CN112953963B - System and method for encrypting media stream content - Google Patents
System and method for encrypting media stream content Download PDFInfo
- Publication number
- CN112953963B CN112953963B CN202110276439.7A CN202110276439A CN112953963B CN 112953963 B CN112953963 B CN 112953963B CN 202110276439 A CN202110276439 A CN 202110276439A CN 112953963 B CN112953963 B CN 112953963B
- Authority
- CN
- China
- Prior art keywords
- media packet
- client
- service module
- media
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
- H04L65/65—Network streaming protocols, e.g. real-time transport protocol [RTP] or real-time control protocol [RTCP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a media stream content encryption processing system and an encryption processing method, wherein the media stream content encryption processing system comprises: RTP local side server, customer end, server side coding and decoding service module, customer end coding and decoding service module; the server side coding and decoding service module is integrated in an RTP local side server; the client side coding and decoding service module is integrated at the client side; RTP local server receives media packet and transmits operation; the server side coding and decoding service module carries out decryption and secondary encryption operation on the media packet received from the client side; the client side coding and decoding service module conducts primary encryption operation on the sent original media packet, and the client side coding and decoding service module conducts decryption operation on the media packet after secondary encryption. The media of the media stream content encryption processing system can encrypt the media packet data, thereby improving the security level of session communication and overcoming the technical defect that the media stream content is easy to leak.
Description
Technical Field
The invention relates to the technical field of network data communication, in particular to a media stream content encryption processing system and an encryption processing method.
Background
With the popularization of the internet and the application of multimedia technology to the internet, communication technology based on an IP network is very popular at present; many friends prefer to use a network chat facility for voice chat, where the voice is transmitted not over the traditional telephone network of the telecommunications carrier, but over the internet.
The technology for converting Voice into IP data packets, and part or all of which is based on IP network transmission, is VoIP (Voice over IP).
The basic principle of VoIP is to compress the voice data code by the voice compression algorithm, then pack the voice data according to TCP/IP standard, send the data packet to the receiving place through IP network, then concatenate the voice data packets, and recover the original voice signal after decompression processing, thereby achieving the purpose of transmitting voice through Internet. The VOIP technology is mainly divided into a signaling part and a media part, wherein the signaling part is responsible for establishing and releasing a call, and the media part is responsible for transmitting and exchanging voice information of the call. The IP multimedia core network system is composed of all core network functional entities capable of providing multimedia services, and comprises a collection of functional entities related to signaling and bearing.
Based on this, because the media streaming technology of VOIP is realized by the standard protocol, the media codec protocol mainly has G711A, G711U, G729, G723, etc. Because the protocol is a standard protocol, the security problem is involved, if a third party acquires an IP data packet of a media stream by a certain method, the communication content can be acquired by the packet, so that the communication data is leaked, an attacker can acquire the communication content, and a serious security problem occurs.
Specifically, fig. 1 shows a communication method commonly used by a client and a server at present. Wherein, RTP Real-time Transport Protocol; the RTP server is called RS for short, and the RTP local server is responsible for receiving and forwarding RTP media streams. The RTP client is called RC for short, and the client application is responsible for acquisition, transmission and reception of RTP media streams. In the communication mode adopted by the client and the server in fig. 1, the client and the server are widely transmitted by using a standard RTP codec protocol, which is very vulnerable to network attack and information leakage.
Disclosure of Invention
In view of the foregoing problems, an object of the embodiments of the present invention is to provide a system and a method for encrypting media stream content, so as to solve the technical deficiencies of low security and leakage of call content in the prior art.
According to another embodiment of the present invention, a system for encrypting and processing media stream content is provided, which includes an RTP local side server 100, a client 200, a server side codec service module 300, and a client side codec service module 400, wherein:
the server-side codec service module 300 is integrated in the RTP local-side server 100, and the client-side codec service module 400 is integrated in the client 200;
the RTP local server 100 is configured to perform operations on receiving media packets and forwarding;
the server-side codec service module 300 is configured to perform decryption and secondary encryption operations on the media packet received from the client 200;
the client codec service module 400 is configured to perform a primary encryption operation on a transmitted original media packet, and the client codec service module 400 is further configured to perform a decryption operation on the media packet after the secondary encryption.
Preferably, as one possible embodiment; the server-side codec service module 300 is specifically configured to decrypt the media packet received from the client 200 according to an RA algorithm; the server-side codec service module 300 is specifically configured to perform a secondary encryption operation according to an RA algorithm when performing a secondary encryption operation on the media packet received from the client 200.
Preferably, as one possible embodiment; the client codec service module 400 is specifically configured to perform a primary encryption operation according to an RA algorithm when performing a primary encryption operation on a transmitted original media packet; the client codec service module 400 is further configured to perform a decryption operation according to an RA algorithm when performing a decryption operation on the secondarily encrypted media packet.
According to an embodiment of the present invention, there is provided a media stream content encryption processing method, including the following operation steps:
one of the clients 200 is used as a calling party, and sends out-call processing of a media packet to the other client 200 used as a called party, which specifically comprises the following operation steps:
step S100: the client 200 of the calling party initiates an outbound call operation, and when the outbound call sends a media packet, the client codec service module 400 built in the client 200 of the calling party performs an encryption operation on the media packet according to an RA algorithm;
step S200: after the RTP local server 100 receives the encrypted media packet, the server side codec service module 300 built in the RTP local server 100 decrypts the media packet by using the RA algorithm, and then stores the decrypted media packet;
step S300: the RTP local server 100 determines the client 200 of the called party through addressing and authentication, and performs secondary encryption on the stored media packet according to an RA algorithm by using a server side codec service module 300 built in the RTP local server 100, and then sends the encrypted media packet to the client 200 of the called party;
step S400: after receiving the encrypted media packet, the client 200 of the called party decrypts the media packet according to the RA algorithm, and then performs subsequent communication processing on the decrypted media packet through an RTP standard codec protocol.
Preferably, as one possible embodiment; the media packet is specifically an RTP media packet.
Preferably, as one possible embodiment; in step S100, the client codec service module 400 built in the client 200 of the calling party performs an encryption operation on the media packet according to the RA algorithm, which specifically includes the following operation steps:
step S110: and adding 1 to each byte in the original media packet to be sent, performing negation operation on the processed byte, and writing back the processed byte to the media packet for sending.
Preferably, as one possible embodiment; in step S200, the server-side codec service module 300 built in the RTP local server 100 is used to perform RA algorithm decryption on the media packet, which specifically includes the following operation steps:
step S210: and performing negation operation on each data byte in the received media packet, performing 1 subtraction processing, and then rewriting the data byte subjected to 1 subtraction processing into the media packet to realize decryption processing operation on the media packet.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
the invention relates to a media stream content encryption processing system and an encryption processing method, wherein the encryption processing method comprises the following operations.
The client 200 of the calling party initiates an outbound call operation, and when the outbound call sends a media packet, a client codec service module 400 built in the client 200 of the calling party performs a primary encryption operation on the media packet according to an RA algorithm;
after the RTP local server 100 receives the encrypted media packet, the server side codec service module 300 built in the RTP local server 100 decrypts the media packet by using the RA algorithm, and then stores the decrypted media packet; the RTP local server 100 determines the client 200 of the called party through addressing and authentication, and performs secondary encryption on the stored media packet according to an RA algorithm by using a server side codec service module 300 built in the RTP local server 100, and then sends the encrypted media packet to the client 200 of the called party;
after receiving the encrypted media packet, the client 200 of the called party decrypts the media packet according to the RA algorithm, and then performs subsequent communication processing on the decrypted media packet through an RTP standard codec protocol.
The invention discloses a media stream content encryption processing system and an encryption processing method, which are media packet data encryption processing realized by using an RA algorithm and enhance the security of data transmission; the invention encrypts the media packet data, improves the security level of session communication and overcomes the technical defect that the content of the media stream is easy to leak.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope of the present invention, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic diagram illustrating a media streaming processing method in the prior art;
fig. 2 is a schematic structural diagram illustrating a media stream content encryption processing system according to a sixth embodiment of the present invention;
fig. 3 is a flowchart illustrating a method for encrypting media stream content according to a first embodiment of the present invention;
fig. 4 is a flowchart illustrating a method for encrypting media stream content according to a first embodiment of the present invention;
fig. 5 is a flowchart illustrating a method for encrypting media stream content according to a fifth embodiment of the present invention.
Reference numbers: an RTP central office server 100; a client 200; a server-side encoding and decoding service module 300; the client codec service module 400.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Example one
Fig. 2 is a schematic structural diagram illustrating a media stream content encryption processing system according to an embodiment of the present invention. The media stream content encryption processing system corresponds to the media stream content encryption processing method in the second embodiment of the present invention, and similarly, the media stream content encryption processing method in the second embodiment of the present invention is also applicable to the media stream content encryption processing system, and details thereof are not described herein again.
The embodiment of the present invention provides a media stream content encryption processing system, which includes an RTP local side server 100, a client 200, a server side codec service module 300, and a client codec service module 400, wherein:
the server-side codec service module 300 is integrated in the RTP local-side server 100, and the client-side codec service module 400 is integrated in the client 200;
the RTP local server 100 is configured to perform operations on receiving media packets and forwarding;
the server-side codec service module 300 is configured to perform decryption and secondary encryption operations on the media packet received from the client 200;
the client codec service module 400 is configured to perform a primary encryption operation on a transmitted original media packet, and the client codec service module 400 is further configured to perform a decryption operation on the media packet after the secondary encryption.
Preferably, as one possible embodiment; the server-side codec service module 300 is specifically configured to decrypt the media packet received from the client 200 according to an RA algorithm; the server-side codec service module 300 is specifically configured to perform a secondary encryption operation according to an RA algorithm when performing a secondary encryption operation on the media packet received from the client 200.
Preferably, as one possible embodiment; the client codec service module 400 is specifically configured to perform a primary encryption operation according to an RA algorithm when performing a primary encryption operation on a transmitted original media packet; the client codec service module 400 is further configured to perform a decryption operation according to an RA algorithm when performing a decryption operation on the secondarily encrypted media packet.
Example two
Fig. 2 is a schematic flowchart illustrating a media stream content encryption processing method according to a second embodiment of the present invention.
Based on the same technical principle, a second embodiment of the present invention provides a media stream content encryption processing method, including the following operation steps:
one of the clients 200 is used as a calling party, and sends out-call processing of a media packet to the other client 200 used as a called party, which specifically comprises the following operation steps:
step S100: the client 200 of the calling party initiates an outbound call operation, and when the outbound call sends a media packet, the client codec service module 400 built in the client 200 of the calling party performs an encryption operation on the media packet according to an RA algorithm;
step S200: after the RTP local server 100 receives the encrypted media packet, the server side codec service module 300 built in the RTP local server 100 decrypts the media packet by using the RA algorithm, and then stores the decrypted media packet;
step S300: the RTP local server 100 determines the client 200 of the called party through addressing and authentication, and performs secondary encryption on the stored media packet according to an RA algorithm by using a server side codec service module 300 built in the RTP local server 100, and then sends the encrypted media packet to the client 200 of the called party;
step S400: after receiving the encrypted media packet, the client 200 of the called party decrypts the media packet according to the RA algorithm, and then performs subsequent communication processing on the decrypted media packet through the RTP standard codec protocol.
Preferably, as one possible embodiment; the media packet is specifically an RTP media packet.
Referring to fig. 4, in step S100, the client codec service module 400 built in the client 200 of the calling party performs an encryption operation on the media packet according to the RA algorithm, which specifically includes the following operation steps:
step S110: and adding 1 to each byte in the original media packet to be sent, performing negation operation on the processed byte, and writing back the processed byte to the media packet for sending.
It should be noted that, in a specific technical solution, in the above encryption process: and adding 1 to each byte in the original media packet to be transmitted, negating the processed data byte, and writing back the data byte to the data packet for transmission.
Referring to fig. 5, in step S200, the server-side codec service module 300 built in the RTP local server 100 is used to perform RA algorithm decryption on the media packet, which specifically includes the following operation steps:
step S210: and performing negation operation on each data byte in the received media packet, performing minus 1 processing, and then rewriting the data byte subjected to minus 1 processing back to the media packet to realize decryption processing operation on the media packet.
It should be noted that, in a specific technical solution, in the above decryption process: and (4) negating the received original data packet by byte, performing 1 subtraction processing, and writing the processed bytes back to the data packet for back-end processing.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module or unit in each embodiment of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention or a part thereof which contributes to the prior art in essence can be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a smart phone, a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention.
Claims (1)
1. A media stream content encryption processing method is characterized in that one client serves as a calling party, and outbound processing of a media packet is sent to the other client serving as a called party, and the method specifically comprises the following operation steps:
step S100: the client of the calling party initiates an outbound calling operation, and when the outbound sends a media packet, a client coding and decoding service module built in the client of the calling party carries out encryption operation on the media packet according to an RA algorithm;
step S200: after receiving the encrypted media packet, the RTP local server decrypts the media packet by using the server side coding and decoding service module built in the RTP local server, and then stores the decrypted media packet;
step S300: the RTP local server determines the client of the called party through addressing and authentication, and sends the stored media packet to the client of the called party after carrying out secondary encryption on the stored media packet according to an RA algorithm by utilizing a server side coding and decoding service module built in the RTP local server;
step S400: after receiving the encrypted media packet, the client of the called party decrypts the media packet according to the RA algorithm, and then performs subsequent communication processing on the decrypted media packet through an RTP standard coding and decoding protocol.
The media packet is specifically an RTP media packet.
In step S100, a client codec service module built in the client of the calling party performs a primary encryption operation on the media packet according to an RA algorithm, and specifically includes the following operation steps:
step S110: and adding 1 to each byte in the original media packet to be sent, performing negation operation on the processed byte, and writing back the processed byte to the media packet for sending.
In step S200, a server side codec service module built in the RTP local side server is used to perform RA algorithm decryption on the media packet, which specifically includes the following operation steps:
step S210: and performing negation operation on each data byte in the received media packet, performing minus 1 processing, and then rewriting the data byte subjected to minus 1 processing back to the media packet to realize decryption processing operation on the media packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110276439.7A CN112953963B (en) | 2021-03-15 | 2021-03-15 | System and method for encrypting media stream content |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110276439.7A CN112953963B (en) | 2021-03-15 | 2021-03-15 | System and method for encrypting media stream content |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112953963A CN112953963A (en) | 2021-06-11 |
| CN112953963B true CN112953963B (en) | 2023-04-07 |
Family
ID=76229922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110276439.7A Active CN112953963B (en) | 2021-03-15 | 2021-03-15 | System and method for encrypting media stream content |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112953963B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683291A (en) * | 2013-11-27 | 2015-06-03 | 北京大唐高鸿数据网络技术有限公司 | IMS system based session key negotiating method |
| CN106549906A (en) * | 2015-09-17 | 2017-03-29 | 中兴通讯股份有限公司 | Realize method, terminal and the network side element of end-to-end call encryption |
| US10298387B1 (en) * | 2018-07-26 | 2019-05-21 | Wowza Media Systems, LLC | Media stream interception and simulcast |
| CN112118573A (en) * | 2019-06-21 | 2020-12-22 | 普天信息技术有限公司 | Voice encryption communication method and device between different systems of wide-band and narrow-band clusters |
-
2021
- 2021-03-15 CN CN202110276439.7A patent/CN112953963B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683291A (en) * | 2013-11-27 | 2015-06-03 | 北京大唐高鸿数据网络技术有限公司 | IMS system based session key negotiating method |
| CN106549906A (en) * | 2015-09-17 | 2017-03-29 | 中兴通讯股份有限公司 | Realize method, terminal and the network side element of end-to-end call encryption |
| US10298387B1 (en) * | 2018-07-26 | 2019-05-21 | Wowza Media Systems, LLC | Media stream interception and simulcast |
| CN112118573A (en) * | 2019-06-21 | 2020-12-22 | 普天信息技术有限公司 | Voice encryption communication method and device between different systems of wide-band and narrow-band clusters |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112953963A (en) | 2021-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20060010321A1 (en) | Network system, data transmission device, session monitor system and packet monitor transmission device | |
| US20020094081A1 (en) | System for securely communicating information packets | |
| CN113347215B (en) | Encryption method for mobile video conference | |
| CN102204303A (en) | Systems and methods for utilizing ims data security mechanisms in a circuit switched network | |
| US10630656B2 (en) | System and method of encrypted media encapsulation | |
| CN111884802B (en) | Media stream encryption transmission method, system, terminal and electronic equipment | |
| Jiang et al. | An efficient and secure VoIP communication system with chaotic mapping and message digest | |
| US7213143B1 (en) | Security over a network | |
| US8045457B1 (en) | Dropping packets to prevent unauthorized data transfer through multimedia tunnels | |
| JP2007318451A (en) | Voice communication terminal device, voice communication control method and voice communication terminal program | |
| CN106713308B (en) | Method and device for transmitting media stream in real time | |
| CN112953963B (en) | System and method for encrypting media stream content | |
| WO2017197968A1 (en) | Data transmission method and device | |
| KR101893829B1 (en) | A method for encrypting and decrypting a record file through data modulation | |
| JP2013017233A (en) | Signal watermarking in presence of encryption | |
| CN101494644B (en) | Transmission method for session initiation protocol message | |
| Pokharel et al. | Can Android VoIP voice conversations be decoded? I can eavesdrop on your Android VoIP communication | |
| WO2016111654A1 (en) | Encrypted-bypass webrtc-based voice and/or video communication method | |
| CN112953964B (en) | Voice signaling encryption processing system and encryption processing method | |
| TWI523461B (en) | Communication system and method | |
| Chiwtanasuntorn et al. | Perseus on VoIP: Development and implementation of VoIP platforms | |
| CN110890968B (en) | Instant messaging method, device, equipment and computer readable storage medium | |
| Ibam et al. | Crypto model of real-time audio streaming across paired mobile devices | |
| US20060036852A1 (en) | Byte-based data-processing device and the processing method thereof | |
| Brands et al. | Ephemeral Key Exchange for Peer-to-Peer Voice and Video Communication in Realtime via Real-time Transport Protocol (RTP) V1. 7 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |