CN110636031B - Video conference data processing method and device - Google Patents

Abstract

The invention provides a video conference data processing device and method, which are applied to a video network. Wherein the device includes: the terminal network port is used for connecting the video networking conference terminal; the server network port is used for connecting the video networking conference server; the first receiving module is used for receiving an uplink data packet sent by the video networking conference terminal through the terminal network port and judging whether the uplink data packet needs to be encrypted or not; the first acquisition module is used for acquiring a primary key corresponding to the uplink data packet if the uplink data packet needs to be encrypted; the encryption module is used for generating a secondary key corresponding to the uplink data packet and encrypting the uplink data packet by using the primary key and the secondary key; and the first sending module is used for sending the encrypted uplink data packet to the video networking conference server through the server network port. According to the invention, through encryption processing of the data transmitted in the video conference, even if the data is intercepted by lawbreakers, the conference content can not be leaked, and the safety of the video conference is ensured.

Description

Video conference data processing method and device

Technical Field

The invention relates to the technical field of video networking, in particular to a video conference data processing method and a video conference data processing device.

Background

With the rapid development of network technologies, bidirectional communications such as video conferences and video teaching are widely popularized in the aspects of life, work, learning and the like of users. Video conferencing refers to a conference in which people at two or more locations have a face-to-face conversation via a communication device and a network. Through the video conference, the participants can hear the sound of other meeting places, see the image, the action and the expression of the participants in other meeting places, and can also send electronic demonstration contents, so that the participants have the feeling of being personally on the scene.

In a video conference, if data transmitted in the conference is intercepted by a lawbreaker, conference contents will be leaked, thereby causing great loss. Therefore, how to guarantee the security of the video conference becomes an urgent problem to be solved.

Disclosure of Invention

In view of the above problems, embodiments of the present invention are proposed to provide a video conference data processing apparatus and a corresponding video conference data processing method that overcome or at least partially solve the above problems.

In order to solve the above problems, an embodiment of the present invention discloses a video conference data processing apparatus, which is applied to a video network, where the video network includes a video network conference terminal and a video network conference server, and the apparatus includes: the terminal network port is used for connecting the video networking conference terminal; the server network port is used for connecting the video networking conference server; the first receiving module is used for receiving an uplink data packet sent by the video networking conference terminal through the terminal internet access and judging whether the uplink data packet needs to be encrypted or not; a first obtaining module, configured to obtain a primary key corresponding to the uplink data packet if the uplink data packet needs to be encrypted; the encryption module is used for generating a secondary key corresponding to the uplink data packet and encrypting the uplink data packet by using the primary key and the secondary key; and the first sending module is used for sending the encrypted uplink data packet to the video networking conference server through the server network port.

Preferably, the first receiving module includes: a first judging unit, configured to judge a data type in the uplink data packet; a first determining unit, configured to determine that the uplink data packet needs to be encrypted if the data type is audio data or video data.

Preferably, the first determining unit is specifically configured to read information of bytes used for storing the data type in an uplink data packet, and determine the data type in the uplink data packet according to the information.

Preferably, the apparatus further comprises: the serial port module is used for inputting preset configuration information, and the configuration information comprises identifiers of all video networking conference terminals accessed to the video networking conference and corresponding first-level keys; the first obtaining module comprises: the first acquisition unit is used for acquiring the video networking conference terminal identification carried in the uplink data packet; and the first query unit is used for searching the primary key corresponding to the video networking conference terminal identifier from the configuration information.

Preferably, the encryption module includes: the first encryption unit is used for carrying out primary encryption on the uplink data packet by using the secondary key; and the second encryption unit is used for carrying out secondary encryption on the uplink data packet after the primary encryption by using the primary key.

On the other hand, the embodiment of the invention also discloses a video conference data processing device, which is applied to the video network, wherein the video network comprises a video network conference terminal and a video network conference server, and the device comprises: the terminal network port is used for connecting the video networking conference terminal; the server network port is used for connecting the video networking conference server; the second receiving module is used for receiving a downlink data packet sent by the video network conference server through the server network port and judging whether the downlink data packet needs to be decrypted or not; a second obtaining module, configured to obtain a primary key corresponding to the downlink data packet if the downlink data packet needs to be decrypted; the decryption module is used for acquiring a secondary key corresponding to the downlink data packet and decrypting the downlink data packet by using the primary key and the secondary key; and the second sending module is used for sending the decrypted downlink data packet to the video networking conference terminal through the terminal internet access.

Preferably, the second receiving module includes: a second judging unit, configured to judge whether the downlink data packet is an encrypted data packet; a second determining unit, configured to determine that the downlink data packet needs to be decrypted if the downlink data packet is an encrypted data packet.

Preferably, the apparatus further comprises: the serial port module is used for inputting preset configuration information, and the configuration information comprises identifiers of all connected video networking conference terminals and corresponding primary keys; the second acquisition module includes: a second obtaining unit, configured to obtain a video networking conference terminal identifier carried in the downlink data packet; and the first query unit is used for searching the primary key corresponding to the video networking conference terminal identifier from the configuration information.

Preferably, the decryption module comprises: the first decryption unit is used for performing primary decryption on the downlink data packet by using the primary key to obtain a secondary key; and the second decryption unit is used for performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key.

On the other hand, the embodiment of the invention also discloses a video conference data processing device, which is applied to the video network, wherein the video network comprises a video network conference terminal and a video network conference server, and the device comprises: the terminal network port is used for connecting the video networking conference terminal; the server network port is used for connecting the video networking conference server; the first receiving module is used for receiving an uplink data packet sent by the video networking conference terminal through the terminal internet access and judging whether the uplink data packet needs to be encrypted or not; the first obtaining module is used for obtaining a primary key corresponding to the uplink data packet if the uplink data packet needs to be encrypted; the encryption module is used for generating a secondary key corresponding to the uplink data packet and encrypting the uplink data packet by using the primary key and the secondary key; the first sending module is used for sending the encrypted uplink data packet to the video networking conference server through the server network port; the second receiving module is used for receiving the downlink data packet sent by the video networking conference server through the server network port and judging whether the downlink data packet needs to be decrypted or not; a second obtaining module, configured to obtain a primary key corresponding to the downlink data packet if the downlink data packet needs to be decrypted; the decryption module is used for acquiring a secondary key corresponding to the downlink data packet and decrypting the downlink data packet by using the primary key and the secondary key; and the second sending module is used for sending the decrypted downlink data packet to the video networking conference terminal through the terminal internet access.

On the other hand, the embodiment of the invention also discloses a video conference data processing method, which is applied to a video network, wherein the video network comprises a video network conference terminal and a video network conference server, the video network conference terminal is connected with a terminal network port, and the video network conference server is connected with a server network port, and the method comprises the following steps: receiving an uplink data packet sent by the video networking conference terminal through the terminal network port, and judging whether the uplink data packet needs to be encrypted; if the uplink data packet needs to be encrypted, acquiring a primary key corresponding to the uplink data packet; generating a secondary key corresponding to the uplink data packet, and encrypting the uplink data packet by using the primary key and the secondary key; and sending the encrypted uplink data packet to the video networking conference server through the server network port.

On the other hand, the embodiment of the invention also discloses a video conference data processing method, which is applied to a video network, wherein the video network comprises a video network conference terminal and a video network conference server, the video network conference terminal is connected with a terminal network port, and the video network conference server is connected with a server network port, and the method comprises the following steps: receiving a downlink data packet sent by the video networking conference server through the server network port, and judging whether the downlink data packet needs to be decrypted or not; if the downlink data packet needs to be decrypted, a primary key corresponding to the downlink data packet is obtained; acquiring a secondary key corresponding to the downlink data packet, and decrypting the downlink data packet by using the primary key and the secondary key; and sending the decrypted downlink data packet to the video networking conference terminal through the terminal network port.

On the other hand, the embodiment of the invention also discloses a video conference data processing method, which is applied to a video network, wherein the video network comprises a video network conference terminal and a video network conference server, the video network conference terminal is connected with a terminal network port, and the video network conference server is connected with a server network port, and the method comprises the following steps: receiving an uplink data packet sent by the video networking conference terminal through the terminal network port, and judging whether the uplink data packet needs to be encrypted; if the uplink data packet needs to be encrypted, acquiring a primary key corresponding to the uplink data packet; generating a secondary key corresponding to the uplink data packet, and encrypting the uplink data packet by using the primary key and the secondary key; sending the encrypted uplink data packet to the video networking conference server through the server network port; receiving a downlink data packet sent by the video networking conference server through the server network port, and judging whether the downlink data packet needs to be decrypted or not; if the downlink data packet needs to be decrypted, a primary key corresponding to the downlink data packet is obtained; acquiring a secondary key corresponding to the downlink data packet, and decrypting the downlink data packet by using the primary key and the secondary key; and sending the decrypted downlink data packet to the video networking conference terminal through the terminal network port.

In the embodiment of the invention, when a video conference is carried out, a first receiving module receives an uplink data packet sent by a video networking conference terminal through a terminal network port and judges whether the uplink data packet needs to be encrypted or not; the first acquisition module acquires a primary key corresponding to an uplink data packet when the uplink data packet needs to be encrypted; the encryption module generates a second-level key corresponding to the uplink data packet, and encrypts the uplink data packet by using the first-level key and the second-level key; and the first sending module is used for sending the encrypted uplink data packet to the video networking conference server through the server network port. By encrypting the data transmitted in the video conference, the conference content can not be revealed even if the data is intercepted by lawless persons, thereby ensuring the safety of the video conference.

Drawings

FIG. 1 is a schematic networking diagram of a video network of the present invention;

FIG. 2 is a schematic diagram of a hardware architecture of a node server according to the present invention;

fig. 3 is a schematic diagram of a hardware structure of an access switch of the present invention;

fig. 4 is a schematic diagram of a hardware structure of an ethernet protocol conversion gateway according to the present invention;

fig. 5 is a block diagram of a video conference data processing apparatus according to a first embodiment of the present invention;

fig. 6 is a schematic diagram illustrating a data packet encryption principle according to a first embodiment of the present invention;

fig. 7 is a schematic diagram of a code stream encryption principle according to a first embodiment of the present invention;

fig. 8 is a block diagram of a video conference data processing apparatus according to a second embodiment of the present invention;

fig. 9 is a schematic diagram illustrating a packet decryption principle according to a second embodiment of the present invention;

fig. 10 is a schematic diagram illustrating a principle of decryption of a code stream according to a second embodiment of the present invention;

fig. 11 is a block diagram of a video conference data processing apparatus according to a third embodiment of the present invention;

fig. 12 is a schematic diagram of a videoconference data processing procedure according to the third embodiment of the present invention;

fig. 13 is a flowchart illustrating steps of a video conference data processing method according to a fourth embodiment of the present invention;

fig. 14 is a flowchart illustrating steps of a method for processing videoconference data according to fifth embodiment of the present invention;

fig. 15 is a flowchart illustrating steps of a video conference data processing method according to a sixth embodiment of the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.

The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other.

The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of video, voice, pictures, characters, communication, data and the like on a system platform on a network platform, such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delayed television, network teaching, live broadcast, VOD on demand, television mail, Personal Video Recorder (PVR), intranet (self-office) channels, intelligent video broadcast control, information distribution and the like, and realizes high-definition quality video broadcast through a television or a computer.

To better understand the embodiments of the present invention, the following description refers to the internet of view:

some of the technologies applied in the video networking are as follows:

network Technology (Network Technology)

Network technology innovation in video networking has improved over traditional Ethernet (Ethernet) to face the potentially enormous video traffic on the network. Unlike pure network Packet Switching (Packet Switching) or network Circuit Switching (Circuit Switching), the Packet Switching is adopted by the technology of the video networking to meet the Streaming requirement. The video networking technology has the advantages of flexibility, simplicity and low price of packet switching, and simultaneously has the quality and safety guarantee of circuit switching, thereby realizing the seamless connection of the whole network switching type virtual circuit and the data format.

Switching Technology (Switching Technology)

The video network adopts two advantages of asynchronism and packet switching of the Ethernet, eliminates the defects of the Ethernet on the premise of full compatibility, has end-to-end seamless connection of the whole network, is directly communicated with a user terminal, and directly bears an IP data packet. The user data does not require any format conversion across the entire network. The video networking is a higher-level form of the Ethernet, is a real-time exchange platform, can realize the real-time transmission of the whole-network large-scale high-definition video which cannot be realized by the existing Internet, and pushes a plurality of network video applications to high-definition and unification.

Server Technology (Server Technology)

The server technology on the video networking and unified video platform is different from the traditional server, the streaming media transmission of the video networking and unified video platform is established on the basis of connection orientation, the data processing capacity of the video networking and unified video platform is independent of flow and communication time, and a single network layer can contain signaling and data transmission. For voice and video services, the complexity of video networking and unified video platform streaming media processing is much simpler than that of data processing, and the efficiency is greatly improved by more than one hundred times compared with that of a traditional server.

Storage Technology (Storage Technology)

The super-high speed storage technology of the unified video platform adopts the most advanced real-time operating system in order to adapt to the media content with super-large capacity and super-large flow, the program information in the server instruction is mapped to the specific hard disk space, the media content is not passed through the server any more, and is directly sent to the user terminal instantly, and the general waiting time of the user is less than 0.2 second. The optimized sector distribution greatly reduces the mechanical motion of the magnetic head track seeking of the hard disk, the resource consumption only accounts for 20% of that of the IP internet of the same grade, but concurrent flow which is 3 times larger than that of the traditional hard disk array is generated, and the comprehensive efficiency is improved by more than 10 times.

Network Security Technology (Network Security Technology)

The structural design of the video network completely eliminates the network security problem troubling the internet structurally by the modes of independent service permission control each time, complete isolation of equipment and user data and the like, generally does not need antivirus programs and firewalls, avoids the attack of hackers and viruses, and provides a structural carefree security network for users.

Service Innovation Technology (Service Innovation Technology)

The unified video platform integrates services and transmission, and is not only automatically connected once whether a single user, a private network user or a network aggregate. The user terminal, the set-top box or the PC are directly connected to the unified video platform to obtain various multimedia video services in various forms. The unified video platform adopts a menu type matching table mode to replace the traditional complex application programming, can realize complex application by using very few codes, and realizes infinite new service innovation.

Networking of the video network is as follows:

the video network is a centralized control network structure, and the network can be a tree network, a star network, a ring network and the like, but on the basis of the centralized control node, the whole network is controlled by the centralized control node in the network.

As shown in fig. 1, the video network is divided into an access network and a metropolitan network.

The devices of the access network part can be mainly classified into 3 types: node server, access switch, terminal (including various set-top boxes, coding boards, memories, etc.). The node server is connected to an access switch, which may be connected to a plurality of terminals and may be connected to an ethernet network.

The node server is a node which plays a centralized control function in the access network and can control the access switch and the terminal. The node server can be directly connected with the access switch or directly connected with the terminal.

Similarly, devices of the metropolitan network portion may also be classified into 3 types: a metropolitan area server, a node switch and a node server. The metro server is connected to a node switch, which may be connected to a plurality of node servers.

The node server is a node server of the access network part, namely the node server belongs to both the access network part and the metropolitan area network part.

The metropolitan area server is a node which plays a centralized control function in the metropolitan area network and can control a node switch and a node server. The metropolitan area server can be directly connected with the node switch or directly connected with the node server.

Therefore, the whole video network is a network structure with layered centralized control, and the network controlled by the node server and the metropolitan area server can be in various structures such as tree, star and ring.

The access network part can form a unified video platform (the part in the dotted circle), and a plurality of unified video platforms can form a video network; each unified video platform may be interconnected via metropolitan area and wide area video networking.

Video networking device classification

1.1 devices in the video network of the embodiment of the present invention can be mainly classified into 3 types: servers, switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.). The video network as a whole can be divided into a metropolitan area network (or national network, global network, etc.) and an access network.

1.2 wherein the devices of the access network part can be mainly classified into 3 types: node servers, access switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.).

The specific hardware structure of each access network device is as follows:

a node server:

as shown in fig. 2, the system mainly includes a network interface module 201, a switching engine module 202, a CPU module 203, and a disk array module 204;

the network interface module 201, the CPU module 203, and the disk array module 204 all enter the switching engine module 202; the switching engine module 202 performs an operation of looking up the address table 205 on the incoming packet, thereby obtaining the direction information of the packet; and stores the packet in a queue of the corresponding packet buffer 206 based on the packet's steering information; if the queue of the packet buffer 206 is nearly full, it is discarded; the switching engine module 202 polls all packet buffer queues for forwarding if the following conditions are met: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero. The disk array module 204 mainly implements control over the hard disk, including initialization, read-write, and other operations on the hard disk; the CPU module 203 is mainly responsible for protocol processing with an access switch and a terminal (not shown in the figure), configuring an address table 205 (including a downlink protocol packet address table, an uplink protocol packet address table, and a data packet address table), and configuring the disk array module 204.

The access switch:

as shown in fig. 3, the network interface module mainly includes a network interface module (a downlink network interface module 301 and an uplink network interface module 302), a switching engine module 303 and a CPU module 304;

wherein, the packet (uplink data) coming from the downlink network interface module 301 enters the packet detection module 305; the packet detection module 305 detects whether the Destination Address (DA), the Source Address (SA), the packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id) and enters the switching engine module 303, otherwise, discards the stream identifier; the packet (downstream data) coming from the upstream network interface module 302 enters the switching engine module 303; the data packet coming from the CPU module 204 enters the switching engine module 303; the switching engine module 303 performs an operation of looking up the address table 306 on the incoming packet, thereby obtaining the direction information of the packet; if the packet entering the switching engine module 303 is from the downstream network interface to the upstream network interface, the packet is stored in the queue of the corresponding packet buffer 307 in association with the stream-id; if the queue of the packet buffer 307 is nearly full, it is discarded; if the packet entering the switching engine module 303 is not from the downlink network interface to the uplink network interface, the data packet is stored in the queue of the corresponding packet buffer 307 according to the guiding information of the packet; if the queue of the packet buffer 307 is nearly full, it is discarded.

The switching engine module 303 polls all packet buffer queues, which in this embodiment of the present invention is divided into two cases:

if the queue is from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queued packet counter is greater than zero; 3) obtaining a token generated by a code rate control module;

if the queue is not from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero.

The rate control module 208 is configured by the CPU module 204, and generates tokens for packet buffer queues from all downstream network interfaces to upstream network interfaces at programmable intervals to control the rate of upstream forwarding.

The CPU module 304 is mainly responsible for protocol processing with the node server, configuration of the address table 306, and configuration of the code rate control module 308.

Ethernet protocol conversion gateway：

As shown in fig. 4, the apparatus mainly includes a network interface module (a downlink network interface module 401 and an uplink network interface module 402), a switching engine module 403, a CPU module 404, a packet detection module 405, a rate control module 408, an address table 406, a packet buffer 407, a MAC adding module 409, and a MAC deleting module 410.

Wherein, the data packet coming from the downlink network interface module 401 enters the packet detection module 405; the packet detection module 405 detects whether the ethernet MAC DA, the ethernet MAC SA, the ethernet length or frame type, the video network destination address DA, the video network source address SA, the video network packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id); then, the MAC deletion module 410 subtracts MAC DA, MAC SA, length or frame type (2byte) and enters the corresponding receiving buffer, otherwise, discards it;

the downlink network interface module 401 detects the sending buffer of the port, and if there is a packet, obtains the ethernet MAC DA of the corresponding terminal according to the video networking destination address DA of the packet, adds the ethernet MAC DA of the terminal, the MAC SA of the ethernet coordination gateway, and the ethernet length or frame type, and sends the packet.

The other modules in the ethernet protocol gateway function similarly to the access switch.

A terminal:

the system mainly comprises a network interface module, a service processing module and a CPU module; for example, the set-top box mainly comprises a network interface module, a video and audio coding and decoding engine module and a CPU module; the coding board mainly comprises a network interface module, a video and audio coding engine module and a CPU module; the memory mainly comprises a network interface module, a CPU module and a disk array module.

1.3 devices of the metropolitan area network part can be mainly classified into 2 types: node server, node exchanger, metropolitan area server. The node switch mainly comprises a network interface module, a switching engine module and a CPU module; the metropolitan area server mainly comprises a network interface module, a switching engine module and a CPU module.

2. Video networking packet definition

2.1 Access network packet definition

The data packet of the access network mainly comprises the following parts: destination Address (DA), Source Address (SA), reserved bytes, payload (pdu), CRC.

As shown in the following table, the data packet of the access network mainly includes the following parts:

DA

SA

Reserved

Payload

CRC

wherein:

the Destination Address (DA) is composed of 8 bytes (byte), the first byte represents the type of the data packet (such as various protocol packets, multicast data packets, unicast data packets, etc.), there are 256 possibilities at most, the second byte to the sixth byte are metropolitan area network addresses, and the seventh byte and the eighth byte are access network addresses;

the Source Address (SA) is also composed of 8 bytes (byte), defined as the same as the Destination Address (DA);

the reserved byte consists of 2 bytes;

the payload part has different lengths according to different types of data packets, and is 64 bytes if the data packet is a variety of protocol packets, and is 32+1024 or 1056 bytes if the data packet is a unicast data packet, of course, the length is not limited to the above 2 types;

the CRC consists of 4 bytes and is calculated in accordance with the standard ethernet CRC algorithm.

2.2 metropolitan area network packet definition

The topology of a metropolitan area network is a graph and there may be 2, or even more than 2, connections between two devices, i.e., there may be more than 2 connections between a node switch and a node server, a node switch and a node switch, and a node switch and a node server. However, the metro network address of the metro network device is unique, and in order to accurately describe the connection relationship between the metro network devices, parameters are introduced in the embodiment of the present invention: a label to uniquely describe a metropolitan area network device.

In this specification, the definition of the Label is similar to that of the Label of MPLS (Multi-Protocol Label Switch), and assuming that there are two connections between the device a and the device B, there are 2 labels for the packet from the device a to the device B, and 2 labels for the packet from the device B to the device a. The label is classified into an incoming label and an outgoing label, and assuming that the label (incoming label) of the packet entering the device a is 0x0000, the label (outgoing label) of the packet leaving the device a may become 0x 0001. The network access process of the metro network is a network access process under centralized control, that is, address allocation and label allocation of the metro network are both dominated by the metro server, and the node switch and the node server are both passively executed, which is different from label allocation of MPLS, and label allocation of MPLS is a result of mutual negotiation between the switch and the server.

As shown in the following table, the data packet of the metro network mainly includes the following parts:

DA

SA

Reserved

label (R)

Payload

CRC

Namely Destination Address (DA), Source Address (SA), Reserved byte (Reserved), tag, payload (pdu), CRC. The format of the tag may be defined by reference to the following: the tag is 32 bits with the upper 16 bits reserved and only the lower 16 bits used, and its position is between the reserved bytes and payload of the packet.

Based on the above characteristics of the video network, the embodiment of the invention is provided, and the data in the video conference is encrypted and decrypted according to the protocol of the video network, so that the security of the video conference is ensured.

Example one

The video conference data processing device provided by the embodiment of the invention is applied to the video network. The video network can comprise a video network conference terminal and a video network conference server, and is applied to the video network conference terminal, the video conference data processing device and the video network conference server in the video network-based video conference. The video conference data processing device is connected between the video networking conference terminal and the video networking conference server, can be in two-way communication with the video networking conference terminal and the video networking conference server respectively, and is used for encrypting uplink data from the video networking conference terminal to the video networking conference server.

Referring to fig. 5, a block diagram of a video conference data processing apparatus according to a first embodiment of the present invention is shown. The video conference data processing device of the embodiment of the invention can comprise the following modules: a terminal internet access 501, a server internet access 502, a first receiving module 503, a first obtaining module 504, an encrypting module 505 and a first sending module 506. This will be described in detail below.

And the terminal port 501 is used for connecting the video networking conference terminal.

The video conference data processing apparatus of this embodiment is connected to the video networking conference terminal through the terminal portal 501, thereby implementing data interaction with the video networking conference terminal. In a specific implementation, the terminal port 501 may be an RJ45 port. The video networking conference terminal can be a set-top box and other devices.

And the server network port 502 is used for connecting the video network conference server.

The video conference data processing apparatus of this embodiment is connected to the video networking conference server through the server portal 502, thereby implementing data interaction with the video networking conference server. In a specific implementation, the server port 502 may be an RJ45 port.

The first receiving module 503 is configured to receive, through the terminal port, an uplink data packet sent by the video networking conference terminal, and determine whether the uplink data packet needs to be encrypted.

The first receiving module 503 may be connected to the terminal portal 501, that is, the terminal portal 501 is connected in series between the video conference terminal and the first receiving module 503, so that the video conference terminal and the first receiving module 503 may perform data interaction through the terminal portal 501. The uplink data packet sent by the video networking conference terminal is a data packet based on a video networking protocol, so that the video networking conference terminal sends the uplink data packet to the terminal gateway 501 through the video networking protocol, and then sends the uplink data packet to the first receiving module 503 through the terminal gateway 501.

In the embodiment of the present invention, the uplink data packet sent by the video networking conference terminal is not encrypted blindly, but it may be determined whether the uplink data packet needs to be encrypted first, and the uplink data packet that needs to be encrypted is encrypted by the encryption module 505. Therefore, after receiving the uplink data packet, the first receiving module 503 may further determine whether the uplink data packet needs to be encrypted.

In a preferred embodiment, in consideration of a specific application scenario of the video conference, the uplink data packet sent by the video conference terminal is not necessarily acquired audio/video data, and may also be instruction data, such as various instruction data sent by the video conference terminal when joining the video conference. In practical application, the instruction data may not need to be encrypted, and the data which needs to be encrypted to improve the security may be only audio/video data. Accordingly, the first receiving module 503 may include: a first judging unit, configured to judge a data type in the uplink data packet; a first determining unit, configured to determine that the uplink data packet needs to be encrypted if the data type is audio data or video data (that is, audio data or video data). The first determining unit and the first determining unit may implement a process of determining whether the uplink data packet needs to be encrypted in the first receiving module 503.

In a preferred embodiment, in an uplink data packet sent by the video networking conference terminal, the data type of the uplink data packet may be stored in a set byte, where the data type may include instruction data, audio data, and video data, for example, the information of the set byte is 0, which may indicate that the data type is instruction data; the information of the set byte is 1, which can indicate that the data type is instruction audio data; the information of the set byte is 2, which may indicate that the data type is command video data. Therefore, the first determining unit is specifically configured to read information of bytes used for storing the data type in the uplink data packet, and determine the data type in the uplink data packet according to the information.

A first obtaining module 504, configured to obtain a primary key corresponding to the uplink data packet if the uplink data packet needs to be encrypted.

If the first receiving module 503 determines that the uplink data packet needs to be encrypted, the uplink data packet may be encrypted. In the embodiment of the invention, the uplink data packet can be encrypted by the primary key and the secondary key.

The first obtaining module 504 may be connected to the first receiving module 503, and may obtain the uplink data packet received by the first receiving module 503. If the first receiving module 503 determines that the uplink data packet needs to be encrypted, the first obtaining module 504 obtains a primary key corresponding to the uplink data packet.

In a preferred embodiment, the configuration information may be preset, and a primary key corresponding to each video network conference terminal that has access to the video network conference is set for each video network conference terminal. Therefore, the configuration information may include the identifiers of the respective video networking conference terminals that have accessed the video networking conference and the corresponding primary keys. The processing device of the embodiment of the invention can also comprise a serial port module for inputting preset configuration information. Preferably, the serial port module may be an RS232 serial port, and the user may input preset configuration information into the memory of the processing apparatus through the RS232 serial port.

Correspondingly, the first obtaining module 504 includes: the first acquisition unit is used for acquiring the video networking conference terminal identification carried in the uplink data packet; and the first query unit is used for searching a primary key corresponding to the video networking conference terminal identifier from preset configuration information. When sending the uplink data packet, the video networking conference terminal carries the relevant information of the video networking conference terminal itself in the uplink data packet, such as information of the video networking conference terminal identification, name and the like.

And an encryption module 505, configured to generate a secondary key corresponding to the uplink data packet, and encrypt the uplink data packet by using the primary key and the secondary key.

The encryption module 505 may be connected to the first obtaining module 504, and may obtain the first key obtained in the first obtaining module 504. The encryption module may be further connected to the first receiving module 503, and may obtain the uplink data packet received by the first receiving module 503.

The encryption module 505 generates a secondary key corresponding to the uplink data packet received this time. Preferably, the encryption module 505 may randomly generate a secondary key corresponding to the uplink data packet. The encryption module 505 then encrypts the upstream data packet using the primary key and the secondary key.

In a preferred embodiment, the encryption module comprises: the first encryption unit is used for carrying out primary encryption on the uplink data packet by utilizing the secondary key; and the second encryption unit is used for carrying out secondary encryption on the uplink data packet after the primary encryption by using the primary key.

Preferably, a two-stage 3DES encryption technology is adopted, wherein a primary key (k1) is input from the outside through an RS232 serial port, and a secondary key (k2) is independently and randomly generated inside each encryption module. The uplink data packet is encrypted by using a secondary key (that is, the uplink data packet is subjected to primary encryption by using the secondary key), so that the secondary key needs to be transmitted in the network, and a receiving end of the uplink data packet can be correctly decrypted. However, it is possible to steal the secondary key when directly transmitting the secondary key in the network, so the primary key can be used to encrypt the secondary key (i.e. the primary key is used to perform secondary encryption on the uplink data packet after the primary encryption), and then the secondary key is transmitted in the network, and the primary key is input through the RS232 serial port and cannot be transmitted in the network. Therefore, the transmission safety of the uplink data packet can be further ensured, and the uplink data packet is prevented from being stolen. Referring to fig. 6, a schematic diagram of a data packet encryption principle according to a first embodiment of the present invention is shown. In fig. 6, Ek2 refers to the one-level 3DES encryption of upstream packets using k2, and Ek1(k2) refers to the two-level 3DES encryption of k2 using k 1.

Preferably, the audio and video data is transmitted in the form of a code stream, so that the video networking conference terminal transmits the uplink data packet in the form of a code stream. In order to ensure the security of code stream transmission, in the embodiment of the present invention, the encryption module may generate a random secondary key for each uplink data packet in the code stream, and encrypt the uplink data packet using the secondary key, where the secondary key may be added between 31byte (byte) and 38byte (byte) of the uplink data packet. Fig. 7 is a schematic diagram illustrating a principle of code stream encryption according to a first embodiment of the present invention. In fig. 7, k2(1) is the secondary key of the 1 st upstream packet, k2(n) is the secondary key of the nth upstream packet, Ek2(1) means that k2(1) is used to perform the primary 3DES encryption on the 1 st upstream packet, Ek1(k2(1)) means that k1 is used to perform the secondary 3DES encryption on k2(1), Ek2(n) means that k2(n) is used to perform the primary 3DES encryption on the nth upstream packet, and Ek1(k2(n)) means that k1 is used to perform the secondary 3DES encryption on k2 (n).

A first sending module 506, configured to send the encrypted uplink data packet to the video networking conference server through the server network port.

The first sending module 506 is connected to the encryption module 505, and the encryption module 505 may send the encrypted uplink data packet to the first sending module 506. The first sending module 506 is further connected to the server portal 502, that is, the server portal 502 is connected in series between the first sending module 506 and the video conference server, so that the first sending module 506 and the video conference server can perform data interaction through the server portal 502. The encrypted uplink data packet is a data packet based on a video networking protocol, the first sending module 506 sends the encrypted uplink data packet to the server port 502 through the video networking protocol, and then sends the encrypted uplink data packet to the video networking conference server through the server port 502.

It should be noted that the first sending module 506 may also be connected to the first receiving module 503. When the first receiving module 503 determines that the uplink data packet does not need to be encrypted, the uplink data packet may be sent to the first sending module 506, the first sending module 506 sends the uplink data packet to the server network interface 502 through the video networking protocol, and then sends the uplink data packet to the video networking conference server through the server network interface 502.

Through the mode, the transmission of the uplink data in the video conference is realized, namely the data transmission from the video networking conference terminal to the video networking conference server in the video conference is realized. By encrypting the data transmitted in the video conference, even if the data is intercepted by lawbreakers, the conference content can not be revealed, thereby ensuring the safety of the video conference.

Example two

The video conference data processing device provided by the embodiment of the invention can be applied to video networking. The video network can comprise a video network conference terminal and a video network conference server, and is applied to the video network conference terminal, the video conference data processing device and the video network conference server in the video network-based video conference. The video conference data processing device is connected between the video networking conference terminal and the video networking conference server, can be in two-way communication with the video networking conference terminal and the video networking conference server respectively, and is used for decrypting downlink data from the video networking conference server to the video networking conference terminal.

Referring to fig. 8, a block diagram of a video conference data processing apparatus according to a second embodiment of the present invention is shown. The video conference data processing device of the embodiment of the invention can comprise the following modules: a terminal port 801, a server port 802, a second receiving module 803, a second obtaining module 804, a decrypting module 805, and a second sending module 806. This will be described in detail below.

And the terminal network port 801 is used for connecting the video networking conference terminal.

The video conference data processing device of the embodiment is connected with the video network conference through the terminal internet access 801, so that data interaction with the video network conference terminal is realized. In a specific implementation, the terminal port 801 may be an RJ45 port.

And a server port 802 for connecting the video network conference server.

The video conference data processing apparatus of this embodiment is connected to the video networking conference server through the server portal 802, thereby realizing data interaction with the video networking conference server. In a specific implementation, the server port 802 may be an RJ45 port.

A second receiving module 803, configured to receive, through the server network port, a downlink data packet sent by the video networking conference server, and determine whether the downlink data packet needs to be decrypted.

The second receiving module 803 may be connected to the server portal 802, that is, the server portal 802 is connected in series between the video conference server and the second receiving module 803, so that the video conference server and the second receiving module 803 may perform data interaction through the server portal 802. The downlink data packet sent by the video networking conference server is a data packet based on a video networking protocol, so that the video networking conference server sends the downlink data packet to the server port 802 through the video networking protocol, and then sends the downlink data packet to the second receiving module 803 through the server port 802.

In the embodiment of the present invention, the downlink data packet sent by the video networking conference server is not decrypted blindly, but it may be determined whether the downlink data packet needs to be decrypted first, and the decryption module 805 is then used to decrypt the downlink data packet that needs to be decrypted. Therefore, after receiving the downlink data packet, the second receiving module 803 may further determine whether the downlink data packet needs to be decrypted.

In a preferred embodiment, the second receiving module 803 may include: a second judging unit, configured to judge whether the downlink data packet is an encrypted data packet; a second determining unit, configured to determine that the downlink data packet needs to be decrypted if the downlink data packet is an encrypted data packet. The second determining unit and the second determining unit may implement a process of determining whether the downlink data packet needs to be decrypted in the second receiving module 803.

A second obtaining module 804, configured to obtain a first-level key corresponding to the downlink data packet if the downlink data packet needs to be decrypted.

If the second receiving module 803 determines that the downlink data packet needs to be decrypted, the downlink data packet may be decrypted. In this embodiment of the present invention, the second obtaining module 804 may be connected to the second receiving module 803, and may obtain the downlink data packet received by the second receiving module 803. If the second receiving module 803 determines that the downlink data packet needs to be decrypted, the second obtaining module 804 obtains a primary key corresponding to the downlink data packet.

In a preferred embodiment, as described in the above embodiment, the configuration information may be preset, and specific reference may be made to the description of the first embodiment. The processing apparatus of the embodiment of the present invention may further include: the serial port module is used for inputting preset configuration information. Correspondingly, the second obtaining module 804 includes: a second obtaining unit, configured to obtain a video networking conference terminal identifier carried in the downlink data packet; and the first query unit is used for searching a primary key corresponding to the video networking conference terminal identifier from preset configuration information. The downlink data packet sent by the video networking conference server can carry relevant information of the video networking conference terminal (the video networking conference terminal is the corresponding video networking conference terminal when the corresponding data packet is encrypted), such as information of a video networking conference terminal identifier, a video networking conference terminal name and the like.

The decryption module 805 is configured to obtain a secondary key corresponding to the downlink data packet, and decrypt the downlink data packet by using the primary key and the secondary key.

The decryption module 805 may be connected to the second obtaining module 804, and may obtain the first key obtained by the second obtaining module 804. The decryption module may also be connected to the second receiving module 803, and may obtain the downlink data packet received by the second receiving module 803.

In a preferred embodiment, the decryption module comprises: the first decryption unit is used for performing primary decryption on the downlink data packet by using the primary key to obtain a secondary key; and the second decryption unit is used for performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key.

Preferably, corresponding to the encryption process in the first embodiment, during decryption, the first-level key is used to decrypt to obtain the second-level key, and then the second-level key is used to decrypt the downlink data packet, so as to achieve the purpose of safely and effectively transmitting the audio/video stream. Fig. 9 is a schematic diagram illustrating a packet decryption principle according to a second embodiment of the present invention. In fig. 9, Dk1(Ek1(k2)) means that k1 is used to perform primary 3DES decryption on downstream packets after Ek1(k2), and Dk2 means that k2 is used to perform secondary 3DES decryption on downstream packets after Ek 2.

Preferably, corresponding to the first embodiment, a mode of encrypting each uplink data packet in the code stream by using a corresponding secondary key is adopted, when decrypting, the secondary key corresponding to the downlink data packet is respectively decrypted from each downlink data packet, and the downlink data packet is decrypted by using the secondary key. Fig. 10 is a schematic diagram illustrating a principle of decryption of a code stream according to a second embodiment of the present invention. In fig. 10, k2(1) is the secondary key of the 1 st downlink packet, k2(n) is the secondary key of the nth downlink packet, Dk1(Ek1(k2(1))) refers to performing primary 3DES decryption on the downlink packets after Ek1(k2(1)) by using k1, Dk2(1) refers to performing secondary 3DES decryption on the downlink packets after Ek2(1) by using k2(1), Dk1(Ek1(k2(n))) refers to performing primary 3DES decryption on the downlink packets after Ek1(k2(n)) by using k1, and Dk2(n) refers to performing secondary 3DES decryption on the downlink packets after Ek2(n) by using k2 (n).

A second sending module 806, configured to send the decrypted downlink data packet to the video networking conference terminal through the terminal internet access.

The second sending module 806 may be connected to the decryption module 805, and the decryption module 805 may send the decrypted downlink data packet to the second sending module 806. The second sending module 806 is further connected to the terminal port 801, that is, the terminal port 801 is connected in series between the second sending module 806 and the video networking conference terminal, so that the second sending module 806 and the video networking conference terminal can perform data interaction through the terminal port 801. The decrypted downlink data packet is a data packet based on the video networking protocol, so the second sending module 806 sends the decrypted downlink data packet to the terminal port 801 through the video networking protocol, and then sends the decrypted downlink data packet to the video networking conference terminal through the terminal port 801.

It should be noted that the second sending module 806 may also be connected to the second receiving module 803. When the second receiving module 803 determines that the downlink data packet does not need to be decrypted, the downlink data packet may be sent to the second sending module 806, and the second sending module 806 sends the downlink data packet to the terminal port 801 through the video networking protocol, and then sends the downlink data packet to the video networking conference terminal through the terminal port 801.

By the method, the transmission of downlink data in the video conference is realized, namely the data transmission from the video networking conference server to the video networking conference terminal in the video conference is realized.

EXAMPLE III

Referring to fig. 11, a block diagram of a video conference data processing apparatus according to a third embodiment of the present invention is shown. The device is applied to the video network. The video conference data processing apparatus may include the following modules:

a terminal port 1101 for connecting the video network conference terminal;

a server portal 1102 for connecting the video networking conference server;

a first receiving module 1103, configured to receive, through the terminal internet access, an uplink data packet sent by the video networking conference terminal, and determine whether the uplink data packet needs to be encrypted;

a first obtaining module 1104, configured to obtain a primary key corresponding to the uplink data packet if the uplink data packet needs to be encrypted;

an encryption module 1105, configured to generate a secondary key corresponding to the uplink data packet, and encrypt the uplink data packet by using the primary key and the secondary key;

a first sending module 1106, configured to send the encrypted uplink data packet to the video networking conference server through the server network port;

a second receiving module 1107, configured to receive, through the server network port, a downlink data packet sent by the video networking conference server, and determine whether the downlink data packet needs to be decrypted;

a second obtaining module 1108, configured to obtain a primary key corresponding to the downlink data packet if the downlink data packet needs to be decrypted;

a decryption module 1109, configured to obtain a secondary key corresponding to the downlink data packet, and decrypt the downlink data packet by using the primary key and the secondary key;

the second sending module 1110 is configured to send the decrypted downlink data packet to the video networking conference terminal through the terminal internet access.

Preferably, the first receiving module includes: a first judging unit, configured to judge a data type in the uplink data packet; a first determining unit, configured to determine that the uplink data packet needs to be encrypted if the data type is audio data or video data.

Preferably, the first determining unit is specifically configured to read information of bytes used for storing the data type in the uplink data packet, and determine the data type in the uplink data packet according to the information.

Preferably, the apparatus further comprises: and the serial port module is used for inputting preset configuration information, and the configuration information comprises the identifications of all video networking conference terminals accessed to the video networking conference and the corresponding first-level keys.

Preferably, the first obtaining module includes: the first acquisition unit is used for acquiring the video networking conference terminal identification carried in the uplink data packet; and the first query unit is used for searching the primary key corresponding to the video networking conference terminal identifier from the configuration information.

Preferably, the encryption module includes: the first encryption unit is used for carrying out primary encryption on the uplink data packet by using the secondary key; and the second encryption unit is used for carrying out secondary encryption on the uplink data packet after the primary encryption by using the primary key.

Preferably, the second receiving module comprises: a second judging unit, configured to judge whether the downlink data packet is an encrypted data packet; a second determining unit, configured to determine that the downlink data packet needs to be decrypted if the downlink data packet is an encrypted data packet.

Preferably, the second obtaining module includes: a second obtaining unit, configured to obtain a video networking conference terminal identifier carried in the downlink data packet; and the first query unit is used for searching the primary key corresponding to the video networking conference terminal identifier from the configuration information.

Preferably, the first decryption unit is configured to perform primary decryption on the downlink data packet by using the primary key to obtain the secondary key; and the second decryption unit is used for performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key.

For the specific introduction of each module and unit, reference may be made to the related description of the first embodiment and the second embodiment, and the embodiments of the present invention are not discussed in detail herein.

The video conference processing device can be applied to an encryption and decryption machine. The encryption and decryption machine may include:

FPGA (Field-Programmable Gate Array) chip: the FPGA chip can store and execute designed logic functions. The power supply interface can be used as a power supply interface of a system with 5V voltage, and the on-off of the system power supply is not controlled by a power switch under the use method. The FPGA chip may include the first receiving module 1103, the first obtaining module 1104, the encrypting module 1105, the first sending module 1106, the second receiving module 1107, the second obtaining module 1108, the decrypting module 1109, and the second sending module 1110.

An RS232 serial port: the encryption and decryption machine can be configured with a primary key. The method can be used for system debugging, the serial port communication baud rate is 19200, the data bit is 8, the stop bit is 1, and no check bit exists.

Dual network related modules: the related modules include two standard RJ45 ports, one RJ45 port being a terminal port and the other RJ45 port being a server port. The terminal network port is an output stream encryption port of the terminal equipment, is connected with the video networking conference terminal, and encrypts a data packet entering the terminal network port by an encryption and decryption opportunity. The server network port is a server network incoming stream decryption port and is connected with the video networking conference server, and the encryption and decryption opportunity decrypts the data packet flowing into the server network port. The related module also comprises two DM9000APE chips (physical layer chips) which are respectively connected with two RJ45 network ports, and the RJ45 network port is interacted with the FPGA chip through the DM9000APE chip.

An AS download interface: the AS mode downloads a program interface, a program in the AS mode is downloaded into a configuration device EPCS (Erasable programmable serial memory) of the FPGA chip to be stored, and the FPGA chip device is used AS a controller to actively send a data reading signal from the configuration device EPCS when being electrified every time, so that data of the EPCS is read into the FPGA chip, and programming of the FPGA chip is realized.

JTAG download interface: and (3) downloading a program interface in a JTAG mode, wherein the program interface is directly burned into an FPGA chip in the JTAG mode, the storage mode is SRAM storage, and the program is lost after power failure and needs to be downloaded again.

SDRAM (Synchronous Dynamic Random Access Memory): and the FPGA storage device is used for storing relevant data of the FPGA.

Referring to fig. 12, a schematic diagram of a videoconference data processing procedure according to a third embodiment of the present invention is shown. The video conference mainly relates to a video networking conference server, a set top box and an encryption and decryption machine, wherein the encryption and decryption machine can comprise FPGA encryption and FPGA decryption, is connected with an RS232 serial port, and inputs configuration information through the RS232 serial port. The encryption and decryption machine has a data flow bidirectional real-time encryption and decryption function. During uplink transmission, the set-top box encodes the data information and transmits the encoded data information to the encryption and decryption machine in the form of uplink data packets through the terminal internet access, and the encryption and decryption machine encrypts the received uplink data packets and transmits the encrypted data packets to the video networking conference server through the server internet access. During downlink transmission, the video networking conference server sends the encrypted downlink data packet to the encryption and decryption machine through the server network port, and the encrypted downlink data packet can be decrypted by the encryption and decryption machine and then sent to the set top box through the terminal network port.

The encryption and decryption machine can encrypt and decrypt video networking audio and video communication services in real time, so that video networking data packets can be encrypted and transmitted, the data security of the video networking is facilitated, and the information security of users can be guaranteed.

Example four

Referring to fig. 13, a block diagram of a video conference data processing method according to a fourth embodiment of the present invention is shown. The method can be applied to video networking. The method may comprise the steps of:

step 1301, receiving an uplink data packet sent by the video networking conference terminal through the terminal internet access, and judging whether the uplink data packet needs to be encrypted;

step 1302, if the uplink data packet needs to be encrypted, obtaining a primary key corresponding to the uplink data packet;

step 1303, generating a secondary key corresponding to the uplink data packet, and encrypting the uplink data packet by using the primary key and the secondary key;

and 1304, sending the encrypted uplink data packet to the video networking conference server through the server network port.

Preferably, step 1301 may include: judging the data type in the uplink data packet; and if the data type is audio data or video data, determining that the uplink data packet needs to be encrypted.

Preferably, the determining the data type in the uplink data packet may specifically include: and reading information of bytes used for storing the data types in the uplink data packet, and determining the data types in the uplink data packet according to the information.

Preferably, the method further comprises: and acquiring input preset configuration information, wherein the configuration information comprises identifiers of all video networking conference terminals accessed to the video networking conference and corresponding primary keys. Step 1402 may include: acquiring a video networking conference terminal identifier carried in the uplink data packet; and searching a primary key corresponding to the video networking conference terminal identification from the configuration information.

Preferably, step 1303 may include: performing primary encryption on the uplink data packet by using a secondary key; and performing secondary encryption on the uplink data packet after the primary encryption by using the primary key.

By encrypting the data transmitted in the video conference, the conference content can not be revealed even if the data is intercepted by lawless persons, thereby ensuring the safety of the video conference.

EXAMPLE five

Referring to fig. 14, a block diagram of a video conference data processing method according to a fifth embodiment of the present invention is shown. The method can be applied to video networking. The method may comprise the steps of:

1401, receiving a downlink data packet sent by the video networking conference server through the server network port, and judging whether the downlink data packet needs to be decrypted;

step 1402, if the downlink data packet needs to be decrypted, obtaining a primary key corresponding to the downlink data packet;

step 1403, obtaining a secondary key corresponding to the downlink data packet, and decrypting the downlink data packet by using the primary key and the secondary key;

and 1404, sending the decrypted downlink data packet to the video networking conference terminal through the terminal internet access.

Preferably, step 1401 may comprise: judging whether the downlink data packet is an encrypted data packet or not; and if the downlink data packet is the encrypted data packet, determining that the downlink data packet needs to be decrypted.

Preferably, the method further comprises: and acquiring input preset configuration information, wherein the configuration information comprises identifiers of all video networking conference terminals accessed to the video networking conference and corresponding primary keys. Step 1502 may include: acquiring a video networking conference terminal identifier carried in the downlink data packet; and searching a primary key corresponding to the video networking conference terminal identification from the configuration information.

Preferably, step 1403 may include: performing primary decryption on the downlink data packet by using the primary key to obtain a secondary key; and performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key.

By the method, the safe transmission of the downlink data in the video conference is realized, namely the data transmission from the video networking conference server to the video networking conference terminal in the video conference is realized.

EXAMPLE six

Referring to fig. 15, a block diagram of a video conference data processing method according to a sixth embodiment of the present invention is shown. The method can be applied to video networking. The method may comprise the steps of:

step 1501, receiving an uplink data packet sent by the video networking conference terminal through the terminal internet access, and judging whether the uplink data packet needs to be encrypted;

step 1502, if the uplink data packet needs to be encrypted, acquiring a primary key corresponding to the uplink data packet;

1503, generating a secondary key corresponding to the uplink data packet, and encrypting the uplink data packet by using the primary key and the secondary key;

step 1504, sending the encrypted uplink data packet to the video networking conference server through the server network port;

step 1505, receiving the downlink data packet sent by the video networking conference server through the server network port, and judging whether the downlink data packet needs to be decrypted;

step 1506, if the downlink data packet needs to be decrypted, a primary key corresponding to the downlink data packet is obtained;

step 1507, a secondary key corresponding to the downlink data packet is obtained, and the downlink data packet is decrypted by using the primary key and the secondary key;

step 1508, sending the decrypted downlink data packet to the video networking conference terminal through the terminal port.

The embodiment of the invention can encrypt and decrypt the video networking audio and video communication service, so that the video networking data packet can be encrypted and transmitted, the data security of the video networking is facilitated, and the information security of a user can be ensured.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

As for the method embodiment, since it is basically similar to the apparatus embodiment, the description is simple, and the relevant points can be referred to the partial description of the apparatus embodiment.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.

The video conference data processing method and the video conference data processing apparatus provided by the present invention are introduced in detail, and a specific example is applied in the text to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (9)

1. A video conference data processing device is applied to a video network, wherein the video network comprises a video network conference terminal and a video network conference server, and the device comprises:

the terminal network port is used for connecting the video networking conference terminal;

the server network port is used for connecting the video networking conference server;

the first receiving module is used for receiving an uplink data packet sent by the video networking conference terminal through the terminal internet access and judging whether the uplink data packet needs to be encrypted or not;

the first obtaining module is used for obtaining a primary key corresponding to the uplink data packet if the uplink data packet needs to be encrypted;

the encryption module is used for generating a secondary key corresponding to the uplink data packet and encrypting the uplink data packet by using the primary key and the secondary key;

the first sending module is used for sending the encrypted uplink data packet to the video networking conference server through the server network port;

the encryption module includes: the first encryption unit is used for carrying out primary encryption on the uplink data packet by using the secondary key; the second encryption unit is used for carrying out secondary encryption on the uplink data packet after the primary encryption by using the primary key;

the first receiving module includes:

a first judging unit, configured to judge a data type in the uplink data packet;

a first determining unit, configured to determine that the uplink data packet does not need to be encrypted if the data type is instruction data; and if the data type is audio data or video data, determining that the uplink data packet needs to be encrypted.

2. The apparatus of claim 1,

the first determining unit is specifically configured to read information of bytes used for storing the data type in the uplink data packet, and determine the data type in the uplink data packet according to the information.

3. The apparatus of claim 1,

the device further comprises: the serial port module is used for inputting preset configuration information, and the configuration information comprises identifiers of all video networking conference terminals accessed to the video networking conference and corresponding first-level keys;

the first obtaining module comprises:

the first acquisition unit is used for acquiring the video networking conference terminal identification carried in the uplink data packet;

and the first query unit is used for searching the primary key corresponding to the video networking conference terminal identifier from the configuration information.

4. A video conference data processing device is applied to a video network, wherein the video network comprises a video network conference terminal and a video network conference server, and the device comprises:

the terminal network port is used for connecting the video networking conference terminal;

the server network port is used for connecting the video networking conference server;

the second receiving module is used for receiving the downlink data packet sent by the video networking conference server through the server network port and judging whether the downlink data packet needs to be decrypted or not;

a second obtaining module, configured to obtain a primary key corresponding to the downlink data packet if the downlink data packet needs to be decrypted;

the decryption module is used for acquiring a secondary key corresponding to the downlink data packet and decrypting the downlink data packet by using the primary key and the secondary key;

the second sending module is used for sending the decrypted downlink data packet to the video networking conference terminal through the terminal internet access;

the decryption module includes: the first decryption unit is used for performing primary decryption on the downlink data packet by using the primary key to obtain a secondary key; the second decryption unit is used for performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key;

the second receiving module includes:

a second judging unit, configured to judge whether the downlink data packet is an encrypted data packet;

a second determining unit, configured to determine that the downlink data packet does not need to be decrypted if the data type is instruction data; and if the downlink data packet is the encrypted data packet, determining that the downlink data packet needs to be decrypted.

5. The apparatus of claim 4,

the device further comprises: the serial port module is used for inputting preset configuration information, and the configuration information comprises identifiers of all connected video networking conference terminals and corresponding primary keys;

the second acquisition module includes:

a second obtaining unit, configured to obtain a video networking conference terminal identifier carried in the downlink data packet;

and the first query unit is used for searching the primary key corresponding to the video networking conference terminal identifier from the configuration information.

6. A video conference data processing device is applied to a video network, wherein the video network comprises a video network conference terminal and a video network conference server, and the device comprises:

the terminal network port is used for connecting the video networking conference terminal;

the server network port is used for connecting the video networking conference server;

the first receiving module is used for receiving an uplink data packet sent by the video network conference terminal through the terminal internet access and judging whether the uplink data packet needs to be encrypted or not;

the first obtaining module is used for obtaining a primary key corresponding to the uplink data packet if the uplink data packet needs to be encrypted;

the encryption module is used for generating a secondary key corresponding to the uplink data packet and encrypting the uplink data packet by using the primary key and the secondary key; the encryption module includes: the first encryption unit is used for carrying out primary encryption on the uplink data packet by using the secondary key; the second encryption unit is used for carrying out secondary encryption on the uplink data packet after the primary encryption by using the primary key;

the first sending module is used for sending the encrypted uplink data packet to the video networking conference server through the server network port;

the second receiving module is used for receiving the downlink data packet sent by the video networking conference server through the server network port and judging whether the downlink data packet needs to be decrypted or not;

a second obtaining module, configured to obtain a primary key corresponding to the downlink data packet if the downlink data packet needs to be decrypted;

the decryption module is used for acquiring a secondary key corresponding to the downlink data packet and decrypting the downlink data packet by using the primary key and the secondary key; the decryption module includes: the first decryption unit is used for performing primary decryption on the downlink data packet by using the primary key to obtain a secondary key; the second decryption unit is used for performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key;

the second sending module is used for sending the decrypted downlink data packet to the video networking conference terminal through the terminal internet access;

the first receiving module includes:

a first judging unit, configured to judge a data type in the uplink data packet;

a first determining unit, configured to determine that the uplink data packet does not need to be encrypted if the data type is instruction data; and if the data type is audio data or video data, determining that the uplink data packet needs to be encrypted.

7. A video conference data processing method is applied to a video network, the video network comprises a video network conference terminal and a video network conference server, the video network conference terminal is connected with a terminal network port, the video network conference server is connected with a server network port, and the method comprises the following steps:

receiving an uplink data packet sent by the video networking conference terminal through the terminal network port, and judging whether the uplink data packet needs to be encrypted, wherein the method comprises the following steps: judging the data type in the uplink data packet, and if the data type is instruction data, determining that the uplink data packet does not need to be encrypted; if the data type is audio data or video data, determining that the uplink data packet needs to be encrypted;

if the uplink data packet needs to be encrypted, acquiring a primary key corresponding to the uplink data packet;

generating a secondary key corresponding to the uplink data packet, and encrypting the uplink data packet by using the primary key and the secondary key; the encryption comprises the steps of carrying out primary encryption on the uplink data packet by using the secondary key, and carrying out secondary encryption on the uplink data packet after the primary encryption by using the primary key;

and sending the encrypted uplink data packet to the video networking conference server through the server network port.

8. A video conference data processing method is applied to a video network, the video network comprises a video network conference terminal and a video network conference server, the video network conference terminal is connected with a terminal network port, the video network conference server is connected with a server network port, and the method comprises the following steps:

receiving the downlink data packet sent by the video networking conference server through the server network port, and judging whether the downlink data packet needs to be decrypted or not, including: judging whether the downlink data packet is an encrypted data packet or not, and if the data type is instruction data, determining that the downlink data packet does not need to be decrypted; if the downlink data packet is an encrypted data packet, determining that the downlink data packet needs to be decrypted;

if the downlink data packet needs to be decrypted, a primary key corresponding to the downlink data packet is obtained;

acquiring a secondary key corresponding to the downlink data packet, and decrypting the downlink data packet by using the primary key and the secondary key; the decryption includes: performing primary decryption on the downlink data packet by using the primary key to obtain a secondary key; performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key;

and sending the decrypted downlink data packet to the video networking conference terminal through the terminal network port.

9. A video conference data processing method is applied to a video network, the video network comprises a video network conference terminal and a video network conference server, the video network conference terminal is connected with a terminal network port, the video network conference server is connected with a server network port, and the method comprises the following steps:

receiving an uplink data packet sent by the video networking conference terminal through the terminal internet access, and judging whether the uplink data packet needs to be encrypted or not, wherein the judgment comprises the judgment of a data type in the uplink data packet, and if the data type is instruction data, determining that the uplink data packet does not need to be encrypted; if the data type is audio data or video data, determining that the uplink data packet needs to be encrypted;

if the uplink data packet needs to be encrypted, acquiring a primary key corresponding to the uplink data packet;

generating a secondary key corresponding to the uplink data packet, and encrypting the uplink data packet by using the primary key and the secondary key; the encryption comprises the steps of carrying out primary encryption on the uplink data packet by using the secondary key, and carrying out secondary encryption on the uplink data packet after the primary encryption by using the primary key;

sending the encrypted uplink data packet to the video networking conference server through the server network port;

receiving a downlink data packet sent by the video networking conference server through the server network port, and judging whether the downlink data packet needs to be decrypted or not;

if the downlink data packet needs to be decrypted, a primary key corresponding to the downlink data packet is obtained;

acquiring a secondary key corresponding to the downlink data packet, and decrypting the downlink data packet by using the primary key and the secondary key; the decryption includes: performing primary decryption on the downlink data packet by using the primary key to obtain a secondary key; performing secondary decryption on the downlink data packet after the primary decryption by using the secondary key;

and sending the decrypted downlink data packet to the video networking conference terminal through the terminal network port.

Images