200 is set as a responder, in practical application, there may be a plurality of communication clients, any two of which may communicate, and fixed initiators and responders are not distinguished.
As shown in fig. 4, the first communication client 100 includes: the system comprises a registration module 101, a communication establishing module 102, an audio and video engine module 103, an encryption and decryption processing module 104 and a transmission module 105; wherein,
the registration module 101 is configured to register with the server 300 to obtain a first communication client user number; the method comprises the following specific steps:
1) generating an application for acquiring a first session key, encrypting the application by using a first device key acquired in advance, and transmitting the encrypted application to the server 300;
2) receiving the encrypted first session key sent by the server 300, and performing decryption processing by using the first device key to obtain a public key and a private key of the first session key;
3) generating registration information, encrypting the registration information by using a public key of the first session key, and transmitting the registration information to the server 300;
4) receiving the first communication client user number assigned by the server 300.
The communication establishing module 102 is configured to apply for and obtain a public key and a private key of the first session key from the server 300, send an audio/video call application with the second communication client to the server 300, and obtain a public key of the second session key sent by the server 300 if the second communication client agrees to a call; the method comprises the following specific steps:
1) generating an application for obtaining the first session key, performing encryption processing by using the first device key, and sending the encrypted application to the server 300;
2) receiving the encrypted first session key sent by the server 300, and performing decryption processing by using the first device key to obtain a public key and a private key of the first session key;
3) generating an application for audio and video communication with the second communication client 200, encrypting the application by using the public key of the first communication key, and sending the application to the server 300;
4) if the encrypted second session key sent by the server 300 is received, the private key of the first session key is used for decryption processing, so as to obtain the public key of the second session key, and the public key is sent to the encryption and decryption processing module 104.
The audio and video engine module 103 is used for encoding and packaging the acquired local audio and video signals based on a WebRTC protocol, and sending packaged data to the encryption and decryption processing module 104; the terminal is also used for decoding the received opposite terminal data based on a WebRTC protocol and outputting audio and video signals;
as shown in fig. 5, the audio/video engine module mainly comprises an audio engine, a video engine, and a webRTC data transmission, wherein the audio engine is mainly used for encoding and decoding, reducing echo, reducing noise, reducing jitter, and the like; the video engine is mainly used for video coding and decoding, video jitter buffering and video image enhancement. The data transmission system is used for connecting networks at two ends of a client in a point-to-point mode, and a secret management encryption step is added to a webRTC secure real-time transmission protocol interface.
An encryption/decryption processing module 104, configured to encrypt the group packet data using the public key of the second session key to obtain encrypted group packet data, and send the encrypted group packet data to the transmission module 105; the audio/video engine module 103 is further configured to decrypt the received opposite-end encrypted data with the private key of the first session key and send the decrypted data to the audio/video engine module 103;
a transmission module 105, configured to perform point-to-point data transmission with the second communication client 200, and send the encrypted packet data to the second communication client 200; and is further configured to receive the peer-to-peer encrypted packet data sent by the second communication client 200 and send the data to the encryption/decryption processing module 104.
The second communication client 200 is configured to be the same as the first communication client, and includes: the system comprises a registration module, a communication establishing module, an audio and video engine module, an encryption and decryption processing module and a transmission module; wherein;
the registration module is used for registering to the server 300 to obtain a user number of the second communication client; the method comprises the following specific steps:
1) generating an application for acquiring a second session key, encrypting the second session key by using a second device key obtained in advance, and sending the encrypted second session key to the server 300;
2) receiving the encrypted second session key sent by the server 300, and performing decryption processing by using a second device key to obtain a public key and a private key of the second session key;
3) generating registration information, encrypting the registration information by using the public key of the second session key, and sending the registration information to the server 300;
4) the second communication client user number assigned by the server 300 is received.
The communication establishing module is used for applying for the server 300 and obtaining a public key and a private key of a second session key, receiving an audio and video call application of a first communication client sent by the server 300, and obtaining the public key of the first session key sent by the server 300 if the local terminal agrees to the call; the method comprises the following specific steps:
1) generating an application for obtaining a second session key, performing encryption processing by using a second device key, and sending the encrypted application to the server 300;
2) receiving the encrypted second session key sent by the server 300, and performing decryption processing by using the second device key to obtain a public key and a private key of the second session key;
3) receiving an application of the audio/video call of the first communication client sent by the server 300, if a call agreement message is sent, obtaining an encrypted first session key sent by the server 300, decrypting the encrypted first session key by using a private key of the second session key to obtain a public key of the first session key, and sending the public key to the encryption and decryption processing module 204.
The audio and video engine module is used for encoding and packaging the acquired local audio and video signals based on a WebRTC protocol and sending packaged data to the encryption and decryption processing module; the terminal is also used for decoding the received opposite terminal data based on a WebRTC protocol and outputting audio and video signals;
the encryption and decryption processing module is used for encrypting the group packet data by using the public key of the first session key to obtain encrypted group packet data and sending the encrypted group packet data to the transmission module; the audio and video engine module is also used for decrypting the received opposite-end encrypted data by using a private key of a second session key and then sending the decrypted data to the audio and video engine module;
the transmission module is used for performing point-to-point data transmission with the first communication client 100 and sending the encrypted packet data to the first communication client 100; and is further configured to receive the peer end encrypted packet data sent by the first communication client 100 and send the peer end encrypted packet data to the encryption/decryption processing module 204.
As shown in fig. 6, the server 300 includes: a key management service module 301 and a communication service processing service module 302; wherein,
a key management service module 301, which is used for key distribution and is used for generating session keys for the first communication client 100 and the second communication client 200; also used for generating device keys for the first communication client 100 and the second communication client 200 in advance; the method comprises the following specific steps:
1) receiving an encrypted first session key application sent by the first communication client 100, and performing decryption processing by using a first device key; generating and storing a public key and a private key of the first session key; sending the private key of the first session key to the communication service processing service module 302; encrypting the public key and the private key of the first session key by using the first device key and sending the encrypted public key and the private key to the first communication client 100;
2) receiving an encrypted second session key application sent by the second communication client 200, and performing decryption processing by using a second device key; generating and storing a public key and a private key of the second session key; sending the private key of the second session key to the communication service processing service module 302; the public key and the private key of the second session key are encrypted using the second device key and sent to the second communication client 200.
A communication service processing service module 302, configured to store user data, establish communication connection, receive registration of the first communication client 100 and the second communication client 200, and generate corresponding user numbers; the first communication client is further configured to send the public key of the first session key to the second communication client 200 according to the call application of the first communication client, and send the public key of the second session key to the first communication client 100; the method comprises the following specific steps:
1) receiving a private key of the first session key and a private key of the second session key sent by the key management service module 301;
2) receiving encrypted registration information sent by the first communication client 100, decrypting the encrypted registration information by using a private key of a first session key, generating a first communication client user number and sending the first communication client user number to the first communication client 100;
3) receiving the encrypted registration information sent by the second communication client 200, performing decryption processing by using a private key of a second session key, generating a second communication client user number and sending the second communication client user number to the second communication client 200;
4) receiving an audio and video call application sent by the first communication client 100 and sent by the second communication client 200, decrypting the application by using a private key of the first session key, encrypting the application by using a public key of the second session key, and sending the application to the second communication client 200;
5) receiving the conversation agreement message sent by the second communication client 200, decrypting the conversation agreement message by using the private key of the second session key, sending the public key of the second session key to the first communication client 100 after encrypting the public key by using the first session key, and sending the public key of the first session key to the second communication client 200 after encrypting the public key of the second session key.
Fig. 7 is a schematic diagram of point-to-point encrypted transmission for a user a and a user B. As shown in fig. 8, a timing chart of an audio/video call performed by using the encryption processing system for an audio/video call of the present invention is shown, and a user a and a user B register and communicate via a communication device, which is described as an example:
1. initialization of communication equipment:
the key management service module can export the two-dimensional code with the device key information, and print and distribute the two-dimensional code to users needing to use the device. When paper printing is used and does not pass through a network, in order to prevent a secret key from being stolen in the network transmission process, after the secret key is obtained, subsequent encryption can be invalid due to the fact that the original secret key is leaked. Scanning by a user through a mobile phone to obtain an equipment key A/an equipment key B;
2. communication equipment registration:
the communication equipment A/B encrypts a session by using an equipment key, acquires a session key A/B from a key management service module, synchronizes the session key to a communication service processing service module by using the key management service, and performs registration operation on the communication service processing service module by using an encryption channel of the session key A/B;
3. communication equipment conversation: user A requests B and carries out audio-video call
1) The communication equipment A/B uses the equipment key encryption channel to obtain the session key A/B from the key management service module, and the key management service module synchronously sends the session key to the communication service processing service module. The session key is a pair of public and private keys, the public key is used for encrypting information, and the private key is used for decrypting information;
2) and the user A acquires the public information of the user B by using the session key, and requests the communication service processing service module to communicate with the user B after the user A confirms that the information of the user B is correct. The communication service processing service module informs the B of the audio and video call from the A;
if the user B selects to answer or reject after receiving the call request, and if the user B selects to reject, the user A is informed of the rejection of the call through the communication service processing service module;
if the user B selects to answer the call, the communication service processing service module is informed of the answering request, the communication service processing service module sends the session public key of the user A to the user B, and the session public key of the user B is sent to the user A;
and then the user B can establish point-to-point video call with the user A by using a WebRTC protocol, the user A uses the session public key of the user B to encrypt and send the encrypted session public key, and the user B can decrypt required audio and video information by using the session private key of the user B. The user B encrypts the data by using the session public key of the user A and then sends the encrypted data, the user A decrypts the required audio and video by using the session private key of the user A, and because both users use the session public key of the other user for encryption, only the private key of the user A can decrypt the plaintext, so that a point-to-point secure audio and video channel is established between the two users.
Based on the protocol, the invention uses the data interaction key obtained by the key management service to encrypt and transmit in the secure real-time transport protocol (SRTP) protocol part. Before audio and video data transmission is sent, the data interaction key is used for encryption, and after the data is received, the data interaction key is used for decryption, so that the security of point-to-point data interaction is ensured.
As shown in fig. 9, after the device account of the user a registers and logs in, the user a makes an audio-video call with the user B, and at this time, the user a has acquired the session public key of the user B, and the user B has acquired the session public key of the user a;
the method comprises the steps that audio and video source data are input through a camera and microphone equipment, a client of a user A uses an audio and video engine of WebRTC to collect, encode and package the audio and video source data, the client of the user A uses a public key of a user B to encrypt an audio and video encoding package, and the audio and video encoding package is transmitted to the client of the user B in a point-to-point mode through the WebRTC;
and the user B decrypts the information to obtain an audio and video coding package by using the own session private key after receiving the information, and restores the audio and video coding package into audio and video data through the WebRTC audio and video engine to output the audio and video data on the user B client. Thereby realizing audio and video communication between two parties.
Example 2
An encryption processing system for audio and video calls is provided, which comprises: a plurality of communication clients and a server deployed on the extranet; any two communication clients can carry out audio and video conversation, and the composition of each communication client comprises: the system comprises a registration module, a communication establishing module, an audio and video engine module, an encryption and decryption processing module and a transmission module; the server comprises the following components: a key management service module and a communication service processing service module. The specific processing procedure of each module is the same as that of example 1.
The system can be applied to multi-person audio and video communication and multi-person video conferences of enterprises.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and are not limited. Although the present invention has been described in detail with reference to the embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (10)

1. An encryption processing system for audio and video calls, the system comprising: the system comprises a first communication client, a second communication client and a server deployed on the extranet; wherein,
the server is used for generating a first session key for the first communication client and a second session key for the second communication client; sending the public key of the first session key to the second communication client, and sending the public key of the second session key to the first communication client; the first session key and the second session key are both asymmetric keys and are valid the next time;
the first communication client is an initiator of the audio and video call and is used for encrypting the local audio and video signals by using the public key of the second session key, sending the encrypted local audio and video signals to the second communication client and decrypting the received audio and video signals of the second communication client by using the private key of the local first session key;
the second communication client is a responder of audio and video calls; the private key of the second session key is used for decrypting the received audio and video signals of the first communication client; and encrypting the local audio and video signals by using the public key of the first session key, and sending the encrypted local audio and video signals to the first communication client.
2. The system for encrypting and processing an audio-video call according to claim 1, wherein the first communication client comprises: the system comprises a registration module, a communication establishing module, an audio and video engine module, an encryption and decryption processing module and a transmission module; wherein,
the registration module is used for registering to the server to obtain a first communication client user number;
the communication establishing module is used for applying for the server and obtaining a public key and a private key of the first session key, sending an audio and video call application with the second communication client to the server, and obtaining the public key of the second session key sent by the server if the second communication client agrees to the call;
the audio and video engine module is used for encoding and packaging the collected local audio and video signals based on a WebRTC protocol, and sending packaged data to the encryption and decryption processing module; the device is also used for decoding and outputting the received audio and video signals of the second communication client based on the WebRTC protocol;
the encryption and decryption processing module is used for encrypting the group data by using the public key of the second session key to obtain the audio and video signals of the encrypted group package and sending the audio and video signals to the transmission module; the first communication client side is also used for decrypting the received audio and video signals of the second communication client side by using the private key of the first session key and sending the decrypted audio and video signals to the audio and video engine module;
the transmission module is used for carrying out point-to-point data transmission with the second communication client and sending the encrypted and packaged audio/video signals to the second communication client; and the encryption and decryption processing module is also used for sending the received audio and video signals of the second communication client to the encryption and decryption processing module.
3. The encryption processing system for audio and video calls according to claim 2, wherein the specific implementation process of the registration module is as follows:
generating an application for acquiring a first session key, encrypting the application for acquiring the first session key by using a first device key obtained in advance, and sending the encrypted application to a server;
receiving an encrypted first session key sent by a server, and decrypting the encrypted first session key by using a first equipment key to obtain a public key and a private key of the first session key;
generating registration information, encrypting the registration information by using a public key of the first session key, and sending the registration information to a server;
and receiving the user number of the first communication client distributed by the server.
4. The encryption processing system for audio and video calls according to claim 3, wherein the communication establishing module is implemented in the following specific steps:
generating an application for acquiring a first session key, encrypting the application for acquiring the first session key by using a first equipment key, and sending the encrypted application to a server;
receiving an encrypted first session key sent by a server, and decrypting the encrypted first session key by using a first equipment key to obtain a public key and a private key of the first session key;
generating an audio and video call application with a second communication client, encrypting the audio and video call application by using a public key of the first session key, and sending the encrypted audio and video call application to a server;
and receiving the encrypted second session key sent by the server, decrypting the encrypted second session key by using the private key of the first session key to obtain the public key of the second session key, and sending the public key of the second session key to the encryption and decryption processing module.
5. The system for encryption processing of audio-video calls as claimed in claim 1, wherein said second communication client comprises: the system comprises a registration module, a communication establishing module, an audio and video engine module, an encryption and decryption processing module and a transmission module; wherein,
the registration module is used for registering to the server to obtain a user number of the second communication client;
the communication establishing module is used for applying for the server and obtaining a public key and a private key of a second session key, receiving an audio and video call application of a first communication client sent by the server, and obtaining the public key of the first session key sent by the server if the call is agreed;
the audio and video engine module is used for encoding and packaging the collected local audio and video signals based on a WebRTC protocol, and sending packaged data to the encryption and decryption processing module; the first communication client side is used for receiving audio and video signals of the first communication client side and outputting the audio and video signals based on a WebRTC protocol;
the encryption and decryption processing module is used for encrypting the group data by using the public key of the first session key to obtain the audio and video signals of the encrypted group and sending the audio and video signals to the transmission module; the first communication client side is also used for decrypting the received audio and video signals of the first communication client side by using a private key of a second session key and sending the audio and video signals to the audio and video engine module;
the transmission module is used for carrying out point-to-point data transmission with the first communication client and sending the encrypted and packaged audio/video signals to the first communication client; and the encryption and decryption processing module is also used for sending the received audio and video signals of the first communication client to the encryption and decryption processing module.
6. The encryption processing system for audio and video calls according to claim 5, wherein the specific implementation process of the registration module is as follows:
generating an application for acquiring a second session key, encrypting the application for acquiring the second session key by using a second device key obtained in advance, and sending the encrypted application to a server;
receiving an encrypted second session key sent by the server, and decrypting the encrypted second session key by using a second device key to obtain a public key and a private key of the second session key;
generating registration information, encrypting the registration information by using a public key of the second session key, and sending the registration information to the server;
and receiving the user number of the second communication client distributed by the server.
7. The encryption processing system for audio and video calls according to claim 6, wherein the communication establishing module is implemented in the following specific steps:
generating an application for acquiring a second session key, encrypting the application for acquiring the second session key by using a second equipment key, and sending the encrypted application to a server;
receiving an encrypted second session key sent by the server, and decrypting the encrypted second session key by using a second device key to obtain a public key and a private key of the second session key;
and receiving an audio and video call application of the first communication client sent by the server, sending a call agreement message if the application passes, obtaining an encrypted first session key sent by the server, decrypting the encrypted first session key by using a private key of the second session key, obtaining a public key of the first session key, and sending the public key to the encryption and decryption processing module.
8. The encryption processing system for audio-video calls according to claim 1, wherein the server comprises: the key management service module and the communication service processing service module; wherein,
the key management service module is used for generating a first session key for the first communication client and a second session key for the second communication client; the first communication client is also used for generating a first equipment key for the first communication client in advance and generating a second equipment key for the second communication client;
the communication service processing service module is used for receiving registration information of a first communication client to generate a first communication client user number, receiving registration information of a second communication client to generate a second communication client user number; and the public key of the first session key is sent to the second communication client side according to the audio and video call application of the first communication client side, and the public key of the second session key is sent to the first communication client side.
9. The system of claim 8, wherein the first session key is generated for a first communication client and the second session key is generated for a second communication client; the method specifically comprises the following steps:
receiving an application for acquiring a first session key sent by a first communication client, and decrypting the application for acquiring the first session key by using a first equipment key; generating and storing a public key and a private key of the first session key; sending the private key of the first session key to a communication service processing service module; encrypting the public key and the private key of the first session key by using the first equipment key and sending the encrypted public key and the private key to the first communication client;
receiving an application for acquiring a second session key sent by a second communication client, and decrypting the application for acquiring the second session key by using a second equipment key; generating and storing a public key and a private key of the second session key; sending the private key of the second session key to a communication service processing service module; and encrypting the public key and the private key of the second session key by using the second device key and sending the encrypted public key and the encrypted private key to the second communication client.
10. The system for encrypting and processing an audio/video call according to claim 9, wherein the communication service processing service module is implemented in the following specific steps:
receiving a private key of a first session key and a private key of a second session key sent by a key management service module;
decrypting the registration information sent by the first communication client by using a private key of the first session key to generate a user number of the first communication client and sending the user number to the first communication client;
decrypting the registration information sent by the second communication client by using a private key of the second session key to generate a user number of the second communication client and sending the user number to the second communication client;
receiving an audio and video call application sent by a first communication client and sent by a second communication client, decrypting the audio and video call application by using a private key of a first session key, encrypting the audio and video call application by using a public key of a second session key, and sending the encrypted audio and video call application to the second communication client;
and receiving a conversation agreement message sent by the second communication client, decrypting the conversation agreement message by using a private key of a second session key, encrypting a public key of the second session key by using a public key of the first session key and sending the public key to the first communication client, and encrypting a public key of the first session key by using a public key of the second session key and sending the public key to the second communication client.
CN202011168683.3A 2020-10-28 2020-10-28 Encryption processing system for audio and video call Pending CN112261057A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011168683.3A CN112261057A (en) 2020-10-28 2020-10-28 Encryption processing system for audio and video call

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011168683.3A CN112261057A (en) 2020-10-28 2020-10-28 Encryption processing system for audio and video call

Publications (1)

Publication Number Publication Date
CN112261057A true CN112261057A (en) 2021-01-22

Family

ID=74262770

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011168683.3A Pending CN112261057A (en) 2020-10-28 2020-10-28 Encryption processing system for audio and video call

Country Status (1)

Country Link
CN (1) CN112261057A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051857A (en) * 2022-06-16 2022-09-13 矩阵时光数字科技有限公司 Global quantum secure audio and video communication method
CN115589461A (en) * 2022-09-27 2023-01-10 无锡路通视信网络股份有限公司 Audio and video call system and audio and video call method
CN118573426A (en) * 2024-05-21 2024-08-30 长江量子(武汉)科技有限公司 Audio and video secure social method based on earphone
CN119182521A (en) * 2024-09-03 2024-12-24 西安电子科技大学 Full-link voice communication safety protection system, method, equipment and medium based on national encryption algorithm

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301107A (en) * 2013-07-17 2015-01-21 阿瓦亚公司 Method and system for verifying privacy of WebRTC media channel via corresponding WebRTC data channel
CN104955033A (en) * 2015-05-28 2015-09-30 盛耀无线通讯科技(北京)有限公司 Voice encryption communication method
CN104980395A (en) * 2014-04-04 2015-10-14 中国电信股份有限公司 Method and system for intercommunication between first system and second system, and media gateway
US20150373057A1 (en) * 2014-06-24 2015-12-24 Avaya Inc. ENHANCING MEDIA CHARACTERISTICS DURING WEB REAL-TIME COMMUNICATIONS (WebRTC) INTERACTIVE SESSIONS BY USING SESSION INITIATION PROTOCOL (SIP) ENDPOINTS, AND RELATED METHODS, SYSTEMS, AND COMPUTER-READABLE MEDIA
CN106559396A (en) * 2015-09-30 2017-04-05 中国电信股份有限公司 Media multicast method and system based on Web real-time Communication for Power
US20170331798A1 (en) * 2015-01-06 2017-11-16 Netas Telekomunikasyon Anonim Sirketi Encrypted-bypass webrtc-based voice and/or video communication method
CN107483505A (en) * 2017-09-29 2017-12-15 武汉斗鱼网络科技有限公司 A method and system for protecting user privacy in video chat
CN110392020A (en) * 2018-04-18 2019-10-29 网宿科技股份有限公司 Method and system for transmitting streaming media resources

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301107A (en) * 2013-07-17 2015-01-21 阿瓦亚公司 Method and system for verifying privacy of WebRTC media channel via corresponding WebRTC data channel
CN104980395A (en) * 2014-04-04 2015-10-14 中国电信股份有限公司 Method and system for intercommunication between first system and second system, and media gateway
US20150373057A1 (en) * 2014-06-24 2015-12-24 Avaya Inc. ENHANCING MEDIA CHARACTERISTICS DURING WEB REAL-TIME COMMUNICATIONS (WebRTC) INTERACTIVE SESSIONS BY USING SESSION INITIATION PROTOCOL (SIP) ENDPOINTS, AND RELATED METHODS, SYSTEMS, AND COMPUTER-READABLE MEDIA
US20170331798A1 (en) * 2015-01-06 2017-11-16 Netas Telekomunikasyon Anonim Sirketi Encrypted-bypass webrtc-based voice and/or video communication method
CN104955033A (en) * 2015-05-28 2015-09-30 盛耀无线通讯科技(北京)有限公司 Voice encryption communication method
CN106559396A (en) * 2015-09-30 2017-04-05 中国电信股份有限公司 Media multicast method and system based on Web real-time Communication for Power
CN107483505A (en) * 2017-09-29 2017-12-15 武汉斗鱼网络科技有限公司 A method and system for protecting user privacy in video chat
CN110392020A (en) * 2018-04-18 2019-10-29 网宿科技股份有限公司 Method and system for transmitting streaming media resources

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051857A (en) * 2022-06-16 2022-09-13 矩阵时光数字科技有限公司 Global quantum secure audio and video communication method
CN115589461A (en) * 2022-09-27 2023-01-10 无锡路通视信网络股份有限公司 Audio and video call system and audio and video call method
CN118573426A (en) * 2024-05-21 2024-08-30 长江量子(武汉)科技有限公司 Audio and video secure social method based on earphone
CN119182521A (en) * 2024-09-03 2024-12-24 西安电子科技大学 Full-link voice communication safety protection system, method, equipment and medium based on national encryption algorithm

Similar Documents

Publication Publication Date Title
CN103684787B (en) The encrypting and decrypting method and terminal of packet based on network transmission
CN112261057A (en) Encryption processing system for audio and video call
CN113347215B (en) Encryption method for mobile video conference
CN111884802B (en) Media stream encryption transmission method, system, terminal and electronic equipment
US7466824B2 (en) Method and system for encryption of streamed data
CA2360781A1 (en) Key management for telephone calls to protect signaling and call packets between cta's
EP2241053A1 (en) Method and apparatus to enable lawful intercept of encrypted traffic
CN102202299A (en) Realization method of end-to-end voice encryption system based on 3G/B3G
CN106982419A (en) A kind of broadband cluster system individual calling End to End Encryption method and system
CN100459620C (en) Security module for encrypting telephone calls
CN112565302A (en) Communication method, system and equipment based on security gateway
WO2017215443A1 (en) Message transmission method, apparatus and system
WO2017197968A1 (en) Data transmission method and device
JPH09307542A (en) Data transmission device and method
CN112217862A (en) Data communication method, device, terminal equipment and storage medium
WO2008122182A1 (en) A data transmission method and terminals
CN113098872B (en) Encryption communication system and method based on quantum network and convergence gateway
CN112668029A (en) Private social software and private implementation method thereof
CN108696512B (en) Cross-protocol code stream encryption negotiation method and device and conference equipment
CN101729535B (en) Implementation method of media on-demand business
WO2007000089A1 (en) A method for transfering content in media gateway control protocol calling
CN112953963B (en) System and method for encrypting media stream content
CN114268657B (en) Method and system for establishing SSL_TLS communication between browser application and local application
CN110890968B (en) Instant messaging method, device, equipment and computer readable storage medium
CN1889425A (en) Method and system for realizing H.323 network internodal safety calling

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned
AD01 Patent right deemed abandoned

Effective date of abandoning: 20230324